Of all of the business planning that we typically do, we don’t usually think of pandemic disease as one of the contingencies we need to plan for. We think of ransomware, data breaches, earthquakes, fires, and theft. But a global pandemic, such as the Coronavirus (Covid-19), probably wasn’t even a remote thought. The world is changing quickly these last few months, and now we have the very real prospect of entire communities and cities -- even countries -- being quarantined. Any day now, you might find that your entire office stays home from work, either sick or afraid of getting sick. What will your business do then? It’s better to plan to protect your business from pandemic disaster now than to let that day come without being prepared.
Notice: Get more helpful Cyber Security Information by signing up for our Cyber Security Updates email list.
Protect your Business From Pandemic Disaster
Protecting your Business From Pandemic Disaster means planning for a massive change or disruption to your business due to a pandemic disease like Coronavirus. What we want to focus on here is planning that involves the central nervous system of your business -- your computer network, communications, company operations, cyber security and overall Information Technology infrastructure -- because if the company can’t function, the company could suffer tragic losses.
We are not medical doctors, HR specialists, attorneys or business strategists. But we are IT and Cyber Security experts, and this is what you depend on us to inform you about. So the central issues that we can help you with regarding protecting your business from pandemic disaster are:
- Reducing The Severity Of Pandemic On Your Business
- Continuing Operations Without Key Employees
- Maintaining Security Of Your IT Resources
Planning for pandemic does not mean putting all of the following ideas into practice today. But it does mean creating a plan today, implementing the technology for the plan, and testing the technology and procedures as soon as possible, and certainly before they are required.
You might notice that none of the items are about preventing the pandemic from reaching your business in the first place. That’s because there’s really no way to do that. You have no control of your employees’ personal lives, but more importantly, most diseases have an infectious incubation period during which no symptoms are present but the virus can be passed along to others.
All viruses and all cases are different. The Coronavirus was thought to have a 14 day incubation period, but some authorities now believe it could be as long as 29 days in some people. Even the flu has an incubation period of between 1 and 4 days. Whatever the disease and whatever the incubation period, it is very likely that if an employee gets sick, they may not know it and still come to work, spreading the disease to others.
Reducing the Severity of Pandemic (Coronavirus) On Your Business
We’re not going to cover the very basics of preventing disease transmission, including washing hands frequently, covