[INFOGRAPHIC] World’s Biggest Data Breaches

Anthem Health Insurance, Home Depot, JP Morgan Chase and Ebay might be in completely different industries and have different target markets, but they have one thing in common: Since 2004, they have each experienced a security breach totaling millions of records.

In this interactive infographic by Information Is Beautiful, data about these incidents and dozens of others totaling 30,000 records or more have been compiled to create a visual representation of the magnitude of the world’s biggest data breaches. The causes of the incidents range from accidentally published information to hackings to inside jobs.

 Click the image below to explore the infographic.

World's Biggest Data Breaches interactive infographic


To read more about three security breaches that shined the spotlight on cybersecurity (including the Anthem and Home Depot incidents), check out this post.

The Advantage of Business Continuity Software Part Two: Benefits of Process Dependency Mapping

Network cables facing up into fiber optic lights
To kick off this blog series, last week we talked about the importance of a continuous BIA. This week’s post will focus on the extensive assistance of process dependency mapping. 

Process dependency mapping goes beyond mapping applications and encompasses the entirety of business processes. This type of mapping can focus on business processes such as payroll and look at not only the processes it depends upon, such as time tracking and benefits, but also the processes that depend upon it. Dependencies can include, but are not limited to, applications, employees, vendors, systems and assets — anything that a process may be dependent upon. You're essentially mapping your business processes and how they’re interrelated.  

To get started on process dependency mapping in your business, you first need to recognize your resource dependencies — the resources your business depends on to function — and then scale them from most crucial for survival to least. Some key resources can be vendors, personnel, hardware, information systems and applications. 

Here are a couple reasons why process dependency mapping can be beneficial to your business.

Reveals Dependencies at an In-Depth Level


It may be easier to identify certain dependencies, such as specialized employees or exclusive vendors because they stand alone. Unfortunately, it will be harder to sequence the more important dependencies, such as information systems, software and applications. These can vary departmentally, and therefore be harder to sequence.

Process dependency mapping provides a meticulous blueprint of all business software and application systems, which shows who is using them, how often and at what locations. By knowing the sophisticated workings within your business infrastructure you can better gauge your most critical dependencies, your vulnerabilities and the costs associated with downtime at a departmental level. This comprehensive look into your organization can expose not only the weaknesses within your walls but also your opportunities for improvement and efficiency.

Provides Better Communication of Issues and Tasks


There has been a long struggle between your IT department and those managing your business. With two different, yet equally valuable, sides to your organization speaking two different languages — business and technology — it can be hard at times to fully justify a need or difficulty to one another. 

Process dependency mapping visually breaks down what your IT department constantly sees, aiding management to better understand and communicate any difficulties that arise. This improvement of insight can shift operation efforts to be more efficient and create an internal appreciation among departments and employees.

Though it will take time to fully implement process dependency mapping, the awareness that comes from a thorough outline of your infrastructure can bring comfort and safety against unknown obstacles. If process dependency mapping has revealed your dependencies to you, comment below and let us know how it benefited you.

The Advantage of Business Continuity Software Part One: The Impact of a Continuous BIA

Impact Analysis worksheetThe business continuity and disaster recovery (BC/DR) software market is currently flooded with varying degrees of continuity manager software that can all perform roughly the same tasks. As a business this can be in your favor due to supply and demand paving the way for better prices and enhanced competitive features.

However, with so many options, it can be overwhelming to sort though all of the available continuity software until you find one that suits your company. In this three part blog series, we'll explain what we've found to be three of the most valuable features you should ask for in your business continuity manager software. First up, let's discuss a continuous Business Impact Analysis (BIA).

What Is a Continuous BIA?


A BIA is necessary to establish parameters within your organization as to better estimate, if there were an incident, what would be the best solution to get your company back on its feet and how fast you would need to recover.

A continuous BIA (offered in most business continuity software) can be updated regularly so you can ensure compliance with your industry's regulations and maintain a well-developed plan to coincide with your business's growth and expansion. It will retain the data from your last update, never resetting or deleting. The interaction that software provides can far outweigh that of a one-time-use template.

