Cyber-security threat to UK ‘as serious as terrorism’ – GCHQ
November 11, 2017
Security expert launches cyber training
November 23, 2017
Show all

Why a disaster need not be disastrous

There has been much talk recently about how to protect businesses against cyber attacks, extreme climatic conditions or other disruptive events but what do you do if you do suffer a business incident?

According to Alan Stenhouse, who runs Scottish business AST Risk Consultancy & Training Services Ltd, such a scenario need not be devastating as long as the business has an effective Business Continuity/Disaster Recovery Plan in place.

Alan said:  “It is inevitable that every business will experience a cyber attack or significant disruption at some time or another and those that have taken protective measures may well escape with customer confidence and their brand and reputation intact.

“However, if business operations are impacted, it does not necessarily need to be a disaster if they have prepared in advance.”

He suggests:

  • Have a Business Continuity / Disaster Recovery Plan in place; test it periodically and ensure that it is readily accessible both within and outside of business premises
  • Ensure that a Call Tree is in place, regularly tested and to hand (a Call Tree is a document incorporating the calling responsibilities and calling order in which to contact management, employees, suppliers and any other key parties in the event of an emergency/severe disruption). Contact details must be maintained and those with calling responsibility should be aware of who to call
  • Develop ‘vanilla’ communication templates allowing messages to be tailored and issued in a timely manner to keep stakeholders informed through website and social media messages, e mail and letters
  • Make sure you regularly back-up your data and test to ensure the back-up has been successful and the data is accessible. Data back-ups should be off-site to ensure no impact is sustained from the incident/disruption
  • Check that your suppliers also have established Continuity/Disaster Recovery Plans in place

Alan, who has spent his career advising businesses of all sizes on continuity and security, said: “The key thing in the case of an attack or incident is being prepared and knowing what to do. Everyone needs to be clear about their roles. The last thing you want is hesitancy or confusion and you should always remember, when disaster strikes, the time to prepare has passed.”