Was your IT team ready for the COVID-19 pandemic? Could your network handle the load of all your employees using the VPN at once? Did you have the right security measures in place to support remote workers? Did your IT team have the right tools to allow them to work remotely as well?
No doubt most IT leaders found that they were well prepared in some areas -- and less well prepared in others. And if you are like most, you probably spent the first weeks of the pandemic putting out fires as your team struggled to adapt to the new reality. You may have even had to deal with layoffs or short-term furloughs.
Now that regions are beginning to open up, enterprises are beginning to plan for another new reality -- one that may involve a combination of remote and office work, as well as new personal protective equipment and workspace disinfection requirements for any workers that are returning to the office.
In the midst of this next round of changes, some enterprise IT leaders are taking a step back and taking a more strategic look at their IT operations. As politicians are fond of saying, "A crisis is a terrible thing to waste." And many IT teams have discovered that the pandemic crisis pointed out weaknesses in their current infrastructure or flaws in their current strategy.
When times are good, planning for an emergency sometimes seems silly. But in the aftermath of a crisis, everyone understands that disasters do happen. Some experts suggest that this might be a good time to reflect on the lessons learned during the coronavirus lockdown and start implementing changes that could help your organization be better prepared in the future.
With that in mind, here are 10 steps you might want to consider to better prepare your IT organization for the next crisis.
1. Improve Your Support for Remote Workers
An April 2020 Gallup poll found that 62% of Americans said that they had worked remotely during the pandemic, and among large enterprises, that percentage was likely even higher. That situation is likely to continue after the acute phase of the crisis has passed. A separate poll conducted by IBM found that 75% of people said that they would like to continue to work remotely some of the time after the crisis, and a majority (54%) wanted to work remotely most or all the time.
Many organizations have already implemented some network upgrades and deployed more teleconferencing solutions to deal with the surge in remote work. Since this situation may continue for some time, it may be time to think about whether you need to make additional changes to your networking or VPN strategy to accommodate this new way of work. You may also want to consider whether the hardware you issue to end users is the best option for the current situation, and perhaps most importantly, whether your current security tools and policies are adequate for your needs.
2. Plan for Use of Personal Devices
With people confined to their homes for long periods of time, the lines between business and personal lives have become increasingly blurry. A survey by security vendor Entrust Datacard found that 36% of employees used personal devices to access company files while working from home and 29% of those using personal devices shared those devices with someone else in their household.
Security experts find those numbers particularly troubling given that cyberattacks have risen dramatically during the crisis. For example, phishing attacks increased 350% during March. In order to keep data secure, organizations may want to implement new security tools, change policies, and/or provide more education to their workforce surrounding the use of personal devices for work.
3. Lock Down Your APIs
Not only have phishing attacks risen during the pandemic, cybersecurity experts have also reported an increase in bot attacks on APIs. Anecdotally, vendor Cequence Security says that attacks on one customer's APIs spiked up 291% in late April, sometimes exceeding 100,000 malicious requests per minute. And the total attacks have continued to increase into May with no end in sight.
"These attacks will continue to escalate, so developers need to look at how to limit the value for anyone gaining access. If they are unable to steal useful information (data or code), the API becomes less attractive as a target," recommended Laurence Pitt, Technical Security Lead at Juniper Networks. "There are different ways to lock down an API, but in many cases, it is enough to ensure that it uses HTTPS for communication so that network traffic cannot easily be sniffed. Combine with additional authentication for access -- perhaps using certificates for sensitive data -- and the API now has protection in place."
4. Clean Up Code Vulnerabilities
As the pandemic has demonstrated, attackers view a time of crisis as an excellent time to launch attacks. Another way to prepare for the next crisis is to tighten up your code, paying particular attention to known vulnerabilities. A recent report from security vendor Veracode found that 70% of applications examined included open source code with security flaws. Relying on open source code can reduce development time for applications, but organizations need to make sure that they are maintaining that code and applying patches to open source libraries as they become available.
5. Increase Your Cloud Adoption
Most enterprises were well on their way transitioning toward the cloud before the pandemic began, but the crisis has made cloud seem even more attractive than before. Cloud-based apps make it easy for employees to do their work whether they are at home or in the office, and cloud computing can also reduce the management burden on IT and help control costs.
"CIOs are under enormous pressure to put a cloud-first infrastructure in place that ensures business can continue as usual, regardless of where their employees are working," said Rich Weber, president and CPO at Panzura. "Businesses that have already adopted cloud services because it makes access to their servers and data more ubiquitous and extensible can easily plug-in solutions that allow for faster and easier remote working at scale. Those that have resisted the move will now be facing questions around how to move servers and applications to the compute cloud and how to get the data integrated into their cloud architecture."
6. Deploy More Containers
Another trend that was well underway before the pandemic was the increasing use of containers. Containerization software like Docker and Kubernetes can simplify IT management, reducing the burden on IT in a time of crisis. Containers also make it easier to move workloads from one environment to another, which can also be helpful in a disaster situation. According to Peter Smails, CMO at Rancher Labs, "While it’s impossible to be fully prepared for a crisis, with regard to IT, technologies like Kubernetes can help organizations lower their TCO by improving resource efficiency within their hybrid cloud infrastructure, which has proven critical in the face of distributed and remote work forces. A proactive approach to digitization and commitment to Kubernetes today is certainly one consideration for best preparing for a future crisis."
7. Test Your DR Plan
While the pandemic did not result in data center outages, the next crisis very well could, making a disaster recovery (DR) plan essential. Most enterprises have a DR plan, but many don't test those plans as often as they should. If you don't have a regular testing schedule or you test it only once a year or less, now is a good time to think about getting on a better schedule.
Remember that you also need to maintain your DR plan. As your IT environment changes, you will likely need to update your DR plan in response. In addition, now would be a good time to incorporate some of the things you've learned from the pandemic into your DR plan.
8. Optimize Your Costs
The COVID-19 pandemic isn't just a healthcare crisis -- it's also an economic crisis. Companies in a wide variety of industries have been forced to reduce hours, lay off workers, or implement furlough schedules. And of course, some have even declared bankruptcy.
However, organizations with lower overhead costs were in a better position to weather the financial turmoil. To prepare for the next crisis, look for ways to reduce your IT expenses. For example, you may be able to cut costs by better optimizing your public cloud usage or by auditing software licenses and eliminating unnecessary expenses. Another popular way to reduce total cost of ownership is through greater use of automation.
9. Build Interpersonal Relationships on Your Team
A time of crisis results in greater stress for everyone, but teams with strong interpersonal relationships are better able to cope with emergencies as they arise. Right now, a majority of enterprise IT professionals are working from home, which can make it much more difficult for groups to communicate. In fact, a FinanceBuzz survey found that 49% of workers say it is harder to build relationships with co-workers when working remotely. To compensate, make sure you are encouraging your team members to have frequent video calls and to stay in close communication with their co-workers. If you have budget for training, consider investing in your team's "soft" skills as well as their technical skills, because those soft skills become even more important in a time of crisis.
10. Support Your Employees' Mental Health
Last but not least, remember that your team members are only human. And during a time of crisis, they may need extra support. Several surveys have found that during the pandemic, people are reporting much higher feelings of anxiety and greater feelings of isolation and loneliness.
Experts say that managers can help reduce anxiety by communicating very clearly with employees about what they know, what they don't know, and what steps they are taking to mitigate the crisis. They can also encourage the team to take frequent breaks and take care of themselves. In addition, some organizations offer mindfulness training, meditation, yoga, employee help lines, or other resources designed to support mental health. And above all else, managers should be prepared to respond with flexibility and kindness when a crisis arises.Cynthia Harvey is a freelance writer and editor based in the Detroit area. She has been covering the technology industry for more than fifteen years. View Full Bio