Time to Update Your Business Continuity Plan for the New Threat Landscape


If your business continuity and disaster recovery plans look the same as they did pre-pandemic, it’s time for a serious review. Matthew Hodson, CIO of Valeo Networks, discusses how the changing threat landscape calls for new considerations and priorities.

Imagine I had told you in 2019 that you could expect the following within a year:

  • About 1 in 4 US companies would anticipate they’d have to shut down permanently, and more than 40% of small and midsize businesses in the US would temporarily cease operations during the first quarter of 2020.
  • Tens of millions of American workers were going to resign from their jobs.
  • You were going to have to completely overhaul your IT and communications infrastructure to allow most, if not all, of your employees to work from home.

Outlandish predictions, right? Just months before all of those things happened, each one of them would have sounded like the rantings of a crazy person.

You don’t need me to tell you the world is changing rapidly or that these sweeping changes are affecting how you need to manage your technology environment.

But if your organization is like many that my company speaks with every day, you might benefit from a gentle reminder that it’s time to review your plans for disaster recovery and business continuity. Unless you’ve reexamined, updated, and tested those plans recently, I’m guessing they’re due for an update.

I can’t tell you specifically where your business continuity strategy might be vulnerable to today’s evolving challenges or what measures to take to address them. So instead, I’ll summarize a few of the biggest post-pandemic threats facing most businesses and offer a suggestion or two on how you can update your business continuity plan to patch those vulnerabilities.

See More: Mitigating the Impact of Ransomware Attacks With Business Continuity Planning

Post-Pandemic Threats to Your Business Continuity

The following threats affect your business continuity. Let’s look at how you can adapt your continuity strategy to tackle these threats.

1. Loss of key employees

More than 47 million workers quit in 2021Opens a new window . And a 2022 study reported by the World Economic Forum found that nearly 50% are currently thinking about changing jobs. 

Statistically speaking, you’re one unlucky coin toss away from losing pivotal employees in any area of your company. What would that mean to your business? Are your operations vulnerable to a sudden loss of key people?

Let’s say one of your vice presidents quits, and that person is responsible for managing the admin portals of the department’s business applications. Can someone else step in quickly and assume those duties to keep operations running smoothly? If not, how much downtime will affect employees and business processes face as you bring someone else on that team up to speed? And how much damage could that cause your company?

How to update your business continuity plan:

Your primary focus here should be training. With the national workforce in greater flux than we’ve seen in decades, you’ll want to build redundancy into key responsibilities across the organization.

That means encouraging all department heads to train members of their teams on the management and key tasks associated with keeping the department operating smoothly. This might include administering productivity apps, for example, and the processes required to integrate new hires into the company’s technology environment.

2. More data outside the firewall

Millions of companies around the world are operating with remote workforces. More employees than ever are accessing and sharing proprietary, regulated, or otherwise business-critical data outside the company firewall.

This is one reason cyberattacks have spiked several hundred percent since the pre-pandemic days. Hackers know that more valuable corporate data than ever is traversing the web and other communication systems without the benefit of enterprise-level security or the close scrutiny of a corporate IT team.

How to update your business continuity plan:

Here again, your top priority in updating your business continuity plan should be employee training. A 2022 Verizon report found that human error remains the leading cause of data breachesOpens a new window . 

That means it’s worth going back to the basics and educating your staff, for example, on the risks of opening emails, attachments, and links from senders they don’t know. 

A couple of other suggestions:

  • Add redundancy and resilience to your data backup and disaster recovery environment: If you’re still maintaining your backup systems on-prem, now is a good time to start researching cloud backup and DR. The right solutions will offer geographic redundancy and keep your mission-critical data on a separate network to prevent a ransomware attacker who breaches your corporate network from being able to hold your backups hostage as well.

And no, in case you’re wondering: Microsoft 365 is not a backup solution, something they state plainly and repeatedly on the Microsoft Services Agreement pageOpens a new window : 

“Microsoft is not liable for any disruption or loss you may suffer…. In the event of an outage, you may not be able to retrieve Your Content or Data that you’ve stored. We recommend that you regularly backup Your Content and Data.”

  1. Implement mobile device management and endpoint protection: Because accessing and sharing corporate data on mobile devices is now the norm for many employees, it’s more important than ever to ensure your IT team has some oversight and control over those devices. Here you’ll want to implement both mobile device management best practices (such as governance rules disallowing business data on personal devices ) and tools. The right technology solutions for mobile device management and endpoint protection, for example, will have such features as the ability to remotely wipe content in case an employee loses a device containing corporate data.
  2. Another pandemic-level event: None of us wants to think about this. But we’ve seen it play out once. And even if your company has adjusted to the new normal, you don’t want to become complacent and unprepared for another sudden jolt to your business operations.

What would happen if another viral outbreak, or some other calamitous event, forced businesses to close their physical locations suddenly and send everyone home again? Are your employees—even the ones who’ve been fully back at the office for a while—equipped to transition quickly and seamlessly to communicating, securely sharing files, and otherwise performing their work duties offsite?

Also worth thinking through: Will your IT team be able to administer your entire tech stack remotely, assuming you’re not allowed back in the building either?

Asking the Right Questions

For this business continuity plan update, I suggest gathering your IT colleagues and gaming out a new shelter-in-place scenario. Ask yourselves:

  • Will we need to buy more licenses for services such as softphone capability, video conferencing platforms, cloud-based contact center seats for customer service reps, and enterprise chat or file-sharing apps?
  • What physical equipment will we need to buy for employees transitioning to remote work for the first time? (Company-issued laptops, ethernet cables for the home, VoIP-enabled desk phones, etc.)
  • What, if any, redundancies have we built into our mission-critical cloud infrastructure—for example, a second team-chat solution or video conferencing platform, in case one experiences an outage?

Finally, I’d suggest stress-testing your IT environment against hypothetical attacks that could happen soon after you’ve transitioned to a remote workforce in the event of another pandemic. That’s when you’re likely to be most vulnerable—and hackers will take advantage of it.

Ideally, you’ll want to engage a third-party expert for this initiative rather than testing your defenses internally. Why? Much like proofreading your own work, you could overlook something that you simply assume is there but isn’t. You’re much more likely to surface an issue if you allow someone else to investigate your network and systems without prior knowledge of how things are supposed to be working. They might uncover an important risk that you’d miss.

How are you updating your business continuity plan? Share with us on FacebookOpens a new window , TwitterOpens a new window , and LinkedInOpens a new window .


Image source: Shutterstock