While we have become accustomed to hearing about ransomware attacks where systems are shut down and/or data is held for ransom, there’s another risk to account for in your business continuity/crisis management plan, especially in today’s connected environment: when a software solutions provider is attacked and its system is shut down.
Imagine going to work and turning on your computer only to find the software you subscribe to for sales, customer service, inventory, and accounts receivables and payables is not available. You receive word that your software solutions provider is the victim of a cyberattack and working to get systems up and running, but it may take days or weeks. This is when you convene your crisis management team and execute your business continuity plan.
Here are a few special considerations specifically related to a situation where a software solutions provider has been attacked and systems that you subscribe to are temporarily unavailable:
- Immediately contact cyber and business continuity insurance providers for guidance and resources, as well as an understanding of whether an event is covered and what would be needed to file a claim. (Some policies only provide coverage if there’s a data breach and personally identified information is compromised.)
- Be prepared to temporarily return to manual, paper processes for critical activities like orders, inventory, bookkeeping, accounts receivables and payables, and more.
- Be prepared to train staff on manual paper processes and interim solutions.
- Know which staffing agency you can call should you require additional resources.
- Keep customer contact information easily accessible as you’ll want to alert them to how they may be affected and when resolution is expected.
- Review software provider contracts and understand their parameters for business continuity and claims.
- Be prepared to meticulously document the financial impact, including lost revenue, increased expenses incurred to manage losses, and payroll increases for overtime or temporary staff.
- Have a list of resources you can use to help keep critical business processes (like accounting) running.
With manufacturing businesses being the second most popular target of ransomware attacks in 2023 (healthcare was number 1), it’s good practice to review and update your business continuity and crisis management plans at least annually – be sure to account for new threats like when a software solutions provider goes down.
As always, you should be up to date on New York laws governing your responsibilities. Also, if you’re looking for ways to bolster your response plans, CISA offers a free resource, called Business Continuity in a Box, to help businesses swiftly get critical functions back up during or following a cyber incident.
As you focus on developing or updating your business continuity and crisis management plan, remember that RBT CPAs is always here to support your accounting, advisory, audit, and tax needs. Contact us any time to learn how we can be Remarkably Better Together.
RBT CPAs is proud to say 100% of its work is prepared in America. Our company does not offshore work, so you always know who is handling your confidential financial information.