Amid a sweeping global pandemic where little is certain, businesses have been reminded to prepare for the unexpected. Though this statement sounds reasonable enough, how do we do this? By definition, the unexpected is, after all, unknown.
However, the COVID-19 pandemic has compelled credit unions to develop new business continuity plans, reassess the security for hastily implemented measures, and develop product delivery innovations to serve customers. With new plans and more effective measures in place, credit unions can better anticipate issues and be much more prepared to tackle the unknown.
A New Era of Business Continuity Planning
For many organizations, business continuity planning wasn’t a serious undertaking prior to 2001, but it quickly became a more dedicated practice after the 9/11 attacks. This tragic day made it abundantly clear to businesses across the country that they needed to be more prepared to handle the possibility of extremely disruptive events. In the decade after 9/11, substantial effort was made to improve business continuity planning—to be ready, come what may.
Although much progress had been made since, these plans tended to focus on managing one-off disasters where connectivity or access to specific applications might be lost. Most plans only focused on building redundancies so that data and existing business processes could be rapidly brought back online.
Now fast forward to 2020. COVID-19 has turned the entire world on its head. Existing systems haven’t been damaged or destroyed by an acute disaster. Instead, entire business processes, modes of working, and channels for serving customers had to change virtually overnight. Previously well-thought-out plans designed to restore our systems were not extremely useful. We learned that we needed incident response and business continuity plans that would allow us to radically pivot the very nature of our business at a moment’s notice.
Out of necessity, organizations across the nation deployed thousands upon thousands of laptops and mobile devices to facilitate working from home. Similarly, we enabled vendors and contractors to execute service remotely, and we developed new ways to service our customers even though they could not visit our branches.
Businesses acted out of necessity—and as carefully as possible—but now they must revisit and revise their business continuity plans based on newly developed business processes. Our plans must now consider scenarios involving long periods of remote working, entire market segments needing to access products and services in entirely novel ways, and remote delivery of products and services by technology supply chain partners.
Risk-Based Assessments, Security Tune-Ups, and Your Technology Supply Chain
Systems need to be continually evaluated to determine their security and compliance risk. Now is a good time to check and adjust the configurations of solutions deployed to enable necessary new business processes, and make sure that they are secure and compliant. Some of these solutions could include video conferencing, customers’ online appointment scheduling, and digital document signing. So many of these technologies were launched very quickly and do warrant another look to make sure they are secure. For instance, a remote teller service and its supporting systems might be classified as high risk and should only be accessed by remote workers via the VPN and multi-factor authentication. Conversely, a call center team can access cloud-based support documentation using only multi-factor authentication protection as it might be considered a lower business risk.
Business processes with vendors have also changed rapidly, so credit union technology teams need to take some time to evaluate technology supply chains and vendor touch points. Are they accessing your network using secure protocols?
Build Security into Product Delivery Innovation
Many ancillary services—like loans and new investment accounts—were temporarily halted in March and April 2020. Of course, most banks and credit unions had digitized core services years ago, so most online service offerings continued without disruption. In contrast to those core services, ancillary services were traditionally conducted almost entirely in person and required innovation to meet today’s challenges. Additionally, as credit unions and banks continue to reopen, systems as simple as online appointment scheduling tools are needed to control the number of people in a branch at a given time.
Innovation and investment will need to cater to the priorities of each credit union and the needs of the customer base they serve. Because they are of the utmost importance, I recommend that security and compliance be part of all new implementations—just make sure there is room in your budget to address these critical issues.
These are challenging times, but by reworking business continuity plans, revisiting the setup of rapidly enabled technologies, and rethinking product delivery innovation, credit unions truly will be much more prepared for the unexpected. If we can help, SilverSky is here for you. Don’t hesitate to reach out to us at 1-800-234-2175 or firstname.lastname@example.org. Additionally, I invite you to read the follow-up post to this article, “Cybersecurity Frameworks and Employee Training Required for the Road Ahead.”