Few organizations had business continuity (BC) plans in place that could fully prepare them for the breathtaking disruption of a global pandemic. While many are still struggling to adapt to the new reality, it’s not too early to note the lessons of COVID-19 as they think ahead to future business continuity plans.
Crisis management experts say an important part of any disaster response is to take notes of gaps or shortcomings that need to be addressed while the crisis is playing out. Such details are often forgotten in the aftermath, so it’s a good idea to keep a journal that can inform improvements to the BC plan.
Here are some topics to consider.
Prepare to pivot to support a large remote workforce. For organizations that only provided their traveling people with laptop computers, the shift of nearly the entire office and call-center workforce to remote work has been overwhelming.
Many employees have been forced to connect to business networks from computers that lack company-sanctioned software, up-to-date malware protection, encryption controls and secure email clients. Security risks have been amplified by the need for some employees to share computers with roommates and children.
IT organizations should consider stocking a shared pool of laptops that people can draw upon in an emergency, recommends Brendan Carr, Product Manager for Cloud Solutions at Iron Mountain. At the very least, “Get information about home computers that may be pressed into service,” such as unique media access control (MAC) and IP addresses, he suggests. Employees should also have detailed instructions for downloading and installing the software they need so they don’t flood the help desk.
Ensure email resilience. “Without email, places come to a screeching halt,” said Stan Lowe, Chief Information Security Officer at cloud security vendor Zscaler, in an article on CIO.com. Most of us can relate. Nearly all email services today are cloud-based or have a browser-based “webmail” option. Employees who may not have access to the organization’s approved email client should know alternative means of access. They should also be warned not to forward business email to a consumer service, which may lack the security and auditing features the business requires.
Revisit operations that are critical to the business. The pandemic has demanded that organizations perform triage on their operations, quickly determining which functions are essential when downshifting into low gear. These may include internal operations – such as equipment maintenance, security details, janitorial services, IT support and contact centers – as well as outbound functions like field service. Develop a list of critical functions and plans to fulfill them, taking into account the possibility that some situations that may require quarantining employees on-site and providing such essential services as food, healthcare and accommodations.
Develop a skills backup plan. Healthcare organizations were swamped with calls to their contact centers during the first weeks of the crisis, requiring many to press employees from other departments into service. Consider how your organization would handle a situation that created a sudden demand surge or that took key people out of commission. HR organizations should consider building the equivalent of an in-house job bank that includes a skills inventory of the entire workforce so that the right people can be found to plug gaps during an emergency.
Review supply chains. The pandemic has revealed a painful downside to just-in-time inventory management as some retailers and manufacturers were caught flat-footed when their suppliers were shut down by illness or government mandate. Many experts believe organizations need to revisit their future supply chain plans with a greater emphasis on resiliency measures such as secondary suppliers and larger inventories.
Plan for distributed data backup. Employees who work in an office every day take data backup for granted because the IT organization has the task in hand. When those people are suddenly forced to work from home offices, the need for data protection may not even occur to them. Many of the 200 million monthly users of Office 365 probably aren’t aware that Microsoft does not provide backup services as part of the office suite. It expects customers to make their own provisions.
Backup has become an increasingly mission-critical function over the last two years in part because of the surge of ransomware attacks that encrypt primary storage devices and render PCs useless. Services like Carbonite‘s cloud backup solution run transparently in the background with end-to-end encryption of data over a secure connection. Iron Mountain’s strategic partnership with Carbonite enables Iron Cloud customers to smoothly integrate endpoint backup for one-site and remote employees into their data protection strategy.
Have a crash course security training program in place. Phishing attacks, which attempt to trick users into clicking on malicious links contained in legitimate-looking emails, have exploded during the COVID-19 epidemic as people hungry for information let their guard down. That’s just one of the cybersecurity risks the virus has created. There has also been a surge in the use of cloud-based file-sharing services and collaboration applications, which can create vulnerabilities if not monitored by IT. Organizations should have a work-from-home security checklist in place and the means to give remote employees access to authorized software and services that provide sufficient security and give IT visibility into availability and usage.
Rethink data center infrastructure and bandwidth. Many organizations are struggling to cope with unprecedented demands on their data center resources and networks. The sudden crush of employees connecting over VPNs can tax bandwidth and create a drag on network performance for critical operations. And as many businesses have shifted to selling more products online, performance slowdowns directly impact sales.
Organizations whose data center infrastructure is concentrated on-site have also been challenged to maintain service levels with staff whose ranks have been depleted by illness, isolation or social distancing. In contrast, those that have already moved large parts of their infrastructure to colocation facilities, managed service providers and cloud infrastructure have handled the transition with relative ease.
When planning business continuity strategies for the future, organizations should take a harder look at colocation for their owned infrastructure, says Sander Deutekom, Global Brand Manager for Iron Mountain Data Centers. Service providers “guarantee uptime, resilience and the ability to scale up and scale down as needed,” he said. “You can count on 99.9999% uptime.”
Colocation firms also provide on-ramps to a wide variety of network providers so that customers can choose the best combination of carriers for their needs. For example, Iron Mountain’s Amsterdam data center works with more than 50 carriers, Deutekom says. “We’re carrier-neutral, so we can help choose what works best for you.”
Crisis always contains seeds of opportunity. Organizations that learn from COVID-19 will emerge better prepared to survive future shocks while gaining new insights into their own operations.