To run business, you need People, Facilities, IT & Communications equipment and Applications. The reliability and availability of these resources are critical to your business survival and building competitive advantage—complexity and risk increase in business uptime when one needs to integrate multiple entities and business partners across the globe.
Many organizations have developed Business Continuity and Disaster Recovery Plan that have rarely been put to the test in a real crisis. With the rapidly evolving business environment, the nature of crises traditionally planned for is changing. The increase in and growing impact of business disruptions is changing the continuity conversation from recovery to resilience. Organizations require adequate planning covering immediate response, decision-making, recovery, communications, and contingency plans for various scenarios which may suddenly arise. There seems to be a turning point in standard operating procedures to deliver on the “always-on” customer expectations.
With the rapidly evolving business environment, the nature of crises traditionally planned for is changing. For example, in more recent times, there is increased exposure to:
- Cyber risk, including Cybersecurity attacks such as virus, malware, ransomware, Denial of Service, Power Failure or IT equipment outage or data breaches due to greater connectivity and reliance on Applications
- Workforce risk including natural disasters – Fire, Flood, Earthquake, disease outbreaks, terrorism and workplace violence
- Reputational risk due to digital and social media platforms increasing the speed, nature and impact of information dissemination
- Third-Party risk due to the failure of a key vendor arrangements – service levels and compliance requirements
- Financial risk due to the increased volatility and interdependency of the global economy
The year 2020 has been relentless, demanding extraordinary mitigation interventions from our end. And now, we are dealing with the COVID-19 pandemic crisis. From cancelled conferences to disrupted supply chains, not a corner of the global economy is immune to the spread of COVID-19. One can send resources to alternative locations. But how do you run a global business when flights are grounded, public transport halted, and countries are locked down. The need for an effective risk reduction and Business Resiliency program has never been so evident. Business Resiliency Plan for responding to COVID-19 won’t be simple.
As COVID-19 has the workforce working remotely:
- There is increased strain on Networks, VPN, application bandwidth, and a potential shortage of staff which results in an increased risk of a Service Disruption.
- Cybersecurity risk is also on the rise due to anxiety-causing employees to overlook security training as they click on hyperlinks and opening malicious attachments related to COVID-19.
Here below, highlighting some areas that may be of concern:
- What initiatives are in place to ensure risk mitigation from IT System Disruptions and Cyber Security threats due to COVID-19?
- Are all IT services available to the remote employees and is your IT ready to rapidly resolve the issue that affects employee/client productivity?
- What tools do you use to monitor COVID-19, and it impacts on keeping IT Operations running smoothly?
- With an entirely remote workforce, there is a high dependency on IT systems to maintain productivity, what tools are used to facilitate collaboration?
- Are you prepared to rapidly execute your IT incident response plans to minimize disruption to your business?
- How do you ensure the Leadership Team is kept up to date on the spread of this Coronavirus? How do you manage your team’s response as the Coronavirus impacts business operations in any part of the work area?
- Have you made an investment plan to improve your preparedness to a similar event in the future?
- With the rapid increase in remote working in mind, European cybersecurity agency ENISA and many other regulatory bodies have set out a series of recommendations for companies moving to telework as a result of COVID-19. Have you complied to ENISA recommendations?
With following Cyber Security Controls, one can create safe and secure working from home –
- Ensure your Wi-Fi connection is secured. Use Strong Wi-Fi password.
- Ensure Endpoint Security tools such as antivirus and malware protection are in place and fully updated.
- Check all security software is up to date: Privacy tools, add-ons for browsers and other patches need to be checked regularly.
- All-important files should be backed up regularly. In the case of ransomware, for instance, all is lost without a backup.
- Lock Screen whenever moving away from the screen
- Make sure you are using a secure connection to your work environment. Check if you have encryption tools / VPN installed.
- Don’t open suspicious URL or email to avoid coronavirus-themed phishing attacks.
- Avoid co-working or shared spaces at this moment and that social distancing is critical to slow down the spread of the virus.
Digital technologies can also play a vital role in helping manage the situation better and transform your Business Continuity Management System. Digital Technologies come with a multitude of ways to present information. Dashboards condense large data sets into digestible numbers and provide an entire operational overview. Digital Technologies can help in implementing processes, Policy, Standard Operating Procedures, Incident Management and Crisis Communication plan and even BCP/DR Testing. The dashboards mentioned before would also serve as a one-stop-shop for improving employee experience who are looking for historical and current information.
Happiest Minds Infrastructure Management and Security Consulting Services’ Business Resiliency framework helps you to identify and be prepared to respond to threats before it strikes.
“By the time you hear the thunder, it’s too late to build the ark.”
is Global Practice Head – Governance, Risk and Compliance Consulting at Happiest Minds. He is Post Graduate Certificate of Management Studies from Universitas 21 Global Singapore and Bachelor’s in Engineering (Electronics), with 30+ years of IT experience. Sushil is a tenacious business leader with unique techno-functional experience in IT Security & Governance, Risk & Compliance, Business Resiliency Consulting. Sushil steered higher Customer Experience, practice Competency development and deployment with focus on reduction in cost to serve. He also represented at many conferences as a distinguished speaker.
