Posted on Monday, April 10, 2017 in Cyber RxBlog written by Rob Swenson
An old binder collecting dust on an office shelf won’t be much help when a company’s leaders are reacting to an unexpected business disaster.
National experts and local authorities stress that surviving and recovering from natural disasters and human-caused emergencies require that businesses prepare plans in advance and update them regularly. They also need to share the plans with everyone in the oganization so that they what to do.
“The worst thing a business can do is not a have a plan. But not too far after that is having a plan that’s outdated or not communicated to employees,” says Carrie Johnson, manager of government and external operations for SDN Communications in Sioux Falls.
Typically, good plans also require companies to establish and maintain working relationships with outside entities. For example, a company may need law enforcement agencies during a crisis.
A company also might need to establish a relationship with experts such as a lawyer. That includes those in industries with notification requirements or other regulatory obligations.
Disruptions might be caused by natural disasters, such as tornados or floods, or by criminals or terrorists. Disruptions might even happen when key team members leave suddenly. Businesses must examine and re-examine processes as well assets.
Business continuity and disaster recovery plans – often abbreviated as BCDR – should also include a cybersecurity component, Johnson says.
There are four key stages to effective BCDR planning:
- Develop a plan.
- Communicate the plan throughout the organization. Train employees to cary out the plan. And test the effectiveness of the plan.
- Review the effectiveness of the trial implementation and identify shortcomings.
- Fill the gaps. Engage others, if necessary, and update the plan.
Federal guidelines developed under the leadership of the National Institute of Standards and Technology, or NIST, are a good, potential resource for companies developing BCDR plans, Johnson says.
NIST is a non-regulatory agency within the Department of Commerce. It worked with business leaders, government officials and academic experts to develop the NIST Cybersecurity Framework. The series of voluntary, flexible guidelines are scalable to the company’s size.
Working through the best practices in the framework can help companies think critically about operations, vulnerabilities and needs.
Other planning resources and possible emergency contacts include:
- South Dakota Fusion Center, which is within the South Dakota Department of Public Safety. The Fusion Center is an information-sharing center that assists in local, state and federal investigations to help prevent crimes. www.dps.sd.gov/homeland_security.
- Federal Emergency Management Agency.
- Ready.gov, the official website of the U.S. Department of Homeland Security.
Floods and tornadoes are among the most common natural disasters that businesses in the Northern Plains face every year. Reminders from Ready.gov about the risks that disasters can pose might be in order.
For example, just six inches of moving water can knock a person down and two feet of water can sweep away a vehicle.
Occasionally, tornadoes develop so rapidly that little, if any, advance warning is possible. Whirling winds within a tornado can reach up to 300 miles per hour. Tornadoes are hard to outrun, too; they can travel at speeds of up to 70 mph.
The best time to have prepared for such disasters is before they strike. If your company doesn’t have a plan it place, it shoud start planning now.