Even at the best of times, operational resilience is vital for your business to adapt and grow securely. But a clear operational resilience strategy and robust systems and processes have become all the more important now during this time of crisis.
Naturally, your first port of call will be to ensure that your people are safe and healthy, and that you have enough staff to allow your business to continue to function. So, one of the key things to consider in times of crisis is your business continuity plan (BCP). After all, a top priority for you and the FCA is that you can continue serving your customers and running your business. With your plan now in action, it’s likely that you’ve seen some significant changes to the way you do business.
Most of our clients have now moved to remote working wherever possible. In order to stay proactive and responsive to any emerging issues, there’s some key questions you should consider:
Key business activities
What are the essential parts of your business you need to keep running to service customers? You should reassess and prioritise your key business activities and operations together with the key individuals necessary to keep those operations running. We’d advise documenting your decisions and keeping stakeholders up-to-date.
Have you reviewed your current IT security and data protection arrangements? While continuing to service your customers is a priority, this shouldn’t be at the expense of data confidentiality.
How resilient are your systems to fraud and hacking? Have you stress tested them? You may feel this is not your first priority, but with cybercrime mushrooming in the pandemic, weak systems will be a key target. Your staff may be more susceptible to ‘phishing’ emails at this time, as well as other security issues related to the increase in home working.
The fall out to your business could be considerable if criminals gain access your systems, so it’s worth doing some additional training and communications to staff. Help them to become aware of how they could be targeted and how they can take all reasonable steps to protect the business and its customers from cybercrime. Remember, your in-house security arrangements could be impacted by IT staff absences too, so it’s particularly important to bolster capacity and capability here in order to maintain the security of your business systems.
Third party service providers
The challenges you are navigating as a business are also impacting your service providers. While your systems and processes might be robust enough, will theirs crack under the pressure? It can be difficult to assess the effectiveness of their operational resilience arrangements, which may be particularly acute where you are dealing with a small business. Step up your assurance and oversight and reiterate your expectations to make sure they don’t stand in your way of meeting regulatory requirements in all areas.
In a world where we’re all forced online to communicate and access our essential services, the pressure put on systems is greater than ever. Pair this with increased interest from cyber criminals and the weaknesses in your systems are more vulnerable than ever. Agile and prepared firms will be best placed to deal with the current crisis and come out of the other end unscathed.
We’d recommend you focus your resources where they are needed most – serving your customers, effectively monitoring and strengthening your cyber resilience. If you’re struggling to find appropriate resource internally, we can provide resource or take on other operations to free up staff time for better use.