Arguably every company around the world has seen its priorities shift dramatically in recent days and weeks, as impacts from the spread of COVID-19 enter completely uncharted territory. Not only have supply chain concerns and fears of the economic fallout been top of mind, but disruptions in the workforce are prompting CIOs and CSOs to wonder how they’ll maintain daily operations if their employees can’t travel or even come into the office.
In areas where the coronavirus is active, enterprises are already seeing the effects. Infected employees, those in high-risk categories, and people who’ve had close contact with possible virus carriers have been hospitalized or asked to self-quarantine at home. There’s a strong likelihood more schools and daycares will soon close in an effort to contain COVID-19, forcing some parents to stay home to care for their children for anywhere from a few days to several weeks or more.
As updates on the disease’s progression fill the news cycle, many technology leaders are overwhelmed trying to keep up. Traditional business continuity and disaster plans cover what to do when the biggest impacts are to utilities and buildings. Few of them provide guidance on how to sustain daily activities when it’s the employee population that’s no longer stable.
COVID-19 has already prompted unprecedented efforts, with entire facilities and school systems shut down. To help you get through the uncertainty and anxiety caused by the virus, we’ve put together some key steps that should be first on your list as you work to shape your pandemic response plan and bring your technology posture in line with today’s needs. These baseline strategies will help ensure your organization is positioned to keep operations going even as the business environment is upheaved.
The primary focus right now should be on building your business resilience. COVID-19 is set to play havoc with how companies go about their day-to-day activities. The right level of flexibility will enable you to maintain operations even your normal protocols evolve.
That resilience begins with an evaluation of your core business systems. Most companies have a hybrid infrastructure, relying on a mix of on-premise and cloud- or Internet-based platforms. It’s an excellent way to leverage new technology while keeping costs down, but it means you need to develop a plan to ensure employees can continue to access the tools and data they need to do their jobs, even if they’re working remotely.
Now consider how much of your infrastructure is located on premise. If the spread of the coronavirus makes it necessary to tell employees not to come into the office -- or if community impacts such as closed schools or quarantine areas mean workers will be doing their jobs remotely -- how will your teams access those platforms? Think about the bandwidth you have available to facilitate that level of remote access to your network and determine if you need to increase your capacity.
Licensing requirements, such as for VPN services and other software, should also be considered. If you have 1,500 employees needing to securely reach the network but only 400 VPN licenses, how quickly can you address the shortage so people can telecommute without interruption? Your firewall architecture will need to be strategically configured in order to effectively manage these increases in traffic. Plans around segmentation and robust intrusion protection systems (IPS) should also be considered to provide the appropriate security against unauthorized access.
Unfortunately, hackers are using COVID-19 to their advantage. Phishing scams purporting to be from the CDC and other official agencies are already in the wild. Employees, eager for news on what’s happening and how to protect themselves and their families, are likely to click on links in unsolicited e-mails more than ever before. Your security posture should include a review of the systems you have in place to stop phishing campaigns and other inbound threat vectors before they hit employees’ inboxes, so you aren’t trying to shut down a potential breach while your team is working remotely.
For smaller enterprises and those already struggling to support hastily prepared remote work arrangements, even carrying out these core steps can be a tremendous burden.
The first critical step is to review the organization’s needs and formulate a strategy to optimally facilitate communications and collaboration in a quickly changing business environment.
Next is to develop short-term strategies to minimize disruption to operations as a strategic plan is developed to support the potential changes to your workforce.
Finally, it is imperative to evaluate and develop the right long-term approach to ensure an existing or enhanced business continuity plan delivers the kind of resiliency required to see your organization through whatever the pandemic response may yield in the weeks and months to come. And remember, in this “New Normal”, the only constant is change. And the only thing normal, is the unexpected.
As Chief Information Officer and Chief Security Officer, Jason Albuquerque is responsible for Carousel’s IT Operations, Enterprise Security and Compliance, and Innovation Center of Excellence. He brings the highest levels of leadership, industry knowledge, and agility to effectively respond to the rapidly changing innovation, business, threat, and risk landscape. Albuquerque has won Rhode Island’s 40 under Forty Award, Rhode Island’s Tech 10 Award, and is a seven-time National Public Technology Institute Solutions Award winner. He serves on Congressman Langevin’s (D-RI) Cybersecurity Advisory Committee, Tech Collective Board of Directors, and the Rhode Island Joint Cyber Task Force.