DRJ's Spring 2019

Conference & Exhibit

Attend The #1 BC/DR Event!

Winter Journal

Volume 31, Issue 4

Full Contents Now Available!

DRJ Blogs

DRJ | The premiere resource for business continuity and disaster recovery

Active Shooter Lockdown And Barricade Procedures That Can Save Lives

Active Shooter Lockdown And Barricade Procedures That Can Save Lives

Originally posted on Alertfind's blog.

From the Oct. 1, 2017, outdoor shooting in Las Vegas that killed 53 and injured at least 1,000 to the Parkland, Fla., high school shooting on Feb. 15 that killed 17 and injured dozens more, active shooter events are dominating the news.

As a result, organizations are realizing that they need to create or update their active shooter preparedness plans. A critical part of these plans includes lockdown procedures, including knowing how and where to shelter-in-place. By planning and training for lockdowns, organizations can provide clear guidance on what to do to save lives.

Understand Your Lockdown Procedures

Simply put, lockdowns are used to protect people inside a facility. A full lockdown means that exits and entrances are sealed and that people must stay where they are and may not exit or enter another room, unit or office. Full lockdown procedures typically dictate that if people are in a hallway, they must go into the nearest room, office or unit and take shelter there.

...

Three Steps to Integrating Cybersecurity With Business Continuity

Three Steps to Integrating Cybersecurity With Business Continuity

Originally published on Rentsys Recovery Services' blog.

With cyber threats like ransomware routinely interrupting business operations around the globe, cybersecurity is not just an IT problem — it’s a business risk that needs to be accounted for in the business continuity plan.

But how do you go about doing that? That was the prevailing theme of the Q&A session during a webinar we participated in as part of the Disaster Recovery Journal Webinar Series. Here are some takeaways from the presenters, Eric Thompson, information security officer for Rentsys, and Michael Barrack, managing director at Accume Partners.

Gain Executive Support



The tone from the top drives the success of your business continuity and cybersecurity preparedness. If your organization is going to continually strengthen and insulate itself from all of the likely foreseeable — and sometimes even unforeseeable events — you need to get executive support.

It’s also important for executives to support a culture of collaboration. Business continuity owners, infosecurity officers and business units need to be transparent with each other. Sometimes that means admitting that a process under your control has to be improved. If executives support a culture of transparency, people will be more willing to reveal and troubleshoot problem areas in your organization’s processes. Down the road, this could help the organization mitigate a major vulnerability.

...

What Will You Do If An Active Shooter Targets Your Business? Life-Saving Training Strategies Every Organization Needs

What Will You Do If An Active Shooter Targets Your Business? Life-Saving Training Strategies Every Organization Needs

Originally posted on Alertfind's blog.

Jay Bryant, an active shooter expert and 20-year law enforcement veteran, joins Danielle Ricci, Marketing Team Leader for AlertFind, to discuss the growing epidemic of active shooter incidents. He shares the life-saving strategies business, schools and the general public need to know to protect themselves.

Jay discusses what to do when confronted by an active shooter using the “Avoid, Deny, Defend” strategy. Using anecdotes, stories and images, he details the steps to follow to increase your chances of surviving an active shooter incident.

Here are some highlights from their conversation:

...

Four Common Weaknesses of WFH for Workplace Recovery

Four Common Weaknesses of WFH for Workplace Recovery

Originally published on Rentsys Recovery Services' blog.

“What will we do if our primary facility is inaccessible? Easy. Our employees will work from home.”

We hear this a lot. If your primary facility isn’t available, it makes sense to have employees work from home. Thanks to the cloud, a work-from-home (WFH) alternate workspace strategy is cheaper and more doable than ever before. But what happens when your entire workforce needs to work from home? It sounds extreme, but we’ve seen it happen.

Before writing off alternate facilities, think about how a WFH strategy would work for your entire business (or branch). Here are the top issues to consider.

Business Processes



For WFH to go smoothly, you must design business processes to accommodate remote work. The three principles of a successful WFH strategy are:

...

Is Your Emergency Response Too Slow? Shorten It With These Expert Tips

Is Your Emergency Response Too Slow? Shorten It With These Expert Tips

Originally posted on Alertfind's blog.

Catastrophes can take many forms ‒ from an active shooter to a chemical hazard or natural disaster ‒ and businesses must always have emergency response plans ready for those situations.

Authorities will be dispatched to your workplace as quickly as possible in the event of an emergency. Your emergency preparedness plan must be designed to help employees quickly respond in order to save lives and avoid further injury.

Here are how organizations should approach three of the most common emergencies:

...

Are your vendors prepared?

Are your vendors prepared?

A solid business continuity plan is a great start to help you recover in the face of a major incident.  But have you considered what happens when there are “No 3rd Party Vendors”?  It’s time to check that they have plans in place.

Why audit your vendors?

A key piece of every business continuity plan is having an up-to-date list of those critical vendors you depend on.  When bad things happen, you may need to call upon them to expedite or suspend services, or provide a whole new service.  If your vendors are not prepared with their own plan, they will not able to respond when you need them most.

Additionally, while operations might be running smoothly for you, disaster striking an unprepared vendor can cause a disaster for you.  That hosted solution you decided to go with is only as reliable as the vendor providing it.  When the vendor has issues, that will create an issue for you too.  We all like to get raw materials for the best price available.  However, if that price means the vendor has not invested in any business continuity efforts, you may be paying a much bigger price in the long run.  No raw materials can result in your manufacturing shut down, unhappy customers, service level agreements breached, penalties paid, and revenue lost.

...

Is Your Organization Vulnerable To An Active Shooter?

Is Your Organization Vulnerable To An Active Shooter?

Active shooter events are occurring more and more frequently. And, according to an FBI study, over 80% of the active shooter incidents between 2000 and 2013 occured at work.

It is clear, now more than ever, that all emergency preparedness plans must include active shooter response procedures. It is an area of emergency response that cannot be ignored - no organization is immune.

To ensure you’re taking the right steps to protect your organization, download our free Active Shooter Emergency Preparedness Guide.

...

Is Your Office A Soft Target? Harden Your Building With These Expert Tips

Is Your Office A Soft Target? Harden Your Building With These Expert Tips

Originally posted on Alertfind's blog.

With active shooter incidents on the rise, businesses must ensure they’re preparing their staff for this potential threat. And preparation needs to extend beyond training your employees. Your physical office space plays a key role in how likely your organization is to become a soft target for an active shooter.

The Department of Homeland Security (DHS) defines an active shooter as “an individual actively engaged in killing or attempting to kill people in a confined and populated area.”

An FBI study showed that commercial businesses were the sites of 95 of the 220 active shooter incidents between 2000-2016 (including malls). The fourth quarter of 2017 saw the worst mass shooting in modern U.S. history when 58 fatalities and 500 injuries were reported at an outdoor Las Vegas concert.

...

Struggling To Create Engaging Emergency Preparedness Training? Get Expert Advice In Our New Webinar

Struggling To Create Engaging Emergency Preparedness Training? Get Expert Advice In Our New Webinar

Originally posted on Alertfind's blog.

Glenn Jones, an experienced emergency preparedness professional, and Danielle Ricci, Marketing Team Leader for AlertFind, recently discussed how emergency preparedness managers can overcome one of their biggest challenges – creating training programs that actually get employees engaged with emergency preparedness programs.

Glenn, who spent years creating emergency preparedness plans for a global electronics manufacturer, will help organizations use their risk assessments to help create dynamic live and online training exercises so employees understand how to respond during a typhoon, fire, active shooter or other emergency.

Read some some highlights from their conversation below:

...

Can You Reach Your Employees In An Emergency? Why You Need Multi-Device Notifications

Can You Reach Your Employees In An Emergency? Why You Need Multi-Device Notifications

Originally posted on Alertfind's blog.

Disasters lead to chaos – whether it’s an active shooter event, a hurricane or other event. There will be mass confusion within your organization, making it very unlikely that all of your employees will have computers or tablets handy. You need to ensure that you can still instantly reach each and every team member. To do this, you need multi-channel notifications.

Importance of Multi-Channel Communication

Using multi-channel communication is one of the best ways to ensure you can immediately notify your employees of any threats and make sure they are taking the proper actions to protect themselves.

Greater Reach

Multi-channel communication increases the likelihood that your staff will see your alerts. If an employee is seeking shelter during an emergency, they probably won’t have a computer handy, but they may be able to check text messages. Simultaneously pushing your emergency alerts through numerous channels gets your notifications in front of more employees, wherever they may be. Channels can include email, text, voice call, fax, mobile app push notifications, pages and more.

...

Backup & Disaster Recovery: Necessary for the Enterprise

Backup & Disaster Recovery: Necessary for the Enterprise

In the pursuit of efficiency and optimization, enterprises transcended the paper era and entered the digital era. The workspace is no longer the same anymore. Instead of a ton of office equipment, a single desktop computer and/or a laptop is more than enough. Utilization of digital equipment led to the generation and continuous growth of digital data; which in turn led to the requirements and innovation of data storage: on-premises at first and then enterprise cloud storage later.

Enterprise Cloud Storage: Empowering Productivity & Work Efficiency

By using cloud based storage, enterprises considerably improved productivity and increased work efficiency. Instead of a sequential workflow, the cloud facilitates parallel workflows. And with the cloud, accessibility is made simpler and faster. Instead of working from a single workstation, staff can operate without geographic limitations or time restrictions. This has enhanced the ways enterprises function and operate.

Continuous utilization of cloud environments has generated data lakes for enterprises. Due to the block level storage of the cloud, scalability is simplified and accommodating to the big data generated by industries. However, with the large amount of data and the enterprise reliance on this data; it becomes equally important to acquire capable and reliable means of backing up and recovering this data.

...

Minimizing Downtime: How Training Keeps Your Employees Productive After A Disaster

Minimizing Downtime: How Training Keeps Your Employees Productive After A Disaster

Originally posted on Alertfind's blog.

We all know that disasters and other unplanned business disruptions lead to downtime. The length of that downtime may well determine whether or not your business ever reopens its doors. Don’t let your organization get caught unprepared. Part of any emergency preparedness plan must include a recovery plan to minimize downtime after a disaster.

The Cost Of Downtime

It may seem small – a temporary network crash, a leak that causes the office to close for two days – but instances of downtime have a direct and far-reaching impact on your bottom line.

Can you afford to lose $100,000? Because, according to an ITIC study, that is the average cost of a single hour of downtime. One hour. While your organization’s actual cost of downtime will likely differ from the average, as it is dependent on many factors, it is still a price you want to avoid paying if at all possible.

...

Business Impact Analysis: How Long Do You Have After A Disaster To Recover Before Your Business Fails? An Interview With Robert Clark

Business Impact Analysis: How Long Do You Have After A Disaster To Recover Before Your Business Fails? An Interview With Robert Clark

Originally posted on Alertfind's blog.

Robert Clark, business continuity consultant and BCI-approved trainer with more than 40 years of business continuity experience, and Graham Thompson, Business Continuity Analyst for AlertFind, recently discussed why organizations must create and regularly audit their business impact analysis if they want to avoid business disruption or even bankruptcy after a disaster.

Robert and Graham offer expert advice on how business continuity, emergency preparedness and disaster response managers can ensure they’re protecting their organizations from disasters ranging from hurricanes and wildfires to insider threats and terrorism.

Join Robert Clark and Graham Thompson as they continue this conversation and answer your questions live on February 7th.

...

How flexible is your BCP?

How flexible is your BCP?

As Business Continuity professionals, we see a lot of plans. We develop plans for our clients, we help mentor clients on how to build their plans themselves, we review existing plans for gaps, and we audit plans. One consistent concern across all plans, regardless of their size, is it a flexible BCP. At what point is your plan too rigid? How do you know if you have just enough – or too much – information? Do you need responses for every single type and depth of scenario out there? If you don’t know the answers to any of these questions, don’t worry, we’re here to help!

What do we mean by flexible BCP?

For the purposes of this post, we are talking about how well your BCP allows you to adapt, and appropriately respond, to different types of incidents. You should be able to use the same BCP to respond to a fire, a train derailment, a power outage, or an active threat. This might seem a bit daunting; how can one plan possibly respond to all of these things? Simple! The answers are in your plan content and structure, and training.

 

Plan content and structure

Two key areas of a flexible BCP are in the response and recovery steps, and the supporting documentation. The response and recovery steps document exactly what steps you need to take when an incident occurs. But, these steps do not need to be so detailed that they are difficult to follow. For example, one of your steps might be “Inform vendors of the incident and provide temporary instructions.” You do not need to then list the name of every vendor you need to contact for every type of incident. Simply include a reference to your vendor database. That way, you select which vendors you contact depending on what has been impacted by the incident.

...

Why Data Protection And Recovery Must Be Part Of Your Business Continuity Planning

Why Data Protection And Recovery Must Be Part Of Your Business Continuity Planning

Originally posted on Alertfind's blog.

From laptops to data centers, information technology is an integral part of modern business operations. Many businesses would find it difficult, if not impossible, to function if their information technology went down. So, for a business continuity plan to succeed, it must include an IT disaster plan with detailed processes for data protection and data recovery.

Data protection is the process of safeguarding important information from corruption, compromise or loss. Data recovery is the process of restoring data that has been lost, accidentally deleted, corrupted or made inaccessible. Your business continuity plan must cover both.

A hard-drive or a server may seem like a tiny thing when compared to a business’ physical inventory, but when a business’ IT infrastructure is damaged, the economic losses add up quickly.

...

15 Factors Every Disaster Recovery Audit Must Include

15 Factors Every Disaster Recovery Audit Must Include

Originally posted on Alertfind's blog.

If the disaster recovery strategy at your business includes “set it and forget it,” you’re not alone. Only 40% of companies test their disaster recovery plans once a year, and more than 25% of organizations test “rarely or never.”

This is a problem for a variety of reasons: your business changes, the threat landscape changes, available solutions change, your IT infrastructure changes, personnel change – in short, you’re facing a dynamic landscape that never stands still, even if your disaster recovery plan does.

The solution? Audit your disaster recovery plan thoroughly and regularly to test for performance, efficiency, cost and overall effectiveness.

...

False Alarm in Hawaii: An Emergency Expert’s Thoughts

False Alarm in Hawaii: An Emergency Expert’s Thoughts

Following the news of Hawaii’s false ballistic missile alert on January 13, 2018, we sat down with crisis & emergency management expert and General Manager of Business Resilience at Resolver, Kevin Hall, to get his thoughts on what went wrong and why.

...

Be Prepared with a Dynamic Incident Response Plan

Be Prepared with a Dynamic Incident Response Plan

by Robert Good, Sales and Client Services, BC in the Cloud

Many companies are required to have a Business Continuity Plan in place for compliance reasons, but it makes good business sense to also make sure you have a functional plan to help you recover from an incident as quickly as possible.  Whether it is a hurricane, wildfire, active shooter, or cyber-attack, you can minimize the impact on your organization with a Dynamic Incident Response Plan.

...

Is Local Validation and Verification Enough When Assessing Potential Cyber Attacks?

Is Local Validation and Verification Enough When Assessing Potential Cyber Attacks?

The ability to proactively monitor and scan a production environment to determine the existence of cyber activity has been drastically increasing as new tools and techniques are becoming more sophisticated and available throughout the marketplace. These capabilities, combined with more frequent backups and remote isolation of system and data copies, have provided a strong defense against cyber interruptions for known entities that may compromise a business.

But is this enough, and how are we protecting against the unknown, future attacks that may be hidden from view and go unnoticed for extended periods of time, until such time that they are invoked and severely impact operations?    

For the most part, in addition to standard security protocols for continuous monitoring and checking of the production environment, cyber resilience is defined as a process to ensure adequate backups or point in time copies of the data are frequently captured and sent to an isolated, remotely managed environment that is separated from the primary production site. These ‘protected copies’ are critical should an intrusion be encountered, for use in responding to the attack and required for rebuilding the infrastructure and/or repopulating the data that may have been corrupted or compromised.

...

How to Plan for Ransomware in 2018

How to Plan for Ransomware in 2018

Originally posted on Rentsys Recovery Services' blog.

 

Heart monitors go off simultaneously. Doctors get error messages when trying to access patient records. Then all the computers in the facility go black. The following message appears in scrolling green text:

...