What would happen if the internet went down?

by. Robin Remines

I know, I know … today’s spiritual gurus tell us to “live in the present” and harness the “power of now” but unless you’re freakishly gutsy and rely on good luck to ensure the safety of your data, you’ve probably caught yourself wondering just what would happen to your credit union operations if the Internet went down. Getting a handle on this risk and how to mitigate it doesn’t have to be complex – just methodical. So if you’re looking for a checklist to get you started, this post is for you.

Assess the Risk

To get a handle on internet risk exposure, it helps to first identify what you are using the internet for! I can recall my days of working in a credit union I.T. shop and seeing the dreaded “0″ balance on the screen when our connection to our 3rd party provider online banking went down . As a technologist, I understood words like “connectivity” and “service level agreements”. But the member just saw “0″ – zero! Over the years, when our ISP (Internet Service Provider) went down, it wasn’t just the member impacted but back office functions, loan officers and even our call center!

1) Start with an inventory of your processes (you should already have this from your Business Impact Analysis (BIA)).

2) Working with your department/functional leaders, ask the simple question “Does this require internet?” Be careful here, it’s not as simple as you think. Some answers will come back as “no, it’s an app on my desk” when really it’s a shortcut installed by I.T. to reach a 3rd party site. Or perhaps the software/system itself is in-house but certain functions (like credit scores, BK scores, auto valuation, etc). fail when internet service is unavailable.


Once you’ve identified your credit union operations Internet dependency level, it is time to mitigate the risk. How? Depends.

1) Start with looking at the BIA ranking of the Internet dependent processes and systems. Are any of them critical? These are the ones to tackle first. In other words, if your recovery time objective (RTO) of a process that is dependent on the internet is <24 hours (Critical) – you look at these first! It’s not rocket science, but it is deliberate and methodical. Once you’ve looked at the critical processes move onto the next most important.

continue reading »