How Does a Continuous BIA Keep You Compliant?


No matter the industry, regulations exist to ensure quality, safety and best practices. These guidelines are also associated with large penalties and fees for not meeting minimum compliance requirements. A continuous BIA, unlike simple template forms, allows you to keep your BC/DR plan up to date on compliance and government regulations.

By having software that can track the completion of your plan, you are better able to see your progress towards being compliant. Also, because of the control given to the user to update and revise continuity goals, you'll be able to easily incorporate new regulations as they arise.

How Does a Continuous BIA Accommodate Growth and Expansion?


Profit and customer growth are universal business goals driven by passion and ambition. Because of this, businesses are constantly evolving to the trends of their consumers' markets to expand their reach into new territories.

These expansions could mean new software applications, upgraded tools and equipment or even an increase in employees. To keep up with the movement of your business and maintain a well-developed and up-to-date BC/DR plan, having the capability to continually update your business's BIA is crucial.

Business continuity manager software that includes an adaptable and accessible BIA can provide the most effective impact on preparation and implementation of you BC/DR plan. We recommend, at a minimum, updating your BIA once a year.

When was the last time you updated your BIA? What did it reveal to you? Comment below to share your experience with business continuity manager software, and how it has benefited you.

Fire Hydrants and BC/DR Plans: How Testing Can Help Put Out Potential Fires

Red Fire Hydrant
The importance of testing your business continuity and disaster recovery (BC/DR) plan has never been a dry subject for us at Rentsys. With 2015's record-breaking fire season coming to a close, we wanted to learn a little bit more about the value fire departments find in testing their hydrants, as well as how we can learn from their examples. Steve O'Neal, a Rentsys account executive, recently spoke with a local safety officer and found several similarities between testing fire hydrants and testing BC/DR plans.

Compliance


The National Fire Protection Association (NFPA) sets a standard for the minimum water flow that hydrants must meet. Testing hydrants ahead of time not only ensures the codes are satisfied but also maintains quality. If hydrants aren't regularly maintained, they can rust, causing parts to snap off.

If your business is subject to industry regulations like fire hydrants are, it's important to test your BC/DR plan regularly to ensure you're meeting the compliance requirements. Otherwise, you expose yourself to potential regulatory violations, such as excessive downtime or rusty procedures, endangering you to security breaches.

Maintenance


Hydrants are a part of a huge underground network that provides water access to an entire community. Sometimes valves have to be temporarily closed to allow for maintenance, but due to the complexities of this network, water flow can be reduced without ever being fully cut off from users. Unfortunately, sometimes after the work is completed, these closed valves are forgotten and not reopened. While this omission doesn't affect the community on a day-to-day basis, the reduced water flow wouldn't be sufficient to put out a fire when needed for an emergency.

Similar to hydrants, your BC/DR plan needs to be updated and maintained to coincide with the progress of your company. Facilitating your business growth requires you to revise, modernize and develop your current and future products and services, as well as the tools you use to deliver them. However, if you don't consistently update and test your BC/DR plan to ensure that it keeps up with the innovation of your business, your plan won't offer the full flow of information you need to calm the fire, so to speak, when it comes.

Avoiding Neglect


One of the dangerous consequences of not regularly testing hydrants is that they become hidden, either by overgrown plants or by decorations placed by residents who find the sight of hydrants unpleasant. Unfortunately, when a crisis occurs, these obstructions can make it almost impossible for firefighters to find hydrants and carry out their jobs.

Just as residents don't want to look at fire hydrants, many companies don't like to dwell on BC/DR planning because it's not always pleasant to think about. Instead they focus on revenue, shareholders or customer growth. A common issue that we've seen over the years is businesses that have a plan but don't make it a priority to regularly test. This leaves the BC/DR plan to get buried under more gratifying things such as profits.

We recommend taking the time to fully test your BC/DR plan at least once a year to help you work out any kinks before a disaster actually strikes. How often do you test your BC/DR plan?

For more tips on how to test you BC/DR plan, check out our post "Business Continuity Awareness Week: Testing Business Continuity Plans."

