Be Prepared for Cyber Disruptions with an IT Business Continuity Plan
It would take a book (or according to Amazon, 3,789 books!) to cover the topic of technology risk fully. Two areas where technology plays a big role are business continuity and data security.
In both cases, the better prepared a company is on the front end, the better they will be able to withstand or recover from the problems.
Business continuity is the capability of an organization to continue delivery of products or services at acceptable predefined levels following a disruptive incident. Disruptive events can be just about anything that affects normal business operations, from a terror attack to a natural or man-made disaster. While it might be impossible to plan for every conceivable disruptive event, a bit of common sense is all that’s needed to cover some of the more likely possibilities. For example, businesses along the Gulf Coast and the Atlantic Seaboard should be prepared in the event of a hurricane making landfall, businesses located in areas that are vulnerable to forest fires should prepare for a potential evacuation ahead of a fast-moving blaze and businesses situated near fault lines should have earthquakes in mind, and so on.
Making preparations of this sort is called business continuity planning, and for any continuity plan to be relevant it must cover a company’s IT systems along with all of the other essential facets of the business. A few things to keep in mind with regard to IT continuity include access (to a company’s data, systems and other digital tools), the safe-keeping and backup of the data itself and the ability to restore the all of the electronic information that’s essential to the business.
Perhaps the biggest area of tech risk management concerns data breaches, which are one of the most common, and potentially most damaging, risks associated with technology. James Bond may have needed a spy camera to steal important documents, but these days, a data breach is far more likely to be a cyber attack than cloak-and-dagger corporate espionage.
One example of a cyber attack data breach in the construction industry was a sophisticated attack aimed at stealing valuable trade secrets from the targeted company. In another case, cyber attackers hacked an HVAC company in order to gain access to their real intended victim, Target. Many security experts believe that this was the same method used in the infamous attack on Home Depot, where they hacked a third party vendor in order to access the Home Depot information system to steal the personal information from 53 million Home Depot customers.
Each of these examples can be characterized as a “professional attack” by sophisticated hackers with highly advanced computer skills. But sometimes, it doesn’t take an evil computer genius to break into a company’s network.
As more construction companies adopt the use of mobile technologies in the field, they’re opening themselves up to data breaches that don’t require an expert hacker to pull off. Every single one of those mobile devices is a potential pathway into a company’s network, and so construction companies that use mobile technology in the field must take precautions. These precautions include equipping the devices with hardware and software data encryption, as well as passwords and/or PIN locks. And if there’s a wireless network in use, either at the office or at the jobsite, then securing that network is a must, including encrypting the wireless signal, securing the router with a password and filtering the MAC addresses of devices so that only employees and authorized personnel can access the network.
There’s a mantra that’s oft-repeated in the cyber security world: it’s not a matter of if a company is going to be targeted by hackers, but when. And one glance at the news will show what disaster survivors all over the country already know; namely, that no one is immune from that type of threat either.
The best thing to do – the only thing to do – is to be prepared. No one has the power to fully prevent these types of disruptive incidents from happening. But everyone has the power to be prepared, and preparedness might be the difference between overcoming a business disruption or succumbing to it.