Published: September 20, 2024

Our new bulletin Cyber Threat Watch has been created to help small businesses stay up to date on the latest threats, news, and events affecting their business. The content has been curated to make cybersecurity easy and accessible for both technical and nontechnical readers.

In July 2024, a major IT outage caused by a CrowdStrike security update led to widespread business disruption. Over 8.5 million Windows devices were affected, leaving many organizations unable to access their critical information systems. The outage disrupted various industries such as financial services, healthcare, and transportation, and highlighted how reliant businesses are on IT infrastructure protected by a single cybersecurity solution. As a result, this incident demonstrated the importance of having a strong business continuity plan (BCP) to minimize disruption to business operations.

What Should Your Organization Do to Ensure Business Continuity?

For small business owners, preparing for such adverse events can make all the difference in keeping operations running smoothly. Here are key strategies to ensure your organization is ready for possible IT outages.

1. Store Copies of Critical Data Offline or on a Separate Serve:
   Don’t rely solely on one system to keep your essential business documents and contract lists. Maintain the backup copies of critical data offline, such as on an external hard drive kept in a secure location. If your budget allows, consider using a separate server managed by a different cybersecurity provider. This ensures that, even during an outage, your business can still access necessary information.
2. Back Up Data to a Separate Cloud Storage: 
   Have a backup plan for your electronic data. Use a separate cloud storage service with a different security system. This ensures that, even if the main system goes down, important digital information remains accessible through another platform, allowing your business to continue operating without interruption.
3. Print Essential Business Information:
   Keep printed copies of key business information, such as contracts, client and vendor contact details, and operational procedures. This ensures that your business still has access to vital information regardless of IT outages.
4. Set Up Alternative Payment Methods:
   Establish alternative payment methods such as checks or direct deposits through a secondary bank that uses a different security system (ask your bank or check publicly available information). This ensures that, when your primary payment system is inaccessible, financial obligations are still met.
5. Maintain Multiple Communication Platforms:
   Have multiple communication channels available, including different online platforms, traditional phone lines, and messaging systems. Stay connected with employees, clients, vendors, and business partners even when the primary communication system is down. This ensures that your business can maintain contact through alternative methods.
6. Develop a Contingency Plan and Share It with Employees and Vendors:
   Create an easy-to-follow BCP and share it with your employees and vendors to minimize confusion and downtime when a disruption occurs. Include emergency contact lists and step-by-step procedures for different scenarios in your plan. This ensures that all stakeholders understand their roles and the necessary actions during an IT outage.
7. Test Your BCP and Train Staff Regularly:
   Test your BCP regularly to ensure that it works as intended. Conduct drills and train your employees so that they are ready to respond quickly and effectively. This ensures that your business identifies any gaps, mitigates potential risks, and improves the continuity plan over time.
8. Assess Your Third-Party Providers:
   Evaluate the resilience of your key vendors and business partners. Check whether their BCPs align with yours, and discuss improvements with them if necessary. This ensures that, if one provider experiences a disruption, your business can execute the backup plan effectively.

Conclusion

The IT outage caused by CrowdStrike highlighted how vulnerable many businesses are to unexpected disruptions. By preparing in advance with a solid BCP, small businesses can safeguard their operations, minimize downtime, and ensure that they can continue serving their clients, even during an outage. Implementing these practical steps will help protect your business from potential outages in the future.

The NCSS encourages businesses to adopt comprehensive security practices and stay informed about evolving threats. We recommend you consider becoming an NCSS member to access a wide range of our services. For more information, visit our Small Business page.

References

https://www.forbes.com/sites/kateoflahertyuk/2024/08/07/crowdstrike-reveals-what-happened-why-and-whats-changed/

https://www.upguard.com/blog/crowdstrike-incident

https://www.xatakaon.com/services/from-hospitals-to-small-businesses-how-the-crowdstrike-incident-brought-global-paralysis-to-unexpected-places

https://www.cio.com/article/3480462/protecting-your-business-from-unforeseen-outages-lessons-from-the-recent-crowdstrike-incident.html

https://www.aon.com/en/insights/articles/building-cyber-resilience-effectively-5-lessonshttps://techinformed.com/five-lessons-from-the-crowdstrike-windows-it-outage/

https://legaltechnology.com/2024/07/26/the-crowdstrike-global-it-outage-early-lessons-learned/

https://gusto.com/resources/articles/business-growth/crowstrike-security-threat-what-small-business-can-learn

https://www.biz2credit.com/blog/business-continuity-planning/

https://www.linkedin.com/pulse/what-should-your-business-continuity-plan-include-quinones-jr-

https://www.cgi.com/canada/en-ca/blog/cybersecurity/global-it-outage-importance-business-continuity

About the NCSS

The National Cybersecurity Society (NCSS) is committed to improving the online safety and security of the small business community through education, awareness, and advocacy. As a 501(3)(c) organization, the NCSS uses funds from charitable donations and grants to develop educational materials, webinars, weekly cyber tips, videos, and how-to-guides. The organization’s goal is to enable and empower small and medium businesses to obtain cybersecurity services, assist them in understanding their cyber risk, and advise on the type of protection needed. We want to continue to grow our community and encourage you to tell other small businesses we are here to help.

The NCSS is committed to respecting the use of images in our communication efforts. Accordingly, unless otherwise specifically noted, the graphics in our bulletin are sourced under license from Adobe Stock. The header and footer images were designed and purchased through a contract with Eyedea Advertising & Design Studio.