Many organisations scrambled to develop and implement their pandemic response when COVID-19 surfaced; here are a few things that may have been overlooked
Evidence from the World Economic Forum and many insurance firms shows that the threat of a pandemic outbreak, which once rated as one of the top risks to business, slipped down the priority list over the last five-to-ten years. As a result, many organisations scrambled to develop and implement their pandemic response when COVID-19 surfaced.
As restrictions are starting to ease and organisations are discussing recovery and the ‘new normal’, now is not the time to be complacent. It’s important to consider a few components that could be missing from your business continuity pandemic plan that could resurface in the coming weeks and cause further delays in recovery.
Here are three components you may not have considered:
1. Data Centre Failure
While cleaning services have increased for those offices that need to remain open, some businesses have reduced cleaning and regular maintenance requirements with staff working from home. This includes air conditioning and heating that could affect the temperature of server rooms and data centres. If your data centre does fail or server goes offline, have you considered whether IT staff can go onsite, or do they have access to troubleshoot remotely? Similarly, what if parts need to be replaced? Does the company have spare parts easily accessible, or will supply chain disruption affect how soon a data centre can be operational again?
2. Cyber attacks
According to a study conducted by ISACA in regards to security and COVID-19, 80% of organisations shared cyber risk best practices for working at home with employees as self-isolation measures began. However, 87% of respondents still say the rapid transition to remote working has increased data protection and privacy risk.
The media has well documented that cyber attacks and phishing schemes have increased during COVID-19. Many companies modified and relaxed security requirements in order for professionals to be productive at home. What security requirements did you change that could make your organisation a potential target? Did your suppliers or partners change any of their security measures? If so, a hacker could come in through the back door.
3. Impact on your employees
Your employees are your most valuable resource, so you want to do all you can to protect them from the pandemic, and provide assistance if personally impacted. This includes mental health services to assist them during self-isolation. Does your organisation have plans and resources available to employees to deal with any mental health issues and to stay mentally fit?
Similarly, many organisations have had to reduce the workforce either temporarily or permanently. If you are reducing staff at this difficult time, you must do so with compassion and clarity, and you must also ensure you can continue to meet the fundamental requirements of the organisation.
While government stimulus plans may be assisting financially, have you considered how to keep staff engaged and motivated while off work? Many organisations I am speaking with are implementing training programs and allowing staff to learn from home, upskill and obtain certifications.
There is also the operational risk to consider that is often created by staffing gaps, such as reduced network or systems monitoring, slower response times to critical events or delays in reporting issues when just a skeleton crew is working. Have you considered how to mitigate these risks and when employees will be rehired?
Several countries coming out of isolation have experienced a resurgence or “clusters” in coronavirus. As restrictions ease and the crisis management team and leadership teams look at recovery, now is the time to review your business continuity plan for lessons learned. What worked? What didn’t work? Which assumptions were correct and which were outlandish? What should be fine-tuned in your plan knowing what you know today?
As you start to plan for business as usual, consider the ‘3C methodology’. What should you “Continue” in the new normal, what should “Cease” and what should you “Commence”? Your answers to these questions will greatly aid the organisation if there is a second wave of the virus, and also provide strategic direction to your senior leadership team as they prepare for the future. To fail to do so is to miss a rare and unique opportunity to run the plan through the recent reality.
There will be much preparation and discussion around retooling for the new normal, but ensuring you’ve considered some potential new risks and reviewed your implementation to understand where the stress points and strengths are, will prepare you moving forward.
Susan Snedaker is a recognised IT leader, ISACA member and award-winning author. She writes about business continuity planning, operations management and IT leadership at www.susansnedaker.com