Blind Spots

By: (Security+)

Publication: The Community Banker , Winter 2014

The Community Banker Winter 2014Winter is coming and this year, it seems like there is a lot of uncertainty about what it will bring. It may bring tidings of good cheer, or it may bring something akin to my idea of figgy pudding. We just don’t know. This is called a “blind spot.”

According to Oxford Dictionaries, one definition of a blind spot is “an area in which a person lacks understanding or impartiality.” Often, people use the term in reference to unseen drivers, but there are many kinds of blind spots. For example, I'm not a climatologist by any stretch of the imagination, but I am a Texan. As such, I look at things like winter weather forecasts and say, “That’s nice. It likely won’t happen.” Poor weather conditions are a blind spot for me because I lack impartiality about the event. If the event happens, I’ll still be surprised and maybe even frustrated because I didn’t prepare. Is that illogical? I was warned, I chose to do nothing about it, and I’m now disappointed by the results, so yes. As illogical as it sounds though, this is human nature.

You may share the same blind spots as me, or you may have your own, but you do have them. Humans get used to “business as usual,” and for as much as we are aware of our potential threats (i.e., hackers, influenza, eight feet of snowfall, etc.), it is amazing how unprepared we can be because “it likely won’t happen.”

The FFIEC hones in on the importance of having a business continuity plan (BCP) to help get rid of blind spots; there’s an entire handbook dedicated to the topic. The FFIEC recognizes that managing blind spots calls for much more than awareness; it requires action. Consequently, your BCP should detail what you need to do in the event of a cyber-attack, pandemic, or severe weather. You should test your BCP and you should be so familiar with it that you could enact anything in the plan at a moment’s notice.

While developing and testing your BCP may feel burdensome, it’s all worth the effort when you remember it’s there to:

  1. Protect you.
  2. Protect your customers’ information.

If your BCP isn’t achieving both of those, or even if you aren’t confident in your BCP, it’s time for some changes. Some simple questions you may want to ask yourself include:

  • What I am supposed to do during [event]?
  • Do I have any special responsibilities I need to be aware of?
  • Where am I on the call tree? Do we have a call tree?
  • Am I trained to be a backup for another position? If not, should I be?
  • Who decides what [event] conditions are worth closing the branch?
  • When do we need to notify our customers, if at all?

And what about your personal BCP?

  • Do I even have a personal BCP?
  • What will I do if my child’s school closes?
  • Can I continue my job from home? If not, who will do my job if I can’t?
  • What if the power, internet, or phone goes out? How will I communicate with my coworkers and/or loved ones?

The list of questions goes on and your BCP holds the answers. Test it and make corrections where there are gaps. Don’t wait until 90% of your employees are out with the flu to put the hand sanitizer out, and don’t be like me and wait for a record snowfall to occur to realize I need an ice scraper. In short, don’t wait to test your BCP until a disaster is upon you. The time to prepare is now.

Blind spots only exist until you turn your head.