Can Credit Unions Really Prepare for the Unexpected? A New Era of Business Continuity Planning

Business continuity plans - preparing for the unexpected

Amid a sweeping global pandemic where little is certain, businesses have been reminded to prepare for the unexpected. Though this statement sounds reasonable enough, how do we do this? By definition, the unexpected is, after all, unknown.   

However, the COVID-19 pandemic has compelled credit unions to develop new business continuity plans, reassess the security for hastily implemented measures, and develop product delivery innovations to serve customers. With new plans and more effective measures in place, credit unions can better anticipate issues and be much more prepared to tackle the unknown.

A New Era of Business Continuity Planning

For many organizations, business continuity planning wasn’t a serious undertaking prior to 2001, but it quickly became a more dedicated practice after the 9/11 attacks. This tragic day made it abundantly clear to businesses across the country that they needed to be more prepared to handle the possibility of extremely disruptive events. In the decade after 9/11, substantial effort was made to improve business continuity planning—to be ready, come what may.

Although much progress had been made since, these plans tended to focus on managing one-off disasters where connectivity or access to specific applications might be lost. Most plans only focused on building redundancies so that data and existing business processes could be rapidly brought back online.

Now fast forward to 2020. COVID-19 has turned the entire world on its head. Existing systems haven’t been damaged or destroyed by an acute disaster. Instead, entire business processes, modes of working, and channels for serving customers had to change virtually overnight. Previously well-thought-out plans designed to restore our systems were not extremely useful. We learned that we needed incident response and business continuity plans that would allow us to radically pivot the very nature of our business at a moment’s notice.

Out of necessity, organizations across the nation deployed thousands upon thousands of laptops and mobile devices to facilitate working from home. Similarly, we enabled vendors and contractors to execute service remotely, and we developed new ways to service our customers even though they could not visit our branches.

Businesses acted out of necessity—and as carefully as possible—but now they must revisit and revise their business continuity plans based on newly developed business processes. Our plans must now consider scenarios involving long periods of remote working, entire market segments needing to access products and services in entirely novel ways, and remote delivery of products and services by technology supply chain partners. 

Risk-Based Assessments, Security Tune-Ups, and Your Technology Supply Chain

Systems need to be continually evaluated to determine their security and compliance risk. Now is a good time to check and adjust the configurations of solutions deployed to enable necessary new business processes, and make sure that they are secure and compliant. Some of these solutions could include video conferencing, customers’ online appointment scheduling, and digital document signing. So many of these technologies were launched very quickly and do warrant another look to make sure they are secure. For instance, a remote teller service and its supporting systems might be classified as high risk and should only be accessed by remote workers via the VPN and multi-factor authentication. Conversely, a call center team can access cloud-based support documentation using only multi-factor authentication protection as it might be considered a lower business risk.  

Business processes with vendors have also changed rapidly, so credit union technology teams need to take some time to evaluate technology supply chains and vendor touch points. Are they accessing your network using secure protocols? 

Build Security into Product Delivery Innovation

Many ancillary services—like loans and new investment accounts—were temporarily halted in March and April 2020. Of course, most banks and credit CUNA Business Continuity Issuesunions had digitized core services years ago, so most online service offerings continued without disruption. In contrast to those core services, ancillary services were traditionally conducted almost entirely in person and required innovation to meet today’s challenges. Additionally, as credit unions and banks continue to reopen, systems as simple as online appointment scheduling tools are needed to control the number of people in a branch at a given time. 

Innovation and investment will need to cater to the priorities of each credit union and the needs of the customer base they serve. Because they are of the utmost importance, I recommend that security and compliance be part of all new implementations—just make sure there is room in your budget to address these critical issues.


These are challenging times, but by reworking business continuity plans, revisiting the setup of rapidly enabled technologies, and rethinking product delivery innovation, credit unions truly will be much more prepared for the unexpected. If we can help, SilverSky is here for you. Don’t hesitate to reach out to us at 1-800-234-2175 or Additionally, I invite you to read the follow-up post to this article, “Cybersecurity Frameworks and Employee Training Required for the Road Ahead.”

Head of Product Management, Email Protection and Cloud Email , SilverSky
SilverSky offers a comprehensive suite of products and services that deliver unprecedented simplicity and expertise for compliance and cybersecurity programs.
follow me



Managed Detection and Response

Comprehensive solutions to detect, prioritize, and address security incidents.

Managed Security Services

24 X 7 X 365 monitoring, management, and system maintenance.

Email Protection Suite

Monitor and manage your email environment with advanced email security and compliance protections.

Cloud Email and Collaboration

Cloud office productivity enhanced with proven security and compliance protection.

How does SilverSky's integrated stack of solutions meet your needs?

Compliance and Risk Services

Assess your program and controls, benchmark and identify areas for improvement. Develop your security roadmap for investment and improvements. Effectively measure ROI and impact on your security posture

Incident Response Readiness

Incident Response Plan Development / Review. Incident Response Readiness Review. Emergency Incident Response.

Discuss your compliance, risk management and incident response readiness needs.

Schedule Free 1-on-1 Consultation

Financial Services

1,500+ small & mid-sized financial institutions rely on SilverSky to meet and exceed FFEIC, GLBA and PCI DSS requirements and overall cybersecurity needs.


Hundreds of small & mid-sized healthcare organizations rely on SilverSky to address HIPAA and other regulatory requirements and serve overall cybersecurity needs.


Small and mid-sized retail organizations count on SilverSky to maintain PCI DSS requirements, secure customer data and reduce cybersecurity threats.

How Exposed Are You?

Take the test to see how your security program compares with other businesses like yours.


White papers, guides, tools, on-demand webinars, case studies and more. Explore a range of topics. 

Events & Webinars


Product Sheets

SilverSky product and services information at your fingertips. Product data sheets, compliance matrixes, & brochures.

How Exposed Are You?

Take the test to see how your security program compares with other businesses like yours.

Become A Partner

Partner with SilverSky to tap into the approaching $300 billion+ cybersecurity market.

Talk to one of our partner managers and consider expanding your cybersecurity offerings.

Schedule Partner Exploration Discussion

Share This