Business continuity is an integral part of small and large organizations; it aids the continuance of core operations in the event of disasters. Business continuity planning enables firms to understand the nature of their operations, the way they can respond during a disaster or upon anticipation of a risk (Mwaiwa & Odiyo, 2015). When planning for business continuity, ventures can choose emergency communication and evacuation plans. The strategy aids in development of internal alerts and methods of vacating organizations’ personnel in the event of a disaster. In addition, entities can select information technology (IT) data backup strategies when planning for business continuity. In the event of a disaster, such as cyber-attacks, a firm may lose valuable data; thus, when planning for business continuity, organizations can select IT-oriented data backup plans to deal with potential threats to their information systems. The two strategies of business continuity can help firms secure valuable information and protect the lives of their workforce during disasters.
Today, technology is widely utilized in a significant fraction of organizations to facilitate operations. For instance, the majority of entities rely on technology to secure their networks against cyber threats, and to store large volumes of data, which can easily be retrieved when the need arises. Often, these technologies can be utilized in an inappropriate manner if a firm fails to establish clear policies that govern their use. Hence, various types of strategies such as issue-specific security policy (ISSP), are established to guide employees on the use of organizational technologies. The ISSP serves three primary purposes. First, it provides an overview of specific areas of technology (Whitman & Mattord, 2010). Notably, the policy highlights each technology and its area of utilization. Secondly, it establishes controls in each process, including security measures required to access the technology. Thirdly, the ISSP outlines guidelines to govern the behavior of all employees that utilize the specific technology. For instance, the policy may prohibit workers from testing the security controls. An established and updated ISSP can facilitate the appropriate use of organizational processes.
Apart from external threats, organizations may also face internal pressures in their operations. For instance, Burns et al. (2015) observe that internal threats to an organization’s information arise from organizational insiders who have access and influence over security protocols. Given the multiple adversities associated with breach of organizational information, firms often undertake security, education, training, awareness (SETA) initiatives to enhance internal security. While the SETA is a holistic approach to security, the program serves different purposes. Firstly, the program fosters awareness among employees about potential security threats that can affect organizational information and operations. Secondly, the program educates employees on the importance of security (Burns et al., 2015). Finally, through SETA, employees are trained to adopt security roles. Synthesis of the different components of the program helps promote internal security within ventures.
Burns, A., Roberts, T., Posey, C., Bennet, R., & Courtney, J. (2015). Assessing the role of security education, training, and awareness on insiders’ security-related behavior: An expectancy theory approach. 48th Hawaii International Conference on System Sciences. DOI 10.1109/HICSS.2015.471
Mwaiwa, F., & Odiyo, W. (2015). The strategic effect of crisis management on business continuity management in corporate organizations: A case of Equity Bank Kenya. European Journal of Business and Management, 7(5), 145-154.
Whitman, M., & Mattord, H. (2010). Management of information security. Cengage Learning.