How Business Continuity Can Fill the Hole in Your Security Plan

You think you’re prepared for the worst: You’ve purchased new antivirus software, have a great new firewall in place, and even hired an IT security “tech” to help “man the gates” to protect your network and computer systems from malicious actors. This means you have all the necessary security requirements in place that will protect you, right? Not necessarily.

What this means is that when a cyber attack or another type of disaster strikes and a hacker or their bot busts through your defenses like they don’t exist (because they kind of don’t), it's only then that you realize just how woefully unprepared your organization’s cybersecurity defenses really are.

This, unfortunately, is not an uncommon scenario. Considering that upwards of 60% of small to medium-size businesses (SMBs) that fall victim to cyber attacks fail within six months, it's a lot more common than many business professionals and owners realize. What makes matters worse is that in many of these cases, the cybersecurity threats come because of your employees. According to an article in the Harvard Business Review (HBR): “In the 2016 Cyber Security Intelligence Index, IBM found that 60% of all attacks were carried out by insiders. Of these attacks, three-quarters involved malicious intent, and one-quarter involved inadvertent actors.”

So, what's an organization to do to address the situation? Creating a security plan is a good start, as it details policies and procedures that help you to identify and try to ensure that confidential data is protected, for how long, and by whom. However, security plans have gaps and weaknesses that can be inadvertently left open for exploitation. This is where a business continuity plan comes into play to offer another layer of protection for your organization.

What is Business Continuity Planning and Management?

Business Continuity Plan (BCP) is a proactive plan that should be created and implemented by businesses of every type and size — no matter whether you are a small Registered Investment Advisor (RIA) firm or a medium-sized distributor. A BCP helps to ensure that your organization and its employees are prepared and know what to do in the event of an emergency.

A business continuity plan, at its core, is a detailed strategy that enables businesses or other organizations to resume regular operations after experiencing data loss or network downtime. When properly planned, managed, and implemented, a good plan minimizes threats while remaining scalable, flexible, and capable of adapting as business needs change.

Business continuity management is what helps you protect essential business functions and operations in the event of an emergency. It's putting your plan into action, which should include essential data backup and disaster recovery (BDR) initiatives, while also ensuring that your organization can support remote operations in the interim (if need be) until your main office is back online or accessible.

At its core, an effective business continuity plan helps businesses minimize threats and reduce downtime in the event of a small incident, such as a hardware failure or power outage. It also serves as the crucial difference between your business successfully pulling through after a major event or becoming one of its casualties.

Risks & Weaknesses Business Continuity Helps to Address

The truth of the matter is that a good business continuity plan touches virtually all aspects of your cybersecurity defenses and initiatives. While a security plan defines administrative and technical safeguards for protecting your organization, there is some additional evaluation that can be done as part of a complementary business continuity plan.

Some of the weaknesses that need to be evaluated and addressed in the business continuity plan include (but are not limited to):

  • Ways to identify security and cybersecurity risks to help prevent security breaches;
  • Identifying and addressing single points of failure, as well as opportunities for redundant or alternative systems of access and communications (cloud applications or data storage, email, VOIP phone systems, etc.);
  • Determining whether robust data backups (onsite and offsite) and disaster recovery (DR) systems are in place

Components of a Strong BCP

According to a TechTarget article, here are some of the elements that a good BCP should contain:

  • Initial data, including important contact information, located at the beginning of the plan
  • Revision management process that describes change management procedures
  • Purpose and scope
  • How to use the plan, including guidelines as to when the plan will be initiated
  • Policy information
  • Emergency response process and management roles
  • Step-by-step procedures
  • Checklists and flow diagrams
  • Schedule for reviewing, testing and updating the plan

Business Continuity Solutions That Protect

One of the ways to determine some of the risks to your organization is through the use of a security risk assessment, which is part of a three-tiered approach of a technology security assessment:

  1. Security Assessment (Risk Assessment)
  2. Report Prep and Review Meeting (Gap Analysis)
  3. Securing and Addressing the Gaps (Remediation)

Business continuity training is critical to ensure that your employees are up-to-date on what the processes are. Part of this training also includes testing to ensure that the employees are familiar with the procedures and know what to do if something occurs.

Although business continuity may not be easy to pull off, it is essential to the safety and security of your organization’s data as well as the personally identifiable information (PII) of your employees and clients. So, be sure your in-house team takes the time to ensure that your business continuity plan is done properly or that you seek the assistance of an experienced Managed Security Service Provider (MSSP) that can handle the planning and implementation for you.

At FPA, our team of IT security experts can help. Beyond creating BCP's, we also perform security and vulnerability assessments, as well as run recurring penetration tests to ensure that our clients are as prepared as possible for whatever virtual threats they may face. As a trusted and reliable Los Angeles based Managed Security Service Provider, we help protect our clients through our Managed Security Services program.

See how your existing cybersecurity efforts measure up — check out our complimentary Cybersecurity Report Card by clicking on the link below.

What's your business doing to address your Business Continuity Plan needs or overall security planning process? Be sure to share your thoughts and tips in the comments section below or feel free to send me an email to continue this conversation more in depth.

New Call-to-action


Craig Pollack

Craig Pollack

Craig is the Founder & CEO of FPA Technology Services, Inc. Craig provides the strategy and direction for FPA, ensuring its clients, business owners, and key decision makers leverage technology as efficiently and effectively as possible. With over 30 years of experience building the preeminent IT Service Provider in the Southern California area, Craig is one of the area’s leading authorities on how small to mid-sized businesses can best leverage and secure their technology to achieve their business objectives.