Business Resiliency in the Face of a Pandemic
March 21st, 2020
What doesn’t kill you makes you stronger. These are the words of German philosopher Friedrich Nietzsche. They are words sung by Kelly Clarkson in her song titled Stronger.
They are relevant words in our current situation.
The coronavirus pandemic is here, fully packed with its devastating impact. It continues to cause havoc across the world with governments declaring lockdowns and directing individuals and organizations to follow a strict regimen that would arrest the spread of the contagion.
Our first message: obey the advice from authorities; follow the directions to help arrest the spread. This way, we can avoid the worst there could be! We are all better safe than sorry.
It is clear that this pandemic caught most organizations (including our governments) unprepared. This is not unusual. Managing risks is made easier based on historical facts. Since there hasn’t been a pandemic like this one in Kenya before, the news of its arrival appeared remote to many organizations. The fact, though, is that it is here and we have to face it.
There are a few organizations that were prepared, whether by design or due to regulatory requirements. They have in place business continuity and disaster recovery plans which they have invoked. How well those plans would fare in the face of the pandemic is another matter.
Regardless of the preparedness prior to the current crisis, business resiliency must be a concern for each business regardless of size. Disasters don’t pick and choose when and who to hit. Organizations that have resiliency plans will fare much better than those that are not prepared.
Remember, your resilience plan cannot be perfect; it is intended to reduce risks that your business would face in situations like the present one. The plans are always ‘work in progress’ and a crisis such as we face today offers a stress test of the plans and a chance for improvements.
In our training and consulting on business continuity management (BCM) and disaster recovery planning (DRP), we advise that organizations assess the potential impacts of various disasters on their business. We ask organizations to identify the core functions of their businesses that would assure continued operations to assure their businesses survive. Based on the assessment (termed business impact analysis – BIA) organizations implement plans that would assure that those core services would be available.
Implementation includes putting in place policies, processes, governance, and accountability; it entails training users – those accountable for the plans, those who run the plans and everyone else in the organization. Implementation includes testing (simulating and otherwise) the plans. In testing a plan, an organization can learn the extent to which the plan would work. It would also identify any shortcomings in the plan. Testing allows the organization to fix identified gaps in the original plan.
In the case of pandemics like the coronavirus, organizations would often propose remote working solutions. Employees, especially those that support essential services, would be equipped to work without being physically present at usual business locations. Working from home, or some other designated locations, organizations reduce the risk of catching or spreading the virus.
Remember, though, that not all business activities can be performed remotely. For example, it very difficult to work remotely at a factory assembly line where physical presence is required. Healthcare workers have to be at the frontline attending to patients. Security personnel and other such services have to be at work at usual locations. Resiliency plans should consider such different requirements and build their plans accordingly.
That said, assume that you have prioritized your services and one of the solutions is for your workers to work remotely. It is important to assess what risks the new environment presents. Working remotely means that you extend your enterprise beyond its traditional boundaries, be it the physical office space or the logical technology space.
Remember that most people may not have an environment that would assure they are productive when working remotely. Examples: space at home may be limited; the places may lack reliable power and network connection; the chosen spaces may be prone to distraction in the environment; etc. These are issues you must take into account.
To succeed, ensure you have trained the workers on the needed discipline that would maintain productivity.
As well, remote solutions require the use of electronic devices to connect to your enterprise. Ask what risks this arrangement presents. Here are examples of questions you should ask yourself:
- Are your employees aware of the potential risks this working arrangement presents? Do they understand social engineering and how to avoid falling prey to scammers? In the current pandemic, there have been many reports of phishing (including some targeted at the World Health Organization – WHO) perpetrated by con artists, many of who are out to capture credentials. Training should include advising employees on the following:
- Double-checking links sent to them to ensure they are valid; offer a hotline where employees can seek assistance in case they come across something suspicious;
- Visiting only secure websites that use ‘https//’ versus ‘http//;
- Being careful about entering sensitive information into dubious website links or pop-ups; such activity is associated with harvesting credentials which can be used for illegal and malicious activities;
- Are the devices used to connect to the workplace secure? Examples: are the devices running reliable/licensed software? Are they patched of vulnerabilities? Do they run reputable antivirus/malware software? Is access control enabled on the devices?
- Are the devices used physically secure? Example: who has the physical access the devices and what could they do with it? It is common for children to use their parents’ work devices? What implication does this have on your corporate security? How about the possible theft of the devices? Suppose a device were to be stolen what risk does that present: unauthorized access and possible loss of the information? On the latter, the question is whether the device is backed up
Here is a link to more tips on staying safe online.
As the crisis trudges on, resiliency is key. Take time to learn from the experience and use this experience to improve your resiliency. Clearly, for those with plans, it will be a chance to make improvements from the lessons learnt. For others without plans, it is a chance to develop your plan.
Stay alive to assure you can thrive in the future. Be resilient! As German philosopher Friedrich Nietzsche said and Kelly Clarkson sang, “what doesn’t kill you makes you stronger”.
Team Agano Consulting Inc.