Having business continuity and disaster recovery (BC/DR) plans, policies, and procedures are an essential aspect of information security. The ongoing COVID-19 pandemic has had a significant impact on “business as usual” for many organizations, forcing them to transition most or all of their workforce to remote work essentially creating a “new normal” for businesses and individuals everywhere. For organizations without a BC/DR plan in place that covered this contingency, this shift may have caught the company unprepared. With the uncertainty caused by this outbreak, managing a BC/DR strategy may be difficult, but essential.
With most employees teleworking, an organization experiences new cyber risks and network requirements. As the global health and economic situation evolves, these risks and challenges may change as well. Organizations must be very agile when addressing these new challenges and have strategies in place to modify processes and project plans in response.
Here are a few cybersecurity best practices for managing business continuity during this pandemic.
This new pandemic has exposed gaps in many organizations’ BC/DR strategies. Few organizations had the infrastructure and policies in place to support a sudden transition of their workforce to telework.
As the situation evolves and new policy and process gaps are exposed, it is essential to update the organization’s BC/DR strategies to reflect lessons learned and best practices derived from the experience. This outbreak provides organizations with an opportunity to evaluate the effectiveness and utility of policies already in place as well as update them to improve the future of the business.
Conduct or Update the Business Impact Analysis
A Business Impact Analysis (BIA) is designed to quantify the effects of a certain event upon business operations. It should include likely outcomes or consequences of the event and determine how these affect crucial business operations.
If an organization has not performed a BIA for an event like this outbreak, now is the time to do so. This analysis should include effects such as the increased number of VPN connections that an organization’s infrastructure must handle due to an increase in teleworkers and how operations could be affected due to supply chain delays.
Create Security-Oriented Contingency Strategies
A BIA determines the potential risks associated with an incident. Once these risks have been identified, the next step is development of contingency strategies for managing them.
Some of these strategies may require deployment of additional security solutions, such as firewalls and VPN endpoints. Others may include updating existing policies and procedures to cover new potential cases, such as the need for an incident response plan to handle a data breach for a remote worker.
Test Contingent Operations and Recovery Strategies
Once contingency and recovery strategies have been developed, they must be tested to ensure that they are effective at managing a particular risk or scenario. This testing may uncover oversights in the design of the strategy or find that a certain process is ineffective.
This testing can be performed in a number of different ways. An organization’s security team can perform tabletop simulations or perform a simulated engagement with real equipment. After a test is complete, all participants should engage in a debrief to identify what worked and what did not.
Planning for Business Continuity
Managing your current business continuity plan helps to protect sensitive information, avoid compliance fines, and mitigate information security threats such as data security breaches and insider threats.
At Nuspire, we are helping organizations overcome the challenges of this new normal, making sure that you are protected, even when if your organization is fully remote. To download a business continuity planning checklist for security, click here.