As details around the novel coronavirus (COVID-19) remain at the forefront of the news, the agility of Australian organisations and their ability to respond to potential disruptions to their business is being tested.
The evolving situation of travel restrictions, closure of schools and events, and the new self-imposed quarantine requirements have created unprecedented implications for employers and their workforce.
In times like these it is more important than ever to ensure your Business Continuity Plan is up to date and well tested.
We recommend considering six key areas when assessing your plan in the coming weeks during COVID-19:
- Do you have one?
A Business Continuity (BC) Plan is a comprehensive plan organisations use to reduce the risks and provide recovery options from potential threats that may disrupt operations.
Potential threats generally include natural disasters such as floods, fires, earthquakes and hurricanes, and currently disruptions to operations due to the COVID-19 outbreak.
A BC plan should not be confused with a Disaster Recovery Plan (DRP), which focuses on the IT function. It should, however, be a company-wide plan that ensures written policies and procedures are in place across all areas of the business and tested.
The main goal is to improve responsiveness by employees in different situations and ease confusion by providing clear and consistent information.
COVID-19 holds a real risk of disrupting your operations, so we recommend you assess your ability to enable and support a remote workforce.
- Is your team set up to work remotely?
Whilst a lot of organisations already have the infrastructure in place to support some employees to work from home, extending this across most or all of the organisation can be a very different matter.
Here are some areas to consider:
- Hardware: Will you provide your staff with laptops, allow them to take home their workstation or set them up to connect via their home computer? Each scenario has its own set of considerations, for example companies allowing staff to use personal (home) computers to access corporate system, often shared among the family, may open your organisation up to cyberattack scenarios you hadn’t previously considered or prepared for.
- Secure Connection: Ensuring a secure VPN (virtual private network) connection to your network is essential as an uncontrolled remote computer potentially creates other significant risks around cyberattack. Including a firewall or a unified threat management (UTM) device on the network adds an extra layer of security.
- Licensing: Do you have enough licences for staff to connect into your corporate systems? Security products such as the FortiGate device offer up to 10 free FortiClient licences which can be used to protect home computers, with the option to purchase up to 200 clients.
- Policies: It is important to provide employees guidelines around working from home, particularly if this is something you are enforcing across the business. What are the expectations for working from home? Are employees being conscious of security? Have the WHS (work health & safety) considerations been taken into account regarding fit for purpose working environments? How can you ensure business as usual remotely with minimal productivity loss?
- Can your team collaborate effectively?
Working remotely does not mean employees cannot communicate effectively.
Microsoft Teams provides an effective digital work space allowing for chat, meetings, calls and collaboration. Meetings can also be recorded for your staff to catch up on at a later date.
Other online web conferencing tools such as Zoom and GoToMeetings can provide effective meeting and collaboration spaces for the team.
And finally, with a cloud hosted voice system, staff can seamlessly work from home. Implementing a software client on to the computer, laptop or mobile phone will provide an experience similar to being in the office.
Investing in a headset and a web-cam can make the experience more effective, however most mobile devices have built in speakers and webcams that are effective enough.
- Can your team access their data
Microsoft’s SharePoint helps you organise and share important documents in a secure, structured manner from virtually any device, providing your team with a familiar working environment while working remotely.
- Is your remote connection secure?
With employees connecting remotely to your domain, ensuring a secure connection is vital. Multi Factor Authentication (MFA) is an authentication method which grants access to users only after two or more pieces of identification are confirmed.
Having two levels of security, will boost your ability to protect your most precious resources – your data and the privacy of your staff and clients. Intruders no longer just need a username and password to access your resources, as there is always at least one more method of authentication.
- Have you tested it?
Whilst most companies will have some sense of a Business Continuity Plan, most may never have had the time or resources to conduct testing.
Consider running a mock incident event to test your plans under controlled conditions. A mock incident enables companies to test their plans and consider changes or tweaks that can be added to ensure seamless activation and implementations when it counts.
A well thought out and tested Business Continuity Plan will ensure your organisation and your data remains secure and your staff productive during these uncertain times.