Tuesday, February 10, 2009

ERM-BC-COOP: More than meets the eye

I received the following from the BSI on Tuesday, 10 February.


Technology 'could save companies from snow disruption'

04 February 2009

Adopting the right technology could have prevented companies from experiencing disruption during the recent cold and snowy weather, an expert has claimed.

According to BeCrypt, using communications technology would have prepared many firms better for poor weather conditions by enabling staff to work "safely and productively" from home.

BeCrypt chief executive Bernard Parsons said that the recent snowfalls had highlighted the business continuity issues faced by small firms in Britain, which could be solved through the use of secure mobile working technology.

The data security and encryption company boss stated that firms could avoid loss of productivity by preparing better for poor weather and implementing innovative technology that protects company resources from data loss of malicious software.

Mr Parsons suggested that issuing workers with a simple low-cost USB device can provide them with secure access to corporate networks from unmanaged PCs, allowing them to use applications, email, files and documents safely.

The Federation of Small Businesses estimated this week that up to one in five workers in Britain opted to stay at home on Monday after several inches of snow fell, costing the country an estimated £1.2 billion.

Industry news brought to you by BSI British Standards, the national standards body that developed the first sustainable development standard, BS 8900.


I am not going to suggest that had the Brits had a mobile mentality and regularly worked off site, THEN many units of loal currency could have been saved.

BUT - and it's a BIG "but" - given the mentality AND the probabability of a "snow day" or several, would it be worth it for the average organization (or organisation) to invest in the tools necessary to allow secure off-site computing?

As it happens, I regularly work from a site other than the office. My house. Outside the local coffee shop with wi-fi, the local flying field, and other spots "to be defined."

Both my personal computer and the company computer are new enough to have come equipped with wireless Internet capabilities.

The company computer includes special secure communications software.

I have a network ID.

I have a frequently changed network password.

I also have a hardware device that provides me with a code that changes every minute or so.

I can log on to SOME system resources using my own computer, the network ID and password, and the hardware device.

But I can't log on to ALL the system resources available to me at the office unless I am using the company machine (with the network ID, password, and hardware device).

My point: in order to have access from (almost) anywhere, the company has to spend some bucks.

Bucks for the software.

Bucks for hardware device rental.

Part of any business continuity equation is to RATE THE RISK.

This is a very complicated process.

What is the PROBABILITY of the risk occuring. (That's a statement, not - now - a question.) Scale of Low-Medium-High, 1-to-5, 1-to-10; you pick the granularity.

Snow storm in London shutting down the financial district: Probability = Low (so I'm told).

What is the IMPACT of the risk occuring. Use the same scale as used above.

We've seen that the impact is pretty high.

Now comes The Management Decision.

Is it worth the cost of mitigating the threat of lost time by spending the money to outfit all/some/a few people with remote computing capabilities?

That decision is going to vary by organization and Service Level Agreements for critical processes (and the threat of legal action).

If staff regularly worked at alternate sites spending the money for the software and hardware to permit secure connections might be a given. But if not . . .

As for the £1.2 billion* loss, I'd like to know what it included.

If I got the right amount of zeros - I'm lucky to have change for the toll booths - then the Brit's £1.2 billion equates to US$1,751,203,996.33 or €1,350,484,118.94, or NIS7,083,781,267.24

While that's a hard hit on the COUNTRY's economy, the cost is much less to the individual business. Also consider the expenses the business may have been spared. Finally, did the organizations have business interruption (or any) insurance?

Business continuity is NOT rocket science, but it does take some thought and understanding of its purpose. Buying the necessary hardware and software to mitigate a rare risk may have put some of those impacted businesses out of business. And that's not business "continuity."

John Glenn, MBCI, SRP
Enterprise Risk Management/Business Continuity
Planner @ JohnGlennMBCI.com

No comments: