Preparing For the Next Global Outage: Review Your Business Continuity Plan

July 23, 2024

Share

print-icon

Print

Software developer working on code.

Key insights

Recent technology outages and cybersecurity incidents affected various industries, underscoring the importance of a solid business continuity plan — particularly for organizations that rely heavily on technology and vendors for critical services.

Help protect your institutional and customer information and maintain customer trust by reviewing your vendor management, incident response, disaster recovery, and patch management programs.

Regularly update these programs to help your organization be prepared to form a quick and efficient response to incidents and potentially reduce the impact on your organization and customers.


Ready to update your business continuity plan?

Contact Us

The July 18 widespread technology outage and recent cybersecurity incidents, such as the CDK breach, impacted various industries. It’s a good time to highlight the importance of your business continuity plan, including vendor management, incident response, disaster recovery, and patch management programs.

Some industries have a higher cybersecurity risk profile because of the service they provide or the information they possess. Those that play critical roles in infrastructure and finance are often targeted by bad actors through cyberattacks — however, any organization can become a victim. Companies that depend on technology and other “online” services also can be downstream victims of these and non-cyber related scenarios.

Looking for general information on business continuity planning and preparedness?

Check out our cyber and digital content.

Financial institutions often targets of cyberattacks

Banks and credit unions increasingly depend on external vendors beyond their core providers and loan origination systems to provide critical services to their customers and communities.

To protect institutional and customer information, there’s a heavy reliance on specialty vendors for critical functions to maintain the expected privacy and necessary compliance. When everything works, it’s great, but when issues arise and root cause analysis is conducted, the “blame game” can start.

When systems go down or are inaccessible, there’s often an assumption of a cybersecurity breach, leading to questions like “Was my personal data compromised?” Being able to answer this is crucial for maintaining customer trust. While the CrowdStrike outage incident was not cyber related, the impact was similar.

Your customers and members don’t care who’s at fault or if you’ve averaged a historical 99% uptime — they care about when you’ll be back up. Answering these questions effectively requires practice, hoping you’ll never need it. Verifying you are doing what you say, and saying what you do, is critical.

Prepare for the unexpected: incident readiness checklist

Your institution must be ready before the next incident. Review your processes to look for opportunities to improve — practices that apply to organizations across all industries.

Vendor management program

  • Identify critical vendors (those with critical data and services that, if down, would impact your institution’s ability to serve customers).
  • Affirm vendor contacts are current.
  • Verify the data and services each vendor provides and who is accountable for the relationship at your organization.
  • Perform annual reviews of key outages (or fourth parties they rely on) to provide services to you.

Incident response and disaster recovery programs

  • Review these programs at least annually and update them as your organization changes.
  • These are not IT-only programs — management and board of directors must be involved and accountable.
  • Conduct tabletop tests on various scenarios, document gaps, and adjust plans.
  • Confirm scenarios are realistic and reflect the true impact on the organization and customers.
  • Verify communication and notification plans are sound and address how you communicate with employees, customers, and any relevant agencies.
  • Develop manual procedures to serve your customers and employees if technology is down and confirm what transactions can be run in “offline” mode.

Patch management program and software or hardware updates

  • Review your program against the Federal Financial Institutions Examination Council’s Architecture, Infrastructure, and Operations handbook for any adjustments to current standards or recommendations.
  • Have a backout or rollback plan for any software or hardware updates — if an update doesn’t go as planned, confirm you can revert to the original state to reduce downtime.
  • When possible, use development or testing environments for critical systems to help reduce production outages during updates.

Supply chain risk considerations

One area you might not relate to an outage is around supply chain management risk. With its significant complexity, review steps you can take to identify, assess, and navigate supply chain risks using a comprehensive and systematic approach.

How CLA digital services can help financial institutions

A digital strategic plan for financial institutions is invaluable for driving growth in the digital age. CLA can help your financial institution adapt to industry shifts and prepare for the challenges of the future with a talented, insightful team that understands the ins and outs of the financial services industry.

CLA’s digital services team can help you develop strategies to leverage trends, overcome challenges, and innovate for the future.

Adding more text here just to show how the QR spacing works with the end of the article. Adding more text here just to show how the QR spacing works with the end of the article. Adding more text here just to show how the QR spacing works with the end of the article. Adding more text here just to show how the QR spacing works with the end of the article. Adding more text here just to show how the QR spacing works with the end of the article. Adding more text here just to show how the QR spacing works with the end of the article. Adding more text here just to show how the QR spacing works with the end of the article. Adding more text here just to show how the QR spacing works with the end of the article.


Get started at GoDigital.CLAconnect.com

The information contained herein is for informational purposes only, general in nature and is not intended, and should not be construed, as legal, accounting, investment, or tax advice or opinion provided by CliftonLarsonAllen LLP (CLA) to the reader. Your use of the information does not create a client or any other contractual relationship between you and CLA. ©️2024 CliftonLarsonAllen LLP. For more information, visit godigital.CLAconnect.com. CLA (CliftonLarsonAllen LLP) is an independent network member of CLA Global. See CLAglobal.com/disclaimer.

Connect

Headshot of Tim Dively

Tim Dively

Digital Growth Director

Experience the CLA Promise

Sign up to receive custom information and insights delivered straight to your inbox.

Subscribe