Integrating Disaster Recovery and Crisis Communications

When your business experiences a major interruption, a disaster recovery (DR) plan is essential to keeping systems up and running and restoring business-critical data if necessary. 

It’s also important to keep your customers and stakeholders in the loop about what’s going on within the walls of your organization and how that affects them — especially for an isolated crisis such as a data breach. That’s where a crisis communications strategy comes in. (We talked more about creating a crisis communications plan in a recent webinar with DRJ. You can watch it here.)

The Problem of Isolated DR and Crisis Communications Plans

The challenge is that both plans aren’t always handled by one department. The IT department takes control of DR, and the PR department or another business unit typically manages the crisis communications strategy. Ideally, these strategies should be developed as part of an overarching business continuity (BC) program, but for businesses without a documented BC strategy or poorly governed BC programs, the DR and crisis communications plans can develop independently of each other. In a crisis scenario, this could result in a disjointed response strategy, which can make the business seem flighty and untrustworthy.

If your organization struggles to integrate DR and crisis communications, you may be wondering how you can break down the silos between the departments who handle each of these plans. Below are our recommendations.

Remember the Common Goal

First and foremost, it’s important to remember that both the DR plan and the crisis communications plan should have a common goal: to protect — or even enhance — your reputation throughout a crisis. To accomplish that goal, there needs to be a collaborative initiative involving both personnel and technology.

Identify Specific Objectives

For the DR and crisis communications plans to work effectively together, it’s critical to first identify the desired outcome. For instance, what are your recovery time objectives and recovery point objectives? Are there any compliance requirements you have to meet? Do you have any service level agreements tied to business deals? What are your corporate goals? When deciding what objectives you need to meet, be sure to avoid general answers and agree on specific, measurable criteria.

Implement the Right Tools

Both plans will continually evolve as the business’s objectives, strategies and technology change. That’s why it’s crucial to document current versions of finalized plans, as well as any crisis communications information (media contacts, drafts of press statements, executive and corporate bios, etc.). In addition, each team member should be aware of their unique responsibilities as well as what other teams are working on at that moment. A cloud-based business continuity planning software solution is a good way to organize this information in a central location.

Because time is of the essence during a crisis, also consider implementing a mass notification tool to communicate quickly with key team members. Some tools integrate with BC planning software platforms, which can further streamline plan implementation. Once the crisis communications team defines what it wants to accomplish, the IT group can suggest technical options that help support that strategy.

Despite the challenges, integrating the DR and crisis communications strategies is indeed possible — and necessary. What barriers have you encountered when trying to integrate DR and crisis communications? How are you working to overcome them? Let us know in the comments!

[Webinar Recap] Crisis Communications: The Modern Do’s and Don’ts


Crisis Communications: The Modern Do's and Don'ts Presentation Slide
In today’s world, disasters such as cyber attacks and data breaches are becoming routine. At the same time, social media is transferring the role of reporter to its users, who are able to broadcast their version of the news as it unfolds — accurate or not. So how do you protect your business from a crisis?

Jeffrey Bell, partner for Gallatin Public Affairs, and Brandon Tanner, senior manager for Rentsys, addressed this topic in the recent Disaster Recovery Journal webinar “Crisis Communications: The Modern Do’s and Don’ts.”

As Jeff explained in the presentation, having the proper communications plan and tools in place gives you more control over the outcome of a crisis. In fact, the goal of an effective crisis communications plan is to enhance your company’s reputation.

To find out how to prepare your organization for a crisis, check out the recording of the webinar here.

[INFOGRAPHIC] Cost of Security

Did you know that in 2010, financial institutions continued to climb as the number one target for phishing attempts, representing 50 percent of the targeted industries? Further, the average cost of a cyber attack was nearly $416,000 to participating organizations.

Check out this infographic from Pragmatix to gain insight into the dangers of not being prepared for a security breach.

Cost of Security Inforgraphic


Cybersecurity is a growing concern. To learn about the FFIEC's new tool to help you assess your risk, check out our post FFIEC Update: Cybersecurity Assessment Tool.