How to align business continuity with IT to reduce threats

Note: This article originally appeared in Mission Critical Magazine. Read the article online or download the PDF.

I’m knocking on some serious wood here hoping that you never experience a real disaster event at work. But if you do, I trust that your business continuity team will get you to safety, quickly.

IT has nightmares that employees work from open WIFI networks.

Once you’re safe and sound, you will be able to log right in and get back to work and everything will be all good, right? Not so fast.

Well, your IT department has nightmares that employees do just that. You set up shop in lots of temporary places like a café or library with open WIFI networks and try to get back to work. Unbeknownst to many of us, open networks just aren’t sanitary places; they can be cesspools for identity theft that can lead to breaches. So confirming that an incident is properly handled requires much more than just evacuating people.

Steps to Ensure Business Resilience
Before you can check that last box, you need to verify that every step in your process is complete. Every company’s processes are different, but here are a few things to consider:

Handing off between IT and business continuity management (BCM)
Once you have ensured the safety of employees, IT must ensure the digital safety of the business. Here are some suggestions to determine when such a handoff takes place:

• Set triggers: Our customers who have best mastered the BCM-IT handoff set triggers. BCM experts have suggested to me that companies establish a “trigger matrix.” This removes any doubts or turf wars and makes the handoff a natural part of the process.
• Set thresholds: Based on your company, the business process and the sensitivity of information involved, determine how long the business can afford to operate at a partial loss or complete loss of data or system access. This will help determine when IT has to be involved.

Recovery and business continuity verification
IT has an important job to do in planning or executing any serious business continuity situation, as I mentioned at the top of this post. Making a secure location out of an insecure one is no simple feat, especially if it is a public area.

Depending on the situation, IT can take advantage and use SAML, private network connections, or use other tactics to keep business systems as safe as possible.

Comprehensive security posture
Part of the challenge with keeping intruders out and your data in is the disparate nature of our workforces. Global offices, remote workers, partners, customers, in-house systems, and third-party systems all add risk to every transaction.

Experts I talk to recommend going beyond your own security and looking at the digital supply chain that carries your data and business information around the world — including telephony, data services, monitoring applications, big data collection and reporting, operational technologies, and so on.

CIO Leadership
In recent years the CIO has evolved from an executive project manager to the custodian of the business.

In most companies, business continuity professionals are separate from IT. But progressive companies are leading by integrating the BCM teams with the CIO’s organization. Why? Because in today’s world, a digital disaster is much more likely than a physical one. IT is also adept at dealing with automation and communication technology and protocols. So the blend of talent and experience will put the best team on business resilience events to accelerate communication with automation and to target messages to the right people and roles.

Can You Survive Business Continuity?
Cutting-edge business continuity departments are using their own trigger matrices to hand off to IT departments or vet the digital safety of other locations after an evacuation. If you’re not verifying that your employees are accessing your systems safely, you’re putting your company at risk. Put proper processes in place and take care of your own.

Request a demo