Need Business Continuity Buy-in? Present It As a Tool for Business Growth

Would you agree that in your organization, management views business continuity planning as a necessary hassle, much like filing taxes? It’s not going to build the business, but you need to do it. That’s one of the reasons business continuity owners constantly struggle to get management buy-in.

The key to getting management’s enthusiastic support for business continuity is to challenge a certain entrenched belief they have about business continuity. It’s mentioned in the previous paragraph, but you might have skimmed over it because it’s usually accepted as fact: Business continuity isn’t going to build the business.

In fact, your business continuity strategy can be used as a tool to build your company’s reputation and visibility in the marketplace. Most people won’t believe this statement at first, so share with them these insights about the connection between business continuity, disaster response and reputation.

Your Response to Disasters Affects Your Reputation

As you know, reputation is a key element of an organization’s success. According to the Reputation Institute, reputation is an emotional bond that ensures:

  • Customers buy your services
  • Policymakers and regulators give you a license to operate
  • The financial community invests in you
  • The media reports favorably on your company
  • Employees align with your corporate strategy

In conversations we’ve had with the Reputation Institute, they’ve revealed that there’s a big gap between what institutions say and what they do. Social media is bringing this gap to light. With the tendency for misinformation and adverse attention to spread rapidly on social media, consumers’ perception of an organization can change in an instant. That’s one of the reasons the Business Continuity Institute’s Horizon Scan 2017 ranked social media second in the top 10 trending issues affecting business continuity.

On the other hand, if your actions support your mission during a crisis situation, people will commend you for it. For example, after Hurricane Harvey devastated Houston, TX, local business owner Jim "Mattress Mack" McIngvale’s response went viral. While most other businesses in the area were closed, he opened up two of his mattress stores to flood victims, demonstrating the values he proclaims on his business website: God, country, family and hard work.

Business operating as a shelter in the middle of flooding

Talk is cheap — listing your values and mission on your website isn’t enough. Your stakeholders expect you to follow through.

Gaining the Benefit of the Doubt Requires a Good Reputation

54 percent of stakeholders would give reputable companies the benefit of the doubt in a crisis.
While a positive response to a disaster will positively impact your reputation, it’s important to create opportunities for reputation building prior to an event. According to Reputation Institute data, as many as 41 to 60 percent of consumers are crucial fence-sitters who can swing to a positive or negative perception of a company because they don’t have a clear understanding of what that company is doing to impact the environment and society. This reputation currency will be critical if a disaster ever impacts your business, as 54 percent of stakeholders would give reputable companies the benefit of the doubt in a crisis.

Prior to experiencing a business interruption, you need to demonstrate your involvement in the community to allow for maximum marketing exposure and help you build trust with your stakeholders. What if you could leverage your business continuity resources to meet that goal?

Here’s a practical example: In 2016, FEMA declared 103 disasters. That's 103 opportunities to make an impact. Imagine deploying a mobile workspace with your company’s branding to the affected area. You could offer needed support, whether it’s providing a free service or distributing food, water and other essential items to members of the community. Even routine business continuity tests can be opportunities for reputation building if you involve the community in crisis response exercises.

When business continuity becomes a way to build the business rather than just another box to check off, management will find a way to get the resources you need to enhance your business continuity program. In fact, we’ve even seen businesses tap into budgets from other departments to make it work.

By demonstrating that you can deliver on your mission in good times and bad, you'll strengthen relationships with your stakeholders and even increase your market share.

Banks: What If You Made These Common Cybersecurity Mistakes With Cash?

“Data is the new currency” is one of the new slogans of the digital transformation. Modern consumers recognize the value of their data, and 67 percent are willing to share more data with banks in exchange for new benefits. Surprisingly, banks don’t always afford sensitive data the same protections they do for physical currency. While PwC’s 2017 Risk in Review report reveals that the financial services industry has strong cyber risk maturity overall, there are a few common mistakes that could be leaving your institution vulnerable. To give you an idea of the gravity of these errors, think of your cybersecurity practices in terms of cash management and physical security.

Transmitting Unencrypted Data Is Like Sending Unsecured Bulk Cash Shipments

Easily Hackable Encryption Methods
Would you ever transfer a bulk cash shipment to a major customer without using their armored carrier service? Not a chance. You know that that decision would not only be a liability for your institution, but it would also put your customer’s assets at risk and breach their trust.

Unfortunately, banks don’t always provide the necessary protection for sensitive data that customers expect. Data must be securely encrypted in transit and at rest, but 30 percent of FIs say they struggle to protect personally identifiable customer information. Many banks use easily hackable encryption methods such as Blowfish, 3DES, SHA1 and MD5. Instead, use an advanced encryption algorithm such as AES.

