Agile, Secure & Responsive IT Environments

Cybersecurity Lesson #3: Develop a Business Continuity Plan

What do you do when the power goes down? What does your business do when no one can get to work in a snowstorm? What do you do in a cyberattack?  

A Business Continuity Plan (BCP) addresses the question, “How do we conduct business when systems are compromised or down?” It is a complement to your Incident Response Plan, and it applies to anything that causes a disruption in business. In many respects, a cyberattack is no different than any other major disruption, so it should be treated the same.  

The BCP is your plan to minimize or prevent lost revenues or extra expenses during an outage. Insurance does not cover all costs and cannot replace customers that defect to the competition. The BCP can keep you from panicking during a cyberattack. When you panic, bad decisions are made. Have your back-up plan in place, so that business can continue while you work on solutions. 

Business continuity may mean going back to manual processes that were followed before automation. Or, it may require that you devise new processes that are a better replacement for automation. 

  • If you run a hotel or private club, how do you handle reservations or issue receipts?  
  • If you are a hospital, how to accept patients or track procedures?  
  • If you run a school, how do you continue online instruction or communicate with parents?  
  • If you run a town or city, how do police and fire departments communicate and respond to emergencies?  

Do not assume that the staff knows how to go back to the old way of doing things. Document the business continuity processes in a “run book” and do drills on a regular basis, at least as frequently as required to keep the staff informed. 

Your team must know how to conduct business when systems go down, whether due to fire, power outage or a cyberattack
Your team must know how to conduct business when systems go down, whether due to fire, power outage or a cyberattack.

Many professional groups, as well as the Department of Homeland Security, offer templates or examples for business continuity plans that are relevant for their industry or role in an organization. Be sure to investigate those resources, but make sure that you develop a Business Continuity Plan that works for your organization.  


NOTE: This is part of a series of blogs on Ransomware Lessons Learned posted to the Flagship Networks website.  For more information on how to create a Business Continuity Plan or have Flagship conduct one of our security assessments, please complete the form below. 

For more information about Business Continuity Planning or to talk about our security assessments, please complete the form below.

© 2020 Flagship Networks, Inc. All rights reserved.