Business continuity growsincreasingly vital as the threat of cyberattacks – which numbered1.7 billion worldwide in 2013 – and other IT dangers lurk,especially for financial institutions. And credit unions aren'timmune.

Eighty-three percent of organizations surveyed by ContinuityCentral say they expect to see at least small changes in theirbusiness continuity plans in 2014, with a third anticipating majorchanges. Only 17% expect no change.

Business continuity is critical for credit unions because FIsand retailers are the two biggest cybercriminal targets. The recentbreach at Target sparked several credit unions to reissue debit andcredit cards to their members because of the major retailer's cyberheadaches. And if it's not hackers, it's employees companies needto worry about. Malicious attacks by insiders cause roughly 12% ofdata breaches, according to a 2012 Forrester study.

Example: an employee of a California bank believed he would befired at some point so he created a virus alarm clock that wouldcreate havoc if he was fired. Eventually, he did get fired and thatvirus alarm clock worked – and shut down the bank's IToperations.

The last thing FIs want is business discontinuity, especially intheir busiest periods. How can credit unions best ensure theysustain excellent continuity?

Data protection is crucial – for customers and for compliance.Here are some ideas to help your business-continuity programs.

No. 1: Avoid situations that could jeopardizethe safety of your company's data. Transferring data to a remotesite where fewer staff members are on duty can increase risks.Keeping it onsite with encryptions can prove to be more secure, butthat doesn't allow for remote recovery when needed.

No. 2: Time stamps help replicate and back updata. If a virus or breach occurs, a time stamp can be quicklyfound before the incident and restore everything back to that time,helping the system back up and rebuild corrupted data.

No. 3: Encourage senior management to get onboard for today's increased data-protection risks. This can helpsecure the budget to put security blocks into place. One CIOproudly noted that he secured funds to protect against everysecurity problem that anyone can think of because he makes it clearwhat damage business discontinuity can trigger.

No. 4: Consider hiring a hacker for yourdata-recovery site. Sounds odd, but one hacker claims it's mucheasier to hack a company when it's on its data-recovery site. Why?He said IT staffs don't do as much due diligence on a backup siteto protect data. Even though these sites are audited, they'resmaller with smaller staffs.

No. 5: Provide customers with regular updatesabout privacy regarding their account and personal information.They should address privacy and mobile apps, usingquestion-and-answer and fact sheets to clearly explain what thecredit union is doing on the privacy front. Increasingly,transparency is critical when addressing data privacy and safetywith customers.

When IT systems go down and customers are directly affected orjust inconvenienced, these situations may not make the newsheadlines, but the impact on business can be profound. It raisesthe question of why credit unions and other FIs often spend 80% oftheir IT budget protecting against downtime and only 20%facilitating data recovery.

No. 6: Explore using a managed-servicesprovider for BC purposes. More FIs are using third-party vendorsthat handle BC chores, allowing the IT staff to rest easier andhandle other projects. MSPs have resources that FIs may not haveand can handle responsibilities such as increased monitoring,compliance regulation and recovery testing.

Read more: MSPs and the Cloud …

Managed-Services Providers and the Cloud

An MSP can ensure continuous access via the cloud. More creditunions and other FIs are moving to the cloud, and putting theirwebsites and other public information there. This frees uppersonnel and computing resources. They can tier information forsecurity and/or recovery purposes and protect the most criticalresources.

Here's one horror tale of an FI that would have benefited froman MSP. Before it faced a major crisis, the bank had identified 20%of its applications and data as being mission-critical and it hadthat material on backup tapes. But when it lost its data center ina crisis, it couldn't begin rebuilding its system until it shippedthe mission-critical data tapes to the backup facility. It took twoweeks to reload.

In the meantime, customers couldn't access ATMs or get theirinformation from the website. The bank lost quite a few customerswho assumed the FI hadn't perceived the value of those apps to thebusiness and its customers.

For the most part, credit unions simply don't have the budgetsto send IT staff to backup data centers that may be in anotherstate. This explains why it pays to use MSPs who can handle thosechores themselves, especially if they're near the credit unionsite.

Hurricane Sandy along the Northeast coast also caught manycredit unions off-guard because many customers couldn't accessATMs. As a result, more consumers are asking FIs about securityprotection on their mobile phones and laptops.

At some point, a serious disruption is bound to occur. It willpay to have a solid and seamless process in place, withmission-critical data encrypted, that brings the business systemright back up without customers knowing that anything hadhappened.

LaurieElliott is director of the North American RecoveryServices Team for SunGard AvailabilityServices of Carlstadt, N.J.