Where Australia Is Still Going Wrong With Cyber-Security

Business resilience against the unexpected

Where Australia Is Still Going Wrong With Cyber-SecurityThe Ebola outbreak in West Africa is a horrendous thing to happen to any country, never mind one with limited access to medicines and qualified medical professionals. But even in a first-world country, the effect of an epidemic would be enormous. What would happen to your organisation if a similar thing happened in your city or country?

Most businesses have some level of disaster recovery component: a policy that states what happens when the building catches fire or the server damaged is in a local flood. We even have disaster recovery scenarios concerning cloud systems—lockouts and other large-scale problems, for instance.

Well-prepared companies also have a business continuity plan, to make sure that the business is going to function and be stable during these disasters. For such a plan to work, you have to think through every aspect of the problem, even the most mundane. One of the least thought-through problems associated with business continuity is, what happens if you cannot get to work?

An outbreak of Asian flu, Ebola, hemorrhagic fever or other pandemic would cause chaos if it happened in a large city almost anywhere in the world. This would be a good example of not being able to get to work. Roads might be blocked off, or healthy citizens might be advised not to leave home. Business as normal would be a little challenging if the city was quarantined.

How should your business continuity plan address this? Not many have actually thought about their organisation in this light. An SME or not for profit organisation should perform a risk analysis that takes the nature of their business into account. A retail store would have a different solution to a business-to-business service provider, and they would both be different solution to, say, a service station. Which employees are necessary to keep the business running, when does it stop being worthwhile to do so, and how do you minimize workers’ chance of infection? What criteria do you use to determine which employees will come in? A proper risk analysis would mitigate the risks to acceptable levels.

How would you deal with not being able to drive to work? Most businesses have remote email, through Outlook Web Access, a cloud email provider or just an ISP-based email system, so communication is not that much of a problem. But what will you do if local internet service goes down or becomes unreliable? What happens if you need to process orders, manage inventory, or talk one-on-one to customers? This could have a crippling effect on most businesses if the problem was not thought through.

The next problem is sales and delivery. In a pandemic situation, would your business survive? If you are local to the quarantine area then you have a problem—you would be unable to transport your products outside that area until the quarantine was lifted. Have you thought about alternatives to transportation and storage situations to alleviate this sort of scenario? If you are a global distribution network, you need to have alternate sites that you can use as a distribution hub. Do you?

Business continuity is just not a problem for the ICT section. It demands a whole-business solution. For a resilient business, everyone needs to have input into the continuity plan, everyone needs to know their place in the solution, and everyone needs to be ready to execute it.

What do you think are the worst threats to your business continuity, and do you have a plan to address them? Let us know at the bottom of this post.

Similar Reading

How many small and medium businesses actually have a disaster recovery plan 

The human side of disaster recovery

The Physical side of Disaster recovery

Creating a disaster recovery plan

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.