Business continuity is a key concern for many organizations. Without a comprehensive plan, businesses run the risk of experiencing extended operational downtime, financial problems, and loss of clients or credibility. However, before you start building a business continuity plan (BCP), you must first be aware of the kind of risks that your company is up against.
While huge efforts are being made around the world to manage the threat of COVID-19, it isn’t the only business continuity risk on the horizon. Organizations must also be prepared to tackle various human-made and natural disasters, as well as IT-related risks that can wreak havoc on your operations and business plans.
In this article, we’ve identified five business continuity risks that should have a place in your BCP and ways to address them. While continuity risks vary by organization and industry, these have emerged as common trends for enterprises within the Asia-Pacific (APAC) region in recent times.
1) Cyber attacks
Cybersecurity concerns are more pressing in APAC than in any other part of the world. According to Microsoft’s Security Endpoint Threat Report 2019, the APAC region continued to experience a higher-than-average rate for malware and ransomware attacks – 1.6 and 1.7 times higher respectively than the rest of the world.
This was despite a 23% and 29% drop across these two threat vectors when compared to its 2018 findings. The research showed that developing countries such as Indonesia, Sri Lanka, India and Vietnam were most vulnerable to malware and ransomware threats in 2019.
Meanwhile, two of the region’s developed markets and business hubs, Singapore and Hong Kong, recorded the highest volume of drive-by download attacks in 2019, more than three times the regional and global average. Drive-by attacks involve downloading malicious code onto the victim’s computer when they visit a website or fill out a form. The malicious code is then used by an attacker to steal passwords or financial information.
“We usually see cybercriminals launch such attacks to steal financial information or intellectual property,” says Mary Jo Schrade, Assistant General Counsel, Microsoft Digital Crimes Unit, Microsoft Asia. “This is a likely reason why regional financial hubs recorded the highest volume of such threats. The high attack volume in these markets may not necessarily translate into a high infection rate, perhaps due to their good cyber hygiene practices and use of genuine software,”
Strong cybersecurity tools to safeguard employees and infrastructure are crucial to fending off these attacks. Microsoft recommends looking into multi-layered defense systems and turning on multi-factor authentication (MFA) as employees work from home. In addition, it recommends enabling endpoint protection against shadow IT and unsanctioned app usage.
Another important consideration is to ensure that guidelines are communicated clearly to employees. According to Microsoft, this includes information on how to identify phishing attempts, distinguishing between official communications and suspicious messages that violate company policy, and where these can be reported internally. Lastly, choose a trusted application for audio/video calling such as Microsoft Teams and file sharing that ensures end-to-end encryption.
2) Data breaches
Southeast Asia (SEA) has one of the highest prevalence for data breaches incidents globally. Last year, the region saw a number of headline-grabbing data leakage incidents that involved multinational organizations, mobile networks, insurance firms and even governments.
And they weren’t just rampant, they were also incredibly expensive. According to the 2019 findings of a yearly IT security economics report by global security firm Kaspersky, IT business decision-makers from the region lost US$1.10 million on average from data breaches – just slightly less than the global average cost of US$1.4 million for enterprise companies.
It’s not just the monetary aftermath of these data breaches that corporate victims have to bear. Losing new or existing business is also a notable cost point for businesses who suffer an incident. Within the SEA region, the majority of businesses that experience a data breach (53%) also paid compensation to clients or customers, encountered problems with attracting new customers (51%), were subjected to penalties or fines (41%), and lost some business partners (30%).
“The best way to recover after a breach is to reassess your IT security environment and to identify the exploited loopholes. Know the tools and technologies that you have, and then improve upon them” says Yeo Siang Tiong, General Manager for Southeast Asia, Kaspersky in an interview with CybersecAsia.
“If your business is still on its baby steps, endpoint solutions should be your first layer of technical defense. The thing about malware is that – they need an open door to enter your network. Cybercriminals are intelligent enough to research on your weak points, so be sure that your systems’ doors are intelligently guarded,” he adds.
