When Disaster Strikes – BCP and Disaster Recovery Lessons in The Wake of Hurricane Matthew

Last week, we all watched as Hurricane Matthew unleashed its fury on the Eastern Seaboard of the US, disrupting thousands of businesses and organizations, and impacting millions of people’s lives. The damage that the storm inflicted underscores the importance of disaster planning and preparation – time and again, we see a stark difference in the reaction from businesses who have a disaster plan in place and those that don’t. The same applies to financial institutions, especially community banks and credit unions. The lack of proper planning and preparation could be particularly devastating for a bank in terms of disaster recovery, and is even more challenging for smaller community financial institutions who often lack the staff and resources of larger institutions.

When disasters like Hurricane Matthew strike, it is imperative that financial institutions implement their Business Continuity Plans and Disaster Recovery plans, as required by FFIEC guidelines. These plans are instrumental in outlining the specific steps and processes the institution must take to be prepared and efficiently recover from disasters or business interruptions.

Preparing for Natural Disasters and Similar Events

First and foremost, community banks and credit unions should have an existing plan in place and execute that plan when conditions dictate it. Beyond this, there are several additional steps we at Safe Systems recommend each financial institution take to adequately prepare for natural disasters and similar events, including:

• Double check all backups and ensure offsite copies are up to date and working. If using an on premise backup solution, make sure all hardware and backups are moved offsite to a safe location.
• Uninterruptable Power Supplies (UPS) are designed for short term outages in power. If expecting longer power loss, preemptively shut down servers and all IT equipment. If equipment is not properly shut down, it can result in failures and malfunctions.
• Ensure the security of the server room. Make sure the server room is locked with separate key access and all equipment is secure.
• Ensure everyone is following the procedures in the BCP and DR plans and is aware of the proper communication protocols and contacts.

Common Issues

Many banks today try to manage their own technology solutions, including backups, email systems and server management. Some outsource these responsibilities to local providers who may not be experts in the financial services industry. Some issues financial institutions may run into when working with a local provider include:

• Email Outages

  Working with a local provider who hosts the email server locally means the server might be down due to possible power outages. This is also true if the bank hosts email internally.

• Backups

  If backups are stored with a local provider, that provider is likely also affected by the storm, meaning they might also be suffering from damage and loss that they need to recover before being able to help their customers. Furthermore, if using an on premise backup solution, it brings into question whether backup media will be accessible and/or if it is damaged in the storm.

• Evacuation

  As we saw last week, some communities may be forced to fully evacuate, which includes bank IT staff, and the staff of the local service provider. The true damage and loss won’t be known until they are allowed to return and start attempting to power back up.

Options for Outsourcing

These issues can be avoided when working with an IT service provider. Safe Systems is the leader in providing compliance-centric IT and security solutions exclusively to community banks and credit unions, and as such, we understand the unique needs each financial institution has when preparing for — and recovering from — a natural disaster. Financial institutions working with Safe Systems benefit from:

• Remote and Secure Back-ups and Data Recovery Practices

  Our backups are in two redundant remote facilities making sure your data is always protected. In addition, our NetComply One solution provides proactive alerting when a backup has failed or has issues, allowing time to rectify the situation and ensure all information is stored appropriately. Also, we annually test our customers’ disaster recovery plans and the integrity of backups to ensure customers can recover files and networks as documented in their BCP.

• Available Staff and Engineers

  No evacuated IT personnel! All IT personnel are able to handle situations remotely and our team is available to help 24 hours a day/7 days a week. In addition, during Hurricane Matthew, for any customers that may have been impacted, Safe Systems ensured additional engineers were available to help immediately.

• Guidance

  With our unique CRM software, we were able to target our customers who might be affected by the storm. We contacted them to guide them through the preparation process and are on standby to help when and if issues arise. Also, this included verifying our customers had current backups by performing a thorough review of all protected systems.

• Offsite Hosted Email

  SafeSysMail, powered by Microsoft Office 365™ email, eliminates the burden of running Microsoft Exchange™ internally; meaning email is not disrupted in the case of a natural disaster. As a vital part of your institution, your email solution needs to function smoothly and consistently in order to support your business functions, even during a disaster. Working with Safe Systems gives you access to an email solution that, while powered by Microsoft’s cloud email solution, is designed exclusively for financial institutions and includes extra layers of protection.

• Continuum

  With our disaster recovery solution, Continuum, we can restore a bank’s technical environment remotely, giving them the ability to remotely access their network. Our colocation becomes the actual environment for clients, enabling them to run all their solutions from a remote location, our colocation facility.

Taking Business Continuity Planning to the Next Level:
A Better Way for Banks

Learn how examiners are increasing their focus on BCP, the risks involved in relying on a single individual, and better ways to develop your plan.

You simply cannot prevent or anticipate every disaster, but proactively knowing where to go, who to contact and what critical functions need to be backed up and restored can provide confidence to you and your employees when responding to a disaster. Developing, implementing, and regularly testing disaster recovery and business continuity plans is crucial in today’s banking environment. At Safe Systems we have been working with banks and credit unions to manage their disaster recovery process for more than 20 years. Our hope is that it isn’t needed, but should it be, our proven experience enables us to provide the services and assistance necessary to ensure our customers are prepared for a disaster and able to quickly recover from one.