Business Continuity in the COVID-19 Environment
During this time of crisis, businesses are continually adapting how they conduct themselves. It is times like these when a business continuity plan (BCP) is tested. While there are numerous factors to consider when adjusting the work lives of your employees, prioritize these first.
1. Employee Safety
The most important element of a BCP is safety. With the rapid advancement of the SARS-CoV-2 virus and the incidence of COVID-19 (COVID-19), many are looking to their governments and employers for guidance. It is vital to keep transparent communications open and address your employees’ concerns. While this evolving crisis has many uncertainties, communications with your employees should include the most accurate, up-to-date information available. This will help you build trust in your business continuity strategy.
In addition, it is important to stay informed about any cases that have occurred in the surrounding area that employees may have visited. This is important as your employees may not realize a visited area had the potential to infect them, and with some cases of COVID-19, symptoms can take days to appear.
2. Continuous Work Environment
Regardless of the BCP’s maturity, some work environments lend themselves to an easier transition to remote offices than others—especially those that provided the option prior to the outbreak. Be careful! A hasty transition can leave you vulnerable to security risks.
One of the greatest challenges to remote working is a potential decline in productivity. Working from home poses many distractions. Combat interruptions by keeping communication channels open between employees and their supervisors. Provide tips and best practices to help keep your workforce effective. Tips include:
- Removing cellphones and other personal devices from the workstation
- Eliminating unnecessary noises
- Working in an enclosed room to help prevent family/pet distractions
For organizations newly switching to remote access, data security can be overlooked to expedite normal operations. Help protect your data security with these tools:
- Endpoint security
- Mobile security (If you have a BYOD, or “bring your own device,” policy)
- Awareness training
Physical data security is a major concern. It is impossible to know every employee’s environment. That is why it is essential to keep your workers informed with best practices. Examples include:
- Keeping devices in a secure location to help prevent physical damage, e.g., spilled water
- Shutting windows during business calls to mitigate eavesdropping
- Securing the home all hours
- Locking devices when not in use
Be sure to communicate your organization’s policy for potentially damaged or stolen hardware that occurs while working from home.
3. Your Primary Place of Business Is Just a Mailing Address
COVID-19 is requiring many employees to work from home, leaving the physical location of many businesses empty. Do not let your building’s security become an afterthought. Revise your plan if your building’s security is not already outlined in your BCP.
4. Building, Updating & Testing
COVID-19 has had a widespread impact, affecting everything from small retail stores to international corporations to local governments. The lack of a BCP will hinder businesses from resuming operations in a timely manner. It is essential to develop a BCP sooner than later. If you already have a BCP, consider revising it to reflect lessons learned from current events.
Now is a good time to evaluate your BCP and determine whether any changes should be made. When assessing, consider these questions:
- What is my timetable for returning to normal operations?
- What shortcomings need to be addressed?
- What employee feedback should I incorporate?
Any findings should be updated to the BCP and noted as revisions.
Even after the COVID-19 outbreak is resolved and you are back to normal operations, it is important you continue evaluating your BCP. This can include creating role-play scenarios, e.g., office building is destroyed, data is compromised by ransomware or a natural disaster occurs. These exercises can range from full-scale enactments to easier, less costly tabletop sessions. Playing out these scenarios will help you prepare for potential real-life events and provide valuable insight for improvements.
You can develop your own BCP with online resources or with outside advisors. BKD has extensive experience helping organizations create robust BCPs with these services:
- Impact analysis and risk assessment
- Policy development
- Program assessment, validation and verification
While it is impossible to eliminate all business risk, there are actions you can take to help shore up vulnerabilities. We are here to help with your cybersecurity needs. If you have questions on this topic, reach out to your BKD Trusted Advisor™, submit the Contact Us form below or visit bkdcyber.com. Follow us on Twitter @BKDAdvisory or visit our COVID-19 Resource Center for relevant news, changing guidelines and new regulations.