Giving Unvetted Vendors Access to Data Is Like Handing Cash Over to an Unverified Armored Carrier

Going back to the bulk cash shipment scenario, imagine handing over currency to an armored carrier guard without first verifying their identity. This is an egregious security violation, wouldn’t you agree? Yet when it comes to sensitive data, many banks fail to vet third-party vendors they allow to access the sensitive data in their care. In fact, 41 percent of financial services respondents ranked assessment of security protocols and standards of third-party vendors as the top challenge to information security efforts.

The FFIEC’s guidelines for outsourcing technology services recommend a “comprehensive outsourcing risk management process to govern technology service provider (TSP) relationships.” Make sure you work with vendors whose operations are regularly examined by a third party. This ensures the vendor’s risk management and information protection practices adequately address data confidentiality and regulatory compliance.

Disregarding Network Alerts Is Like Ignoring Your Vault Alarm

What if you only investigated burglar alarms 56 percent of the time?
Would you be appalled if your vault alarm went off and your staff members ignored it? In a way, that’s what is happening with cybersecurity alerts. Institutions are only able to investigate 56 percent of security alerts they receive on a given day. Of those, only 46 percent of legitimate alerts are remediated. Granted, security operations managers see more than 5,000 security alerts per day — exponentially more than you’ll ever receive from your burglar alarm. However, the lack of resources for monitoring alerts is concerning.

With there being a security talent shortage, outsourcing can help your institution meet its overall strategic plan and corporate objectives. The FFIEC has specific guidelines for using a managed security service provider (MSSP). You might also consider using a fully managed cloud vaulting solution to move critical data off-site to protect yourself against ransomware.

Assuming Employees Know Cybersecurity Best Practices Is Like Expecting Them to Know Your Physical Security Policies Without Training

When hiring a new employee, what if you assumed they knew the proper cash handling guidelines, how to handle a holdup situation or how to respond to an active shooter event? That’s a disaster waiting to happen. Chances are, you invest countless hours on training employees in these areas. Even if someone has experience in the financial services industry, it’s imperative to make sure they understand your institution’s specific policies and procedures.

Three Cybersecurity Scenarios You Need to ExerciseUnfortunately, training is one of the top five cybersecurity challenges in banking. In fact, less than half of financial services organizations polled even have a formal information security policy. To reduce the risk of cybersecurity threats, it’s critical to create a security culture. The FFIEC recommends annual security training to reinforce guidelines for endpoint security, login requirements and password administration. The training should include the following three increasingly common scenarios:

• Phishing and social engineering
• Data theft through email or removable media
• Unintentional posting of confidential or proprietary information on social media

Improving your cybersecurity practices is not only the right thing to do, but the FFIEC, Gramm-Leach-Bliley Act and other regulatory agencies and regulations require it. If you’re unsure where to start, the FFIEC Cybersecurity Assessment Tool is a helpful resource for assessing your bank’s cybersecurity maturity.

[Webinar] Outsourcing Cloud Data Services

Is Outsourcing Cloud Data Services Right for You?

The IT landscape is being transformed by increasing regulatory burdens, consumer expectations of data security and reliance on data availability for service delivery. In our recent webinar with the Disaster Recovery Journal, Brandon Tanner, Rentsys senior manager, discussed how IT challenges are affecting highly regulated organizations.

With these challenges, is outsourcing cloud data services a good move for regulated businesses? For some, it is. In the webinar, Paul Arguinchona, CIO for Frontier Behavioral Health (FBH), a nonprofit provider of behavioral health services, explains how his organization has leveraged outsourced cloud data services to fulfill FBH’s mission and values.

To see what Brandon and Paul had to say, view the webinar on demand.

[INFOGRAPHIC] Is Your Data Secure?

In 2016, 77 percent of all breaches were caused by insiders. As more employees use their own devices for handling sensitive data, that risk will only go up. To see how bring your own device (BYOD) is contributing to data security risks, check out this infographic by Commvault (download the full version here):

"Is Your Data Secure?" Infographic

To learn more about creating a secure BYOD policy, read this post.

What You Can Do to Help Wildfire Victims

Map showing large fires in Washington, Oregon and California
ArcGIS Northwest Large Fire Interactive Map (Current As of 9.18.17)
While Texas and Florida have been dealing with catastrophic flooding from Hurricane Harvey and Hurricane Irma, the West Coast has been dealing with the worst wildfire seasons in the U.S. So far, over 8 million acres have been burned, with 2 million currently in flames. In some areas, including Portland, OR, public health authorities are recommending that people stay inside because the air quality is so poor.

To see how you can help some of the affected states, visit the links below :

Do you know of more ways to help? Let us know in the comments. 

