It’s that awful moment that anyone who runs a business fears – the business can no longer function due to an internal incident or breach of security where hackers have compromised controls and broken into electronic files containing sensitive customer information.
However, all is not lost, you have a plan for such an eventuality. But there’s a problem because, according to Alan Stenhouse, who runs Scottish business AST Risk Consultancy & Training Services Ltd, a lot of firms simply do not know where their plan is or it’s out of date or not been regularly tested.
Alan, who draws on expertise developed over a long career advising companies in the financial sector about security, says that far too many companies are not planning adequately enough for incidents which severely hamper business capability to continue serving customers.
Alan, an accomplished Senior Risk Management professional, said: “Every company should have a plan on how they will recover and, to be fair, most businesses do. The problem on far too many occasions is that it’s either in someone’s head or sitting in a drawer covered by an inch of dust.
“Then when something goes wrong and they need the plan quickly the person who takes the lead in managing the incident is on a day off or no one knows which drawer the plan is in and where the key is.
“My advice is to make sure that everyone knows the plan because the impact of serious incidents can be significantly minimised by acting quickly and calmly.
“All staff need to know where to lay their hands on the plan, the steps that need to be taken and who does what. Get that right and the effects of a serious incident or security breach may be less than a situation where no one has a clue what they are supposed to do.
“One of the ways to stop this happening is training. Teaching people how to deal with situations is crucial.”
AST Risk Consultancy & Training Services Ltd specialise in Business Continuity Management and work with businesses to ensure that effective plans are established, readily understood and tested.
Key business processes and activities are assessed to develop contingency measures providing peace of mind that services can be resumed. Underpinning the success of effective continuity is developing knowledge and awareness from the Board to the frontline, creating the capability within to ensure incidents are handled effectively.
Does your business have a plan and when was it last updated and tested? Do your colleagues have the right skills to respond effectively to an incident? Can you really leave it to chance?