As a seemingly endless procession of storms with names like Hillary, Lee and Ophelia took aim at various parts of the United States this summer, you can bet cybercriminals around the world were paying close attention, ready for any opportunity to prey on financial institutions in moments when their infrastructure and data could be particularly vulnerable.
Those moments are coming more frequently. By the end of August, with four months still to go in 2023, the United States already had been hit with a record 23 billion-dollar disasters, according to the National Oceanic and Atmospheric Administration. Hurricanes, tornadoes, floods, fires — the increasing frequency of disasters like these, as costly and disruptive as they can be, also invite the additional risk of cyberattacks. And given that financial institutions are already a prime target for hackers, this combination underscores how critical business continuity planning is for financial institutions.
For the best interests of their clients as well as for their own financial well-being, banks must find ways to continue serving — and maintain connectivity with — their customers. A network outage or disruption can render an institution unable to serve its patrons and support its employees during and after a crisis, whether it’s due to an extreme weather event, natural disaster or cyberattack.
“The U.S. financial sector is facing a growing number of threats to its information technology systems, operations, people and facilities,” the Federal Deposit Insurance Corporation observed back in 2021, and must develop new ways “to respond to and recover from these disruptions in a timely, consistent and reliable manner.” Doing so starts with development of a thorough business continuity plan that is designed to protect the IT and communications infrastructure and 24/7/365 network, application and account access, so banks can continue serving their customers and community without pause.
The stakes are too high for financial institutions to ignore. Citing figures from the Ponemon Institute, Visa noted recently that one minute of network downtime can cost a business an average of $9,000, or more than $500,000 per hour. For banks “every second of an outage can mean lost transactions, frustrated customers and potential damage to brand and reputation,” Visa said.
With so much riding on business continuity and connectivity, and with hurricanes, cyberattacks and other events posing a very real risk to IT and communications infrastructure, it’s critical that financial institutions proactively develop and maintain a plan for protecting that infrastructure so they can continue functioning should disaster strike. Looking for a place to start? Refer to this quick checklist to help guide those preparations:
- Risk analysis. Internally or with the help of a third-party consultant (and, perhaps, operational resilience assessment software), make an honest evaluation of how well protected your organization’s IT infrastructure and network are from disruption related to a hurricane, cyberattack or other extreme event.
- The plan. Informed by findings from the risk analysis, develop a detailed plan for how your organization will handle various crisis scenarios and how information will be communicated internally and externally. As part of this strategy, identify and prioritize critical on-premises hardware and brick-and-mortar IT infrastructure (such as data centers) for protection, and how they’ll be protected. Once this plan is in place, be sure to revisit it annually, updating as needed.
- The communications network. You want to be confident your network can securely accommodate a surge in remote work, which may be necessary during and after a disaster if your company’s physical offices need to close temporarily. In providing employees with the reliable connectivity and access to apps and data required to do their jobs in a safe location, it’s vital to ensure the network is secure out to the edge, even as the contours of the edge shift.
As critical as scalable, secure connectivity is, it may not be possible for banks with an older and outdated network, which is why many institutions are moving to a cloud-based network such as SD-WAN (software-defined wide area network) and combining it with a sophisticated cybersecurity solution like SSE (security service edge) or bringing it all together into one unified SASE (secure access service edge) framework.
- Extra support for your IT team. A bank could hire an IT consulting firm to support their internal IT team and serve in a first responder, troubleshooter and fixer role during a disruptive event. Or, if it has a managed IT service (such as managed network, security or unified communications), that hands-on support may already be built into the service. Having that expert extra hand is especially valuable for organizations with lean or understaffed IT teams.
- Contact center. A cloud-based contact center (which also could be part of a managed service) gives banks extra reliability during and after a disaster, along with the scalability to quickly add capacity to meet a likely surge in customer inquiries.
- A real-time read on network conditions. Having full visibility into conditions across the communications network enables the IT team to rapidly respond to connectivity issues in the event of a disruption.
- Open communications channels. Cloud-based unified communications platforms offer resiliency and flexibility where older communications platforms may not, enabling an institution to keep lines of communication open with employees and customers from any device over multiple channels (voice, video, messaging, etc.).
- Stress test. Conduct a simulation (perhaps with the help of a consultant and/or incident simulation software) to ensure your network and continuity plan can stand up under the stress of an extreme weather event or other type of disruption. Then, make needed adjustments based on the results of the simulation.
By being proactive and planning ahead, your institution should be prepared for the event you hope never happens.
Bucky Porter is a financial services industry analyst with Windstream Enterprise, which provides cloud-optimized managed services and network and communications solutions. He has more than 20 years of banking experience in roles such as regional branch leadership, technology consultant and senior lending officer. He has worked with community, regional and national banks. Prior to joining Windstream Enterprise, Porter worked at the $23 billion Simmons Bank, where he most recently led a large branch network, built the bank’s small business banking sales strategy and worked on cross-functional marketing and product development projects. He is a graduate of the CBA Executive Banking School.