Response plans provide to organizations the appropriate mechanisms for minimizing risk, loss and damage resulting from incidents such as COVID-19. As you are now aware, COVID-19, aka the Coronavirus, has spread across almost every continent on Earth. The virus has caused massive upheaval and societal changes in an attempt to contain the virus spread: Italy has effectively closed its doors to the world, quarantining citizens; many countries, including Canada, have placed stringent restrictions on travel to certain countries; airlines are cancelling routes causing major disruption to travelers.
The World Health Organization (WHO) has described the situation as ‘uncharted territory’. Companies across the globe are sending employees home to work remotely to stop the infection spreading. Schools, colleges and universities are closing their doors to students in many jurisdictions.
In a situation such as this, your business will be adversely impacted; in a situation such as this, we need to have a plan. Here, we look at the strategies to reduce the impacts on your organization, of any major event not just COVID-19.
Business disruption and service interruptions are expensive and can be unpredictable. When Storm Harvey hit Texas in 2017, it left a trail of destruction. The National Hurricane Center estimated losses of around $125 billion. Businesses were disrupted, staff displaced. Royal Dutch Shell Plc. shut down 15 refineries in Texas due to the storm. Many businesses in the path of the hurricane had to close doors during the storm and clean up the damage afterwards.
Similarly, COVID-19 is causing organizations the world over to take stock. The impact of COVID-19 is already being felt. Tech giants including Google and Facebook have closed offices and their strategy positions their employees to work remotely from home. Supermarkets are struggling with supply chains to keep up with the demand for products including pasta, toilet paper rolls, and hand sanitizers. On an individual level, workers in the gig economy are facing financial hardship. Not to mention, that from a cybersecurity point of view, cybercrime is unlikely to take a pause.
Some shortfalls anticipated in the business environment include workers and replacement skill, specialists, and supply chain failures.
COVID-19 is a challenge for any businesses in several ways.
Remote working is already an appealing alternative for many. In a recent poll on remote working, 99% of respondents would take up the chance to work remotely. COVID-19 is seeing unprecedented numbers of workers being encouraged and, in some cases, required to work remotely to reduce the spread of infection.
Key workers have specialist skills; if a specialist worker is impacted by a disaster or health issue, this may cause a bottleneck in production. With a skills shortage looming, for example, cybersecurity, teaching, and healthcare workers, acquiring that specialist skillset may be difficult without a retainer. (ISC)2 estimates the skill gap for U.S. cybersecurity workers is around 2.8 million.
To prepare for the challenges that national and international events, including COVID-19, present, we can turn to two tactics: Business Continuity and Pandemic Response Planning.
The vendor supply chain is a potential point of failure for a business because it is a dependency. Supply chain disruption is not only a concern during COVID-19; the increasing complexity of the modern chain puts business continuity at risk. Before engaging in replacement suppliers, take some time to identify your security requirements of them so as not to put your information or client data in jeopardy.
Every business, no matter how large or small, needs to have a plan to deal with worst-case scenarios. Hopefully, these Response Plans will never have to be executed but it is better to be prepared, than not. But what does Business Continuity and Pandemic Response planning involve?
Having a plan in place to make sure that your business continues to run under exceptional circumstances makes good sense. Business Continuity is about creating a management system (Plan - Do - Check - Act) to prepare for quality response and handling challenging events. This includes serious global issues such as COVID-19, but it also builds in resilience for more localized events such as a cybersecurity attack, operational and environmental threats.
Business Continuity Plans (BCP) describe plans, strategies, arrangements, and procedures to protect functions and minimizes interruptions. BCP planning offers a methodology to analyze the impacts and anticipates losses. It can guide teams on how to respond to and handle situations and begins the process of restoring and resuming critical functions. Most importantly, planning activities focus efforts on developing recovery strategies so that business risk can be appropriately managed. Your BCP will assure that strategies and procedures are in place to continue any critical processes within a time objective using finite resources.
On March 11, the WHO deemed COVID-19 a pandemic. With or without being labelled as such, Coronavirus is causing havoc for businesses around the world. Having a strategy in place to cope with events such as COVID-19 is vital in a world highly dependent on technological connectivity. Strategies and planning for a pandemic work hand in hand with other plans in your organization such as Security Incident Response and Handling, Disaster Recover and Business Continuity plans, which build resilience into your organization. With a well-conceived plan in place, you will have some control over a situation, that at times, may feel out of control.
Planning to respond to impacts cause by a Pandemic, or rather, by a shortfall of resources is vital to minimize business impacts. Think of Pandemic Response planning as a planning scenario within the BCP. It might also be thought of as an extension of the Disaster Recovery Plan (DRP). A DRP covers natural disasters such as hurricanes and pandemics, but it also covers human-made incidents such as cybersecurity attacks, where the availability of skilled personnel is essential.
Because modern business is so critically dependent on technology, responsibility to produce a well-thought out response anticipating pandemic impacts is shared between the BCP and DRP. Pandemic considerations should involve the following:
One important thing to remember: generally, disasters (including pandemics) are time limited. By acting now, you avoid having to make major decisions later in the cycle.
As your workers transition to working remotely, also consider aiming at strategies to improve technical inclusion and security.
In closing, it is worth a recap on some of the basic hygiene procedures to minimize the spread of COVID-19. The following details are from the WHO COVID-19 guidance for businesses, where you may read about the advice in more detail: