How business continuity plans can boost your cyber security

Many organisations believe that business continuity and cyber security are distinct processes with separate aims.

In other words, they view cyber security is what you do to prevent a cyber attack and business continuity as what you do after a cyber attack or after another disruptive event.

The UK Government’s Cyber Security Breaches Survey 2021 supports this theory. It reports that only 31% of businesses and 27% of charities have a business continuity plan that covers cyber security.

The flaw in this way of thinking was made clear during the COVID-19 pandemic, as organisations were forced to implement or adopt business continuity plans to adjust. Employees have been forced worked from home, meetings are conducted virtually and a host of security risks were introduced.

With organisations offering employees the opportunity to continue working from home even now that lockdown restrictions have eased, many of those processes are still in place.

As such, you need to consider how your business continuity measures align with your cyber security practices.

Preserving your organisation’s operations

Business continuity management ensures that organisations consider potential disruptions from a range of incidents, including natural events and cyber attacks.

The process works by creating and testing plans that take into account the way business-critical functions may be affected by a disruption, and how alternative methods can ensure operations can continue as effectively as possible.

As recently as a few years ago, cyber security played a comparatively small role in business continuity management, because cyber attacks by and large caused minimal business disruption.

That’s not to say they weren’t damaging. It’s just that the damage occurred in such a way that the organisation typically wasn’t aware of. The attackers may have gained unauthorised access to systems or launched phishing attacks, for example.

However, this is increasingly not the case – as ransomware has come to dominate the cyber security landscape. According to our Q3 2021 data breaches and cyber attacks report, ransomware accounted for almost one in three publicly disclosed security incidents.

And when an organisation is infected with ransomware, the damage can be crippling. Entire systems can be forced offline, and many organisations sever their networks to prevent the infection from spreading.

As a result, employees must find alternative means of working, whether that’s using pen and paper or rerouting their efforts to another area.

But it’s not just ransomware that organisations need to be concerned about. With many employees working remotely, any cyber security event that disrupts their connection to the organisation could be costly.

This might include technical difficulties with the Cloud platform, difficulties connecting to email or online meeting platforms or issues with employees’ personal Internet connection.

Organisations must therefore consider the business continuity implications of cyber security risks and plan accordingly.

Benefits of this include a greater collaboration between teams, a commitment to continuity-focused technology, a greater focus on threat detection and response, and a clearer understanding of the long-term effects of cyber security incidents.

Get your staff on the same page

An essential part of your business continuity plan is staff awareness training. After all, your employees are the ones who will use the plan, so they need to know why it’s in place, how it works and what their obligations are.

You can help them understand these issues with our Business Continuity Staff Awareness E-learning Course.

Developed by industry experts, this training course will prepare your employees to respond to any workplace disruption.

The 45-minute programme is filled with tips and activities to give your workforce the tools they need to implement your business continuity plan and preserve your critical functions.