Dan Shannon

ACQ Subscribe

When building a business continuity plan, banking institutions too often overlook certain key processes that must be maintained after a cyber-attack or a disaster, says Dan Shannon of core banking processor FIS.

"Many financial institutions focus on the hardware and software environment, but they really also need to look at the business processes and the customer-facing applications ... that can be impacted [in a disaster or attack]," says Shannon, who oversees the consulting services division for Fidelity Information Services.

When Superstorm Sandy hit the Northeast last fall, banking institutions learned that business continuity planning has to address how processes will be impacted by displaced employees, Shannon says in an interview with Information Security Media Group. When call center staff, for instance, can't get to work, how will the banking institution ensure it has enough manpower to field calls from customer affected by the disaster?

Many banks and credit unions fail to ask those types of questions when crafting disaster recovery plans, he says. "You really have to consider: What are the touchpoints you have with your customer?" Shannon says.

After Superstorm Sandy, one of FIS's bank customers completely revamped its disaster recovery strategy to address the challenges posed by displaced employees. "From a technology perspective, the bank's operations team and our information security team really walked through a plan to make sure that all customers' data was protected and that all security protocols were in place," he says.

During this interview, Shannon discusses:

Why distributed-denial-of-service attack response plans should follow the same steps that are outlined in a broader business continuity plan. How poor business continuity planning can adversely impact a banking institution's brand; Why interdepartmental collaboration is critical for address cross-department business processes.

At FIS, Shannon serves as a senior vice president, leading the company's consulting services division. Before taking on this role, he was managing director of the European division of Metavante Technologies Ltd. Earlier, Shannon led Metavante's consulting and professional services group.