Business Continuity: Protecting Your People Perimeter
Posted November 10, 2022 by Sayers
Among the worries to keep you up at night, one of them likely is how to keep your people and resources safe, your employees productive, and your business operational before, during, and after a disruption or disaster. Proactive organizations are adopting or enhancing a business continuity (BC) plan to lessen that worry. Increasingly, that plan starts with people as the new perimeter to secure.
What Is Business Continuity?
Often used interchangeably with “business resilience,” both terms require being prepared for today’s known disruptions while anticipating tomorrow’s emerging threats.
Business continuity planning takes a holistic approach to ensuring your organization can prepare for disasters, prevent disruptions in business operations, and recover quickly when disruptive events happen.
Beyond technology failures and natural disasters, today’s organizations have to deal with threats such as data breaches, ransomware, and a global pandemic that spurred a sudden shift to remote work.
Bob Livingstone, Director of Cloud Engineering at Sayers, joined a Sayers Q&A panel discussion on business continuity with senior engineers from Sayers and its partners. He says:
“All that goes back to how do we secure the infrastructure from these events and ensure resilience. It’s about how to continue to grow and plan for these unanticipated and unfathomed events.”
What Are The 3 Elements Of Business Continuity Planning?
Beyond having a business continuity plan, documenting it, and testing your organization’s readiness for the unexpected, keep in mind three fundamental aspects of BC planning:
1. Business Continuity Planning Is A Practice, Not A Product.
Instead of a single solution or technology, business continuity requires a comprehensive strategy for response and recovery, using solutions that fit the unique challenges of your organization.
“That’s one of the reasons I enjoy working with organizations like Sayers so much,” says Patrick Benson, Systems Engineer at Veeam Software. “We can talk about all the aspects of an organization and focus not on business continuity as something that’s shrink-wrapped on a shelf that we throw in to do a backup or two, but something that is a living part of the organization – a practice.”
2. Business Continuity Requires Total Alignment Between Your People, Processes, And Technology.
Business continuity planning calls for alignment between all departments, organizational goals and processes, and the technical capabilities of your organization. A good BC program permeates throughout the entire organization to protect revenue, meet regulations, and preserve your brand’s reputation.
“The customer conversation has moved away from just one feature, backups, and recovery,” Benson says, “to a much more organic conversation of, ‘I have all these different departments, they all have different needs, how do I manage this?’”
Your IT department alone can’t solve every business continuity issue. By using a collaborative approach in developing BC plans, organizations are more likely to maintain predefined levels of performance following a disruption.
3. Business Continuity Planning Should Use An Ecosystem Approach
Just as internal departments have to collaborate on BC planning, your organization can’t plan for threats in isolation.
Business continuity planning includes identifying all your third-party dependencies with suppliers, partners, and other stakeholders. By learning about their BC plans, and including key stakeholders in simulation exercises, you can discover and address potential weak points in your organization’s overall BC response.
Why People Are The New Perimeter For Business Continuity
In the post-COVID world of remote and hybrid work, people have become the new security perimeter that’s even more vulnerable to phishing scams, credential theft, and other cyber threats.
“The cyberattacks are increasing in quantity, sophistication, and complexity,” says Livingstone. “With COVID, cybersecurity lost significant visibility right away. Employees were working from home, and we were trying to secure devices that weren’t ours.”
Consider the heightened focus on the people perimeter in context:
COVID Was A Game Changer For Where and How Employees Work
With the arrival and spread of COVID on a global scale, most employees suddenly had to work remotely. Organizations had to expand their Virtual Desktop Infrastructure quickly, and many adopted desktop as a service (DaaS) in the public cloud.
Gartner forecasts the number of users for DaaS will grow by over 150% between 2020 and 2023.
The COVID pandemic showed organizations have to plan not only for known threats but also for unforeseen disruption that’s out of their control. “It’s a constant discussion we’re having with our clients,” says Livingstone. “How do we make sure we’re keeping everybody safe, productive, and connected?”
Employees Are Your First Line of Defense
The sudden shift to remote and hybrid work has made employees prime targets for malicious actors who want to penetrate the network. “They’re coming in with stolen credentials,” Livingstone says. “Once they’re in, they’re getting in privileged identities, and then they go after the backups. Ultimately, whether they encrypt the data or steal it, they’ve got your data.”
82% of breaches involved the human element, including social attacks, errors, and misuse.Source: Verizon 2022 Data Breach Investigations Report
Ransomware has evolved from a single point of contact to multiple-stage attacks. Typically starting with phishing emails, the ransomware attack counts on at least one employee clicking on a URL or opening an attachment that will run the malicious macros to infiltrate the organization.
Protecting Your People Perimeter Is Essential For Your BC Strategy
A good place to start your business continuity plan is with the people who use your tools, systems, and processes, both inside and outside your organization.
To protect users, you need visibility to detect and mitigate threats and identify how and why users are being attacked. This includes identifying the risk to the user, what they’re accessing, what they’re sharing, and what their vulnerabilities are.
One answer can be a Secure Access Service Edge (SASE) type strategy, which is a convergence of multiple networking and security technologies delivered as a scalable service from the cloud. SASE can help secure users and administrators with threat detection and security policies for cloud services, applications, and internet use.
For more on this topic, watch the 44-minute “Expert Panel: How Business Continuity Touches Everything” session from the Sayers #Curio Virtual Tech Summit, now available free on demand.
Questions? Contact us at Sayers today. We offer business continuity workshops and extensive security solutions to cover all areas of your business.