COVID-19 Pandemic and Business Continuity Planning: Be Proactive, not Reactive
If COVID-19 has taught the business community anything, it is that Business Continuity Planning must anticipate ALL disruptions, including pandemics. Businesses plan for hurricanes, tornadoes, and other natural disasters, but not for human-related national or global catastrophes, such as the COVID-19 global pandemic. What must businesses do to be prepared for any kind of disaster, including various planned attacks?
I emphasize that amidst this crisis, businesses see a shift from a primarily office-oriented environment to that of a workforce entirely remote in support of this unforeseen paradigm.
Most businesses were not prepared to convert to a wholly remote workforce. COVID-19 subsequently accelerated a crash course in continuity planning. This revealed everyone must know their roles and procedures as they relate to the recovery plan. Who do they contact, and when, as part of this plan? What type of information should be relayed and how often? Who approves the plan? What kind of training does the company implement? Businesses were not only unprepared to answer these questions, but many companies had not even asked them. As a result, they were ill-equipped to handle this situation.
Additionally, managing resources is a labor-intensive effort now that most employees are working from home. With this pandemic being so high-profile, many companies need to focus on improving their network infrastructure. This involves revamping their servers to accommodate significantly more bandwidth given the unprecedented number of employees using the network at the same time. It also became essential for companies to have their system engineers constantly test these environments to know what circumstances will cause them to crash. This way, they could have alternate plans in place for mitigation purposes.
Without company-approved policies and remote networking capabilities in place, companies may also be exposed to unmitigated risks and security breaches. For example, if an employee needs their computer re-imaged due to infected malware, what’s the procedure for offsite reimaging when the workforce is 100% remote?
Whatever the risk’s nature, enhanced VPN capabilities are essential to ensure Internet Security and the continuity of business operations. In addition, the stress on companies’ security infrastructures often leads to risky, cost-cutting measures, thereby exposing companies to adverse impacts to their bottom lines.
As employees return to work, and businesses return to normal, there will be many challenges facing corporate leaders. It’s critical for businesses to examine their methodology, identify their customers, and quantify what resources (people, processes, and technology) are needed to continue delivering products/services to customers during unexpected, but certain, disruptions to business operations.
It is time to learn from past mistakes and prepare for the future. Now that the possibility of a global pandemic is apparent, businesses can do much to lessen future impacts. They can start by adding business continuity planning into strategic planning processes and utilizing the globally recognized standard ISO 22301 Business Continuity Management System. No need to be caught off-guard by the next catastrophe. Plan as if it will come; and your business will be ready regardless. Know your risk, know your strategy, and implement a plan to avoid disruption of services.