Your Business Is Ready For Viruses. Now, How About The Flu?

The dog days of summer may strike you as a bit early to begin thinking about the winter flu season. But not only is the time ripe for flu thoughts and planning, some pretty large business issues rest on getting a jump on the season's sicknesses, and their IT security implications.

Security implications? Sure.

In the first place, there's far more to business IT security than antivirus software, firewalls, user policies, and the rest of the digital defenses we deploy and erect. You know this as well as I do: You live with the range of digital and nondigital security issues every day.

In the second place, while the flu's bad every year -- according to the Centers for Disease Control the flu causes 200,000 hospitalizations and 36,000 deaths here each year, with hundreds of thousands more falling ill but not being hospitalized -- we're overdue for a bigger, deadlier flu, a pandemic.

As the CDC points out, even an ordinary flu season affects between 5% and 20% of the population, which makes it likely that 5% to 20% of your employees could be knocked low for a few days. You go through that every year, no doubt, and know its effects on productivity and operations.

Big Flu -- an influenza pandemic that spreads like wildfire through a third or more of the world's population, with death rates reaching a measurable percentage of that population -- is what's overdue and it's what has got public health organizations, governments, and businesses scared.

Big IT already is looking at the implications of Big Flu and, in fact, the financial services industry and the Department of the Treasury are running a detailed flu-disaster simulation from late September to mid-October.

A portion of that simulation, which will look at economic and services disruptions caused by a pandemic, will undoubtedly review the role telecommuting can play in mitigating, if not minimizing, those disruptions.

Which is where IT security comes in.

You're already accustomed -- or better be -- to addressing security issues for mobile and remote employees and staff. Those employees know the drill: up-to-date antivirus and etc. -ware, extra care when using unsecured or public networks, heightened vigilance about using computers in public places or anywhere where eyes other than their own can see the computer.

Now: How much planning and how much of a policy have you applied to circumstances that might have a substantial number of your employees working from home?

Think about it. The security issues apply to "routine" flu years and, for that matter, any time an employee works from home as well to mass outbreaks and pandemics.

Will the employees be using their personal home computers for telecommuting? If so, who else has access to those computers? How protected are those home computers from the most basic cyberthreats? How will confidential, sensitive, and proprietary data be transferred from their business computers to their home machines?

Will employees be taking company equipment to their homes? How certain are you that those devices contain only the materials, confidential or otherwise, that the employee needs for specific jobs?

How secure are you in your security procedures, practices, and policies regarding the remote access your business will be dependent on? Are you and your team up to speed on virtual private network security best practices?

While we're at it, what about the equipment and data and everything else that remains at the office, store, or plant while everybody else (or even most of them) are working from home? How secure are the facilities? Will you be leaving equipment and the data it contains in place or locking it away off-site?

A Plethora Of Issues
The more you think about the issues, the more issues that come up, most of them applicable to day-to-day telecommuting and remote workers as well as to disaster planning, recovery, and continuity of business.

What, for instance, are your policies regarding remote equipment and material when the remote worker is hospitalized? (And we all know employees who'll want to insist on taking work and probably a company notebook with them to the hospital. Don't let them.)

How covered are you for key-employee absences or incapacity (or, sadly, worse), particularly key IT security employees? Are their skills and system-knowledge backed-up as well as their data?

It will be worth keeping an eye on the results of the upcoming financial services pandemic simulation; I'll keep you posted in my blog. A report earlier this year indicated that the finance infrastructure was ready for large-scale disaster but not large-scale disease. (Which comes close to missing the point that once you get past the physical damage a natural disaster inflicts, there's not a lot of difference between the two.)

The advantage small to medium-sized businesses possess is their ability to address these issues promptly and thoroughly, efficiently and effectively. The time for that is now.

Flu season is as inevitable as the calendar, and it's never too early to begin preparing for it. Big Flu is just as inevitable, though far less predictable. Maybe it comes this year, maybe it doesn't.

Either way, the IT security issues raised here apply to your business and its ongoing health -- and not just during flu season.