Why FIs Need Resilient Call Centers in a Self-Service World

Call center employee with money
In a survey, 71 percent of consumers said they would use entirely computer-generated support for financial services. With the majority of consumers preferring self-service options, should your financial institution (FI) still prioritize traditional service delivery methods, including calls, in your business continuity program? In short, the answer is yes.

Here are two reasons you should.

Customers Prefer Phone Calls for Certain Situations

Self-service solutions work for everyday transactions, but customers still pick up the phone when they’re in the research phase of a major financial decision. For example, 65 percent of people are more likely to take out a loan from an institution they had spoken on the phone with. That number jumps to 73 percent for loans of $100,000 or more. In other cases, customers prefer to pick up the phone to get a quick answer without having to fill out a web form or to discuss a complex situation.

Paying attention to the wants and needs of consumers is crucial as customer loyalty drops. If your call center experiences an extended outage and you’re not available by phone when a customer needs you, they won’t hesitate to do business with a different organization.

There Are Compliance Requirements for Call Center Availability

In many cases, the accessibility of phone service is tied to compliance. The FFIEC, for example, requires FIs to perform vulnerability assessments for critical support areas and interdependencies such as telecommunications. It also stipulates that the backup site should mirror operational functionality, including call centers. To ensure the business continuity plan works in practice and not just on paper, the FFIEC recommends stress testing critical functions that might experience increased customer volume during a crisis. These functions include online banking, phone-based banking, ATMs and, of course, call centers.

If phone calls precede large transactions, that’s all the more reason to ensure you have agents ready to assist customers.  

To learn more about why call center resilience is important, join us in Phoenix, AZ at the DRJ Fall World Conference for Solutions Track 7 on Sunday, September 17. 

A Quick List of Hurricane Irma Resources

In August, Texas was faced with the wrath of Hurricane Harvey, and now Florida is feeling the sting of Hurricane Irma. Already we’ve seen the community rally together to help those impacted by Harvey. We’re optimistic that we’ll see a similar response to Irma.

Google Crisis Response map of Florida
Google Crisis Response Map
 Whether you’ve been affected by Irma or looking for ways to help, here are some useful resources:

  • Airbnb — Locate a place to stay or open your home up to someone in need.
  • Federal Trade Commission — Get tips for avoiding scams when donating to relief efforts.
  • FEMA — Find a list of surrounding shelters that haven’t reached capacity by downloading the FEMA app or texting SHELTER + your ZIP code to 43362 (4FEMA). Avoid falling victim to misinformation and scams by visiting the Rumor Control page.
  • Google Crisis Response — Locate shelters, gas stations, evacuation routes and traffic patterns.
  • LifeSouth or American Red Cross — Find a blood drive near you.
  • Waze — Check for closed roads and accidents.
To get a peek at how communities and businesses are working toward recovery in the wake of Harvey and Irma, check out our ongoing storm coverage.  

[INFOGRAPHIC] From the Board Room to the Break Room

Every business has different priorities and challenges, but one thing all businesses have in common is the need for cybersecurity. While people tend to point the finger at hackers for security breaches, human error is one of the top causes. Unfortunately, there’s often a breakdown in communication between top-level executives and end users when it comes to basic security hygiene, which increases an organization's chance of a cyber attack. This infographic by Delta Risk offers practical tips for creating a culture of security within your business.

"From the Board Room to the Break Room" Infographic

For more information on how prioritizing cybersecurity helps your business, read our post “How Can Cybersecurity Help Grow Your Business?

In the News: Helping Flooded Businesses Get Back on Their Feet

Video still of Steve O'Neal speaking to Kathleen Witte
Steve O'Neal, Rentsys account executive, speaks to KBTX's Kathleen Witte.

In the aftermath of Hurricane Harvey and its catastrophic flooding, countless businesses are striving to get back on their feet. Business owners need to get back to serving their communities and customers. Employees need their next paychecks so they can start their families’ personal recoveries. Everyone affected by the storm just wants to get back to normal as soon as possible. Our goal is to help businesses do just that.

KBTX, a news outlet in College Station, TX, stopped by our headquarters yesterday to get a behind-the-scenes look at our Hurricane Harvey response efforts. To watch the video, visit KBTX's website.

Hurricane Harvey: How to Get Help or Get Involved

Over the weekend, Hurricane Harvey made landfall in Texas as a Category 4 hurricane, making it one of the worst disasters in Texas history. As Harvey lingers, the threat is still present. FEMA is predicting 30,000 people will be driven to shelters.

#HarveyRELIEF Map
#HarveyRELIEF Map

Whether you and your family have been affected by Harvey and need assistance or you're looking for ways to get involved in relief efforts, here are some helpful resources:

Our thoughts and prayers are with those affected by Harvey. If you know of additional opportunities to help, please let us know in the comments. 

Popular Posts