The woman leading the team helping Irish firms in the fight against cybercrime
An Irish businesswoman is leading a top international business continuity firm's first office outside the US, and its based in Dublin.
With over a decade of experience in business continuity management (BCM) and IT recovery, Elaine Tomlin is a perfect fit to head up Avalution's European headquarters.
Founded by Brian Zawada and Robert Giffin in 2005, the Ohio-headquartered company provides BCM, IT recovery and data security services to organisations of all sizes across sectors including banking, tech, healthcare, insurance, retail, education, manufacturing and utilities.
Dublin-based Ms Tomlin, also a global Board Director with the London-based Business Continuity Institute (BCI) and the incoming Chair of the Risk and Governance Committee of the BCI, has been leading the group's European expansion.
Avalution’s cloud-based software as a service platform, Catalyst, is part of the portfolio offered to Irish, European businesses and US businesses to make business continuity and IT disaster recovery planning easy and repeatable regardless of size, industry or geography.
Elaine Tomlin took some time out to explain what Avalution can offer at a time when cybersecurity is such a key issues for companies - and why BCM should be on every business's list for 2018.
Why did Avalution choose Ireland as their European hub - and you as its lead?
In addition to my 13 years experience in the industry, I was shortlisted for the “Business Continuity Manager of the Year Award” for both the European BCI Awards and Global BCI Awards and then again by the Continuity, Insurance & Risk (CIR) Magazine Awards.
Before joining Avalution, I managed an independent consulting company and that's when I met Brian [Zawada] before Avalution even considered setting up a hub in Ireland. The team reached out to me after our initial meeting and there was discussion about where the company would set up their European HQ.
Ireland became the obvious choice as it emerged as THE geography of choice for world-class businesses seeking expansion in Europe and impressed in terms of professional, high-performing, and business-friendly local business partners.
Avalution's service/product offering - why is that so important now?
Cyber attacks have become a global concern for firms, with data breaches, unplanned technical outages and adverse weather conditions all impacting business continuity, and therefore, the bottom line.
We specialise in creating business continuity and IT disaster recovery programmes that meet the unique needs of organisation of all sizes in nearly every industry. Avalution works with its clients to build credible, pragmatic and scalable programmes. Our team examine critical time-sensitive activities, assess gaps and issues and recommend controls and recovery strategies, all adhering to the various standards and regulations. It's very much about connecting recovery plans and controls to the strategy of the organisation.
With GDPR coming down the track, we've held a number of US and EMEA webinars around the impact of the new regulations to support the community around it. Part of the regulation highlights that firms must ensure timely system and process availability, restoration and resilience methodologies are in place.
Regardless of the new rules, taking the time to develop business continuity strategies can protect staff, clients, operations, profits, and brand. Understanding and identifying critical processes, gaps, and risks can enable effective response to any outage.
Four top tips for firms embracing a new BCM plan
1) High level senior management buy in/effective roll out company-wide
A lack of budget and resources is one of the top challenges faced in terms of BCM but having those at board level in agreement on the plan is only the first step. Communication is crucial. If the key employees are aware of what to do, how to do, and when to do it in the event of a major incident, your business has a better chance of survival. Potential operational, financial, and reputational loss and damage will be minimised accordingly.
2) Take time to identify risks - and make a plan
Aim to understand how each threat and risk impacts your business, and then identify the measures you already have in place to minimise negative impacts. When you have found gaps in the controls, make and document an appropriate plan to reduce, remove or accept these risks.
Back to communication again. Ensure all crisis/incident management protocols are clear and well-understood, with a particular focus on identifying what - and how - information about an incident should be managed and communicated both internally and externally.
3) Choose your team wisely/recognise responsibilities
Recovery support teams should be led by senior staff with experience and oversight in terms of critical processes, systems, interdependencies, and ensuring all employees are fully accountable for their recovery roles.
Note: The IT team is not responsible for the recovery of business operations from all causes – they are only responsible technology recovery!
The wider business function should take responsibility and ownership for non-technical operational recovery and potential interruptions to services caused by the unavailability of staff, workplaces, and third-parties, for example.
4) Train and test constantly
Key plan players with responsibility will require appropriate business continuity and recovery training, on a regular basis, and their accountabilities should be noted within their personal scorecard / performance objectives.
There are always plan gaps and performance issues that have not been considered. Testing and exercising helps to identify the gaps and provides an opportunity to address and close these corrective actions over time.