Business Continuity

We specialize in building the leading business continuity programs in no time. Our focus is to ensure that companies don't waste a single second being exposed to the dangers of today's world. We can assist you with snapshots of your program, planning, as well as setting up the strategy. We can help you write the top notch business continuity policy.

Disaster Recovery

We are technically-savvy enough to help you build, test, and maintain your Disaster Recovery plans. We don't leave you all alone midway through the project. We take you all the way on a Voyage, where our SME's will work with you on removing all of the roadblocks on your way to building a best in class Technology Recovery program.

Vendor Continuity

We have built successful vendor continuity programs for our customers in need of fulfilling the regulatory requirements, as well as strengthening resiliency of the outsourced providers. If you don't already have the vendor continuity plans, documented criticality of all of your corporate vendors, as well as their subcontractors, contact us now.

Ransomware and Business Continuity

//Ransomware and Business Continuity

Ransomware and Business Continuity

In spite of the recent events, we’ve been asked more and more by our customers if business continuity and disaster recovery could help minimize the impact from the ransomware attacks. And the answer we gave was: “Of course!”

It’s typical for bc practitioners to think that ransomware is related to cybersecurity, and not at all related to resilience. Cybersecurity helps to protect and detect the malicious activities. On the other hand, crisis management could then be used to minimize the impacts following the events, and streamline all aspects of internal and external communications, reporting to senior management, regulatory reporting, as well as dealing with the “crisis” on the spot.

Business Continuity planning would also help in ensuring that plans (or strategies) are in place to segregate such attacks, as well as find alternate means of conducting the business. Nobody wants one ransomware attack on a single IT system to shut down the whole company’s operations. BC plans should be in place to detect the appropriate strategies and workarounds BEFORE they ever take place. Mitigating measures should be considered for different threats, such as internal and external threats. In case of the sabotage, for instance, companies could then trigger related Business Continuity (or business resumption) plans that would focus on only the affected business groups.

Disaster Recovery planning, on the other hand, would focus on restoring the operations of the affected IT systems in a timely manner. DR plans should include the instructions of how to failover a system to an alternate processing site (assuming such site exists), or rebuilding an application from scratch. DR plans should include IT-related communications, responsibilities, batch processing, system dependencies, as well as business group dependencies. After all, nobody wants to find out that the affected system was being used by more departments than originally thought.

Finally, Crisis Management should always integrate with the Security Incident Response Plan (SIRP). Many companies, in fact, build the CM plans into the SIRP, while others build SIRP into the overall enterprise CM plan. The goal is to ensure that some of the critical information is discussed, agreed upon, documented, and periodically reviewed. Such information should include communications, escalations, senior management reporting, corporate insurance information, as well as the corporate ransomware policy, which is especially critical. It should be stated in advance if the company is willing to pay for ransomware, and if yes, what the maximum amount of money this would be. Imagine you are in the middle of ransomware attack, and all of your critical files have been compromised and encrypted. Would you want to involve senior management, get everyone on the call, and discuss if the company would pay for ransomware? This would waste the valuable time. By the time the decision would be made, a ransom would be doubled or tripled, or the NPPI data would be made public.

Voyage Continuity is there to help companies build and document the Business Continuity plans, DR plans, Crisis Management framework and plans, as well as the Security Incident Response Plans. Contact us for a free consultation to see how we can help your company enhance the planning and response strategies.

About the Author:

Leave A Comment