Yeo also points out that many corporate victims in the region lacked cybersecurity knowledge and technical expertise. This was compounded with a low level of security awareness within the workforce.
To combat this, Kaspersky recommends investing in employee education. As findings from its 2019 IT security economics report showed – continual investment in people and internal expertise is becoming key for businesses to minimize financial losses and to protect themselves from future incidents.
3) Extreme weather conditions
Different regions around the world have been hit by extreme weather in recent times, and this can bring about severe business risks and implications.
These could include high rates of employee absenteeism, disruption to supply chains (incoming and outgoing), disruption to business travel, and a fall in demand for goods and services. In addition, there could also be human resource, insurance and cashflow implications.
There’s also a possibility that you could experience a loss of access to your physical premises and consequently, your databases. If your data centre is fine, but your employees can’t access the data, documents and collaboration tools required for their work, then the business is still down. And you continue to lose productivity, reputation, customers and opportunities for every moment that it takes to get them back to work.
It is times like these that organizations require a solid (and tested) BCP in place. The plan should include a workforce continuity strategy, which is essential for connecting dispersed employees to the tools and communications they need when faced with extreme weather conditions.
If your staff are safe and have access to computers and the tools that they need for work, then a secure virtual environment or any form of remote application access can allow you to maintain core business operations.
4) Terror attacks
Unexpected events such as terror attacks can have a devastating impact on all aspects of our lives. This includes companies that might find themselves being directly affected, or are situated within the wider emergency response radius. Or those whose premises are seriously curtailed during the investigative process that follows.
Unfortunately, the aftermath of these attacks often make it extremely difficult for companies to resume normalcy within a short period of time. Which makes having a clear communication strategy especially critical amid these sudden and terrifying disruptions.
After an incident, employees want to be reassured that their workplace is safe and the plans put in place will protect them in the future.
Direct communication from senior leaders can help keep the team on track, especially amid an influx of misinformation and uncertainty. Keeping external parties or stakeholders informed of ongoing activity will also be vital in uncertain times.
As part of your BCP plan, it is important to establish who will be responsible for contacting the necessary parties in the event of these attacks – be it your employees, investors, stakeholders or regulators – and how they will maintain these communications throughout. Communication tools like Microsoft Teams and Cisco Webex can enable these connections and meet your communications requirements.
5) Social unrest
A vigorous social movement can impact a business’s ability to carry on its day-to-day operations.
If your premise is located where demonstrations or social unrest are likely to take place, you are at greater risk of being impacted and should prepare accordingly. Vulnerable locations include city centers or areas near a statehouse, city hall or police precinct.
When faced with these scenarios, having a remote working policy as part of your BCP ensures that your business continues to run while keeping your employees safe.
It’s not just about what happens in the office, getting to the workplace could also present numerous challenges for public safety. In playing their part to protect employees, companies will also need to consider ways to reduce their chances of getting (unintentionally) entangled in these activities. This may include avoiding public transport or crowded places.
To ensure efficiency and productivity, organizations must ensure that employees have the tools they need while working on remote terms.
Preparing for ‘double disasters’
As the threat of COVID-19 persists, Henry Ee, managing director at Business Continuity Planning Asia Pte Ltd. recommends preparing a BCP for “double disasters”. These are worst-case scenarios where you get hit by both health and disaster crises at the same time
“For example, if you are simultaneously hit by both the pandemic and an earthquake or a typhoon, it will certainly not be as easy as simply slotting 1,000 people into a bunker when you have considerations like social distancing. In this situation, it’s won’t just be a matter of breaking people into different teams, but also about having different BCPs to tackle different crises, and how your business must go on in the midst of all these events,” Ee explains.
Don’t leave things to chance. Start safeguarding your business continuity today with the right technological stack. To learn more about how cloud communications solutions can help ensure business continuity at your organization, contact us today.