How to Avoid Business Discontinuity
Business continuity grows increasingly vital as the threat of cyberattacks – which numbered 1.7 billion worldwide in 2013 – and other IT dangers lurk, especially for financial institutions. And credit unions aren’t immune.
Eighty-three percent of organizations surveyed by Continuity Central say they expect to see at least small changes in their business continuity plans in 2014, with a third anticipating major changes. Only 17% expect no change.
Business continuity is critical for credit unions because FIs and retailers are the two biggest cybercriminal targets. The recent breach at Target sparked several credit unions to reissue debit and credit cards to their members because of the major retailer’s cyber headaches. And if it’s not hackers, it’s employees companies need to worry about. Malicious attacks by insiders cause roughly 12% of data breaches, according to a 2012 Forrester study.
Example: an employee of a California bank believed he would be fired at some point so he created a virus alarm clock that would create havoc if he was fired. Eventually, he did get fired and that virus alarm clock worked – and shut down the bank’s IT operations.
The last thing FIs want is business discontinuity, especially in their busiest periods. How can credit unions best ensure they sustain excellent continuity?
Data protection is crucial – for customers and for compliance. Here are some ideas to help your business-continuity programs.
No. 1: Avoid situations that could jeopardize the safety of your company’s data. Transferring data to a remote site where fewer staff members are on duty can increase risks. Keeping it onsite with encryptions can prove to be more secure, but that doesn’t allow for remote recovery when needed.
No. 2: Time stamps help replicate and back up data. If a virus or breach occurs, a time stamp can be quickly found before the incident and restore everything back to that time, helping the system back up and rebuild corrupted data.
No. 3: Encourage senior management to get on board for today’s increased data-protection risks. This can help secure the budget to put security blocks into place. One CIO proudly noted that he secured funds to protect against every security problem that anyone can think of because he makes it clear what damage business discontinuity can trigger.
No. 4: Consider hiring a hacker for your data-recovery site. Sounds odd, but one hacker claims it’s much easier to hack a company when it’s on its data-recovery site. Why? He said IT staffs don’t do as much due diligence on a backup site to protect data. Even though these sites are audited, they’re smaller with smaller staffs.
No. 5: Provide customers with regular updates about privacy regarding their account and personal information. They should address privacy and mobile apps, using question-and-answer and fact sheets to clearly explain what the credit union is doing on the privacy front. Increasingly, transparency is critical when addressing data privacy and safety with customers.
When IT systems go down and customers are directly affected or just inconvenienced, these situations may not make the news headlines, but the impact on business can be profound. It raises the question of why credit unions and other FIs often spend 80% of their IT budget protecting against downtime and only 20% facilitating data recovery.
No. 6: Explore using a managed-services provider for BC purposes. More FIs are using third-party vendors that handle BC chores, allowing the IT staff to rest easier and handle other projects. MSPs have resources that FIs may not have and can handle responsibilities such as increased monitoring, compliance regulation and recovery testing.
Read more: MSPs and the Cloud ...
Managed-Services Providers and the Cloud
An MSP can ensure continuous access via the cloud. More credit unions and other FIs are moving to the cloud, and putting their websites and other public information there. This frees up personnel and computing resources. They can tier information for security and/or recovery purposes and protect the most critical resources.
Here’s one horror tale of an FI that would have benefited from an MSP. Before it faced a major crisis, the bank had identified 20% of its applications and data as being mission-critical and it had that material on backup tapes. But when it lost its data center in a crisis, it couldn’t begin rebuilding its system until it shipped the mission-critical data tapes to the backup facility. It took two weeks to reload.
In the meantime, customers couldn’t access ATMs or get their information from the website. The bank lost quite a few customers who assumed the FI hadn’t perceived the value of those apps to the business and its customers.
For the most part, credit unions simply don’t have the budgets to send IT staff to backup data centers that may be in another state. This explains why it pays to use MSPs who can handle those chores themselves, especially if they’re near the credit union site.
Hurricane Sandy along the Northeast coast also caught many credit unions off-guard because many customers couldn’t access ATMs. As a result, more consumers are asking FIs about security protection on their mobile phones and laptops.
At some point, a serious disruption is bound to occur. It will pay to have a solid and seamless process in place, with mission-critical data encrypted, that brings the business system right back up without customers knowing that anything had happened.