Covid-19 puts business continuity plans to the test
CIO’s need to brush up on business continuity planning as they strategize their response to the pandemic
19 March 2020 | 0
As the Covid-19 coronavirus rattles industry, it is more important than ever for IT leaders to ensure employees have the tools they require to work remotely and securely.
“When traditional channels and operations are impacted by the outbreak, the value of digital channels, products and operations becomes immediately obvious,” according to Gartner analyst Sandy Shen. “This is a wake-up call to organisations that focus on daily operational needs at the expense of investing in digital business and long-term resilience.”
For most organisations, that means a boost in business continuity (BC) planning. From executing “fire drills” associated with cyber-threats to spinning up additional data centres and communicating about the challenges of remote work, IT leaders are facing down Covid-19.
Here IT leaders share their plans to bolster BC, providing templates for peers to keep businesses humming smoothly in preparation for disasters – no matter what shape they take.
IT leaders shore up remote access
Since joining AvidXchange as CIO in 2018, Angelic Gibson has invested in BC planning to ensure that the SaaS provider of accounts payable software can serve employees and customers without a hitch. This includes enabling AvidXchange’s 1,400 employees to work from anywhere no matter what role they occupy. “There are pieces of business continuity planning that we’re starting to activate,” Gibson told CIO.com.
As the pandemic unfolded, Gibson stepped up “role-playing” activities, essentially testing to ensure that remote staff had the proper tools, including computers and collaboration software to ensure virtual meetings at scale through applications such as Microsoft Teams and Cisco WebEx. She also ensured that she has a handle on network traffic through the VPN, including testing volume, to make sure staff can connect to their business applications.
Gibson says the role-playing is akin to cybersecurity drills many companies execute to prepare staff in the event of breaches that lock them out of operations. This entails ensuring staff know how to do their jobs when they cannot physically come to the office. “I feel well prepared to run our business and support our customers through various scenarios,” Gibson says.
The cybersecurity drill provides a good template for facilitating BC for the current pandemics, says Gartner’s Shen, adding that C-level, operations and IT staff should practice emergency drills at least once a year to prepare for cybersecurity incidents but also disruptive events such as Covid-19 that threaten the continuity of operations. The goal, Shen said, is to identify gaps in policies, processes, technologies and workforce planning so they can make contingency plans to better prepare for future incidents.
Sound time management
CIO Alastair Pooley switched exclusively to remote working at Snow Software, a provider of SaaS-based software asset management tools based in Stockhom, Sweden. Pooley took pains to ensure that employees use corporate-issued laptops to perform their work, in accordance GDPR rules.
One advantage Pooley has is that more than 95% of Snow’s 120-plus applications run in the cloud and require employees to use multi-factor authentication. This zero-trust network access model affords Snow with more security, while enabling employees to access their apps and data from anywhere. “We’re well set up for remote work,” Pooley said.
Even so, Pooley had to ensure that Snow employees had enough capacity to access an order management system, software products the company develops and legacy file servers from the VPN. “We rarely have this number of people working remotely,” Pooley said. He also had to set up a call-forwarding system to allow customer service staff for field calls from home.
The technical challenges are minor; Pooley said he frets about the cultural aspect of remote work. At an all-hands meeting, executives stressed the importance of advising the rank-and-file not to overwork themselves, which can impair productivity, as well as the importance of setting up a quiet place to work and taking regular breaks. “It can be hard when they suddenly don’t have a commute and find themselves working more hours,” Pooley said.
Turning crisis into opportunity
During the current health scare it is incumbent on IT leaders to shore up “flat spots” in their organisations, says Stan Lowe, CISO for cloud security vendor Zscaler, who previously ran cybersecurity at PerkinElmer, the Department of Veteran Affairs and the Federal Trade Commission.
“Never let a crisis go to waste,” Lowe says, adding that the coronavirus offers CIOs the perfect time to “take a good look at things that matter to your organisation.” Lowe, who helped spin up an additional data centre in Milan to ensure Zscaler had enough computing firepower to support its operations as well as its customers, offered the following advice for CIOs and CISOs looking to get their arms around the challenge:
- Apps and data. CIOs must ensure that the right IT systems are fully operational. The top app? E-mail. “Without e-mail, places come to a screeching halt,” Lowe says. Of critical importance is ensuring that employees can access any top-tier software they require to do their job at home.
- Hardware and bandwidth. A lot of people in non-knowledge work sectors have desktops, so CIOs should consider whether to let those staff use their home devices in lieu of their work PCs. And they should ensure they have enough bandwidth to handle the external traffic. For most corporations, 70% of the bandwidth requirement is outbound. But with the rush to remote work flipping that model, CIOs should assess whether they have the network capacity to handle increased inbound traffic.
- Reassess your risk profile. As do data breaches, pandemics offer great opportunities for IT to evaluate their risk tolerance and consider creative ways to enhance security through technology or administration. Is IT equipped to fend off emerging cyberattacks and other threats? For example, Zscaler is seeing new phishing scams piggybacking on Covid-19, including one that purports to use AI to protect users from the coronavirus. “You have to make sure your business can deliver goods and services to drive revenues,” Lowe said.
- Communications culture. Mastering communications is the mark of a good leader, but many executives fail to loop in the rank-and-file staff during a crisis because they forget that they are not sitting in the same meetings with the C-suite, Lowe said. It is imperative that executives close the loop and keep all employees up-to-date regularly each business day. Microsoft’s handling of communications during the coronavirus outbreak is Exhibit A of how to be proactive and keep staff informed.
Facilitating trustworthy information is also paramount, says Gartner’s Shen, adding that data from unverified sources or the lack of data can impair sound decision-making and escalate employee anxiety.
Shen recommended that organisations set up a website, app or hotline featuring curated content to provide guidance to employees. These sources include governments, healthcare authorities and international organisations, such as the World Health Organisation (WHO).
IDG News Service