The coronavirus pandemic essentially served as a real-world stress test for organizations, and it remains an unpredictable force in our society. Leaders and executives are making significant decisions without reliable information amidst a constantly shifting economic and regulatory landscape. Whether your company adjusted to a painful new reality, pivoted to new products and services or experienced a surge in demand, all organizations should evaluate their ongoing response and pinpoint what worked, what didn’t and what could be improved. Today, we discuss key technology and risk management considerations when resuming or maintaining operations.
As mentioned at the start of this post, the pandemic is the ultimate force outside a business leader’s control. How you responded (and continue to respond) to these events and your efforts to keep operations running represent your business continuity plan. Whether or not it was a formalized document, now is the time to evaluate the effectiveness and efficiency of your actions as in-person operations slowed, transactions moved online and employees were decentralized.
Was your company ready to engage and support a remote workforce? Did you secure company data and provide sufficient levels of access? Did your team have the necessary resources required to perform their day-to-day responsibilities outside the traditional setting? In what ways were we unprepared? The answers to these questions can provide valuable lessons to shift from a reactive response to a proactive posture, which includes formalizing a plan for various scenarios, routine testing and evaluation, resource acquisition and training to make sure the team knows what to do and when.
The current business environment is pushing companies to conduct operations in different ways and from different places. It also opened the door to new security concerns and risks. The transition to remote work and online business was abrupt and sudden as the pandemic crisis took hold, which exposed technology gaps and created unanticipated scenarios.
Did employees have clear guidance to work securely at home? Did your company establish proper security configuration to safely engage with employees? In addition to general standards for performance and productivity, formal policies and procedures must be in place regarding the use of personal networks and devices to protect company information. Evaluate your network for proper security configurations that are necessary for the safe and secure transmission of data to remote employees.
Many organizations are tapping into third-party vendors to perform various functions as part of their coronavirus response in an effort to help reduce cost or realize efficiencies. While this strategy is common, engagement with third-party vendors must be vetted and conducted properly to avoid security pitfalls.
Start by establishing a right level of due diligence to make sure any new vendors have the proper level of controls and protocols to prioritize your services and protect your data. This could include some type of independent verification of the vendor’s control structure (like a Service Organization Control (SOC) report) that describes their controls in place for the safeguard of the company data, as well as their procedures to prevent or manage a cyberattack. Once engaged with the vendor, an organization should routinely monitor quality and availability of service, which is especially critical during times of crisis or disruption.
Ready to take stock of your continuity plans and risk management approach? RKL has a team of IT and security experts well-versed in the security challenges facing today’s businesses and the strategies and technology tools to mitigate them. Contact your RKL advisor or use the form below to get started. Stay tuned to our blog for upcoming installments of our Response and Recovery in Focus series and visit our Business Recovery Resource Center for more insights and guidance.