As COVID-19 swept across the nation, federal agencies issued guidelines to help institutions create and maintain effective business continuity and disaster recovery (BC/DR) plans in light of changes brought on by the pandemic.
To effectively keep employees safe and consumer data secure, it’s critical to also renew these policies and plans, including considerations around data security, protection, backup and recovery.
Community banks should start by reviewing all current technology when assessing (or refreshing) their BC plans and policies. To assess the technology infrastructure and ensure it’s ready to handle a remote workforce or office closures, community institutions should perform a gap analysis of the tools that their remote workers need and compare this to their current infrastructure.
To operate in a remote environment, employees will need a laptop, monitor, phone, video conferencing webcam equipment and much more. It’s important to explain whether employees can use their own devices or if the institution will provide devices for remote employees. Encrypted, secure-access methods – such as a virtual private network (VPN), secure cloud technologies or remote desktop infrastructures – will further protect consumer data. Any implemented solution should be paired with multifactor authentication (MFA).
In the event of a disaster situation, employees need access to communication tools, so institutions need to evaluate this technology when updating their BC policies. In a case where the workforce is dispersed, it is important to consider how your employees will best work together and how they will most effectively communicate with customers. Options include incorporating a company intranet, corporate social networks, internal messaging systems, video conferencing tools and client messaging systems into your BC plans and WFH strategy.
Refresh backup and disaster recovery plans
It’s also important for institutions to update their backup and disaster recovery plans. The ability to perform comprehensive backups of system data is crucial to DR efforts, but these efforts can be challenged by having a dispersed workforce. When considering a backup strategy, it is important to analyze where data resides and how it is backed up.
There are many questions for the institution to consider when refreshing their plans. First, it’s important to decide whether data will be backed up in a corporate data center, in the cloud or a combination of both.
For centralized data in the corporate data center, how will your remote employees access this data? Is the data replicated to the data center regularly and are the backups image-based or file-based? For cloud-based data, how can remote employees access the data and is there a standardized policy requiring data to reside in specific places to ensure they are properly backed up? These questions can help banks consider all their options and build out a successful disaster recovery strategy.
Planning and testing your updates
The most important aspect of BC/DR plans is to continuously plan and execute recovery tests for all situations. Testing strategies should detail the conditions and parameters for testing applications and functionality at least annually, and these tests should include various scenarios that stress availability and security of all systems that might affect business continuity. The institution should set objectives, recovery goals and timely schedules to ensure that their plans and policies are ready for any situation that comes their way.
Because a community bank’s DR/BC plan is a dynamic document, it should be updated at least annually to ensure the bank’s plans and policies align with the ever-changing needs of the institution as well as the constant evolution of technology.
It’s also important to store the DR/BC plan in a secure location easily available to members of the recovery team, and backup copies of the plan should be kept offsite. This way, no matter what disaster strikes, the institution is ready to enact their BC/DR plans and seamlessly continue operations.
With what we’ve all learned since the start of the pandemic, banks should update and test their BC/DR plans and operations, keeping critical aspects of business continuity, backup and recovery in mind.
In updating plans, institutions need to conduct regularly planning to consider both internal and external needs, thoroughly analyze business impact, address the recovery of business operations and technology, test the plan regularly to ensure its effectiveness and continuously update the plan to reflect changes in the business and operating environment.
Jeremy Baumruk is director of professional services at Xamin.
Subscribe to the BAI Banking Strategies newsletter and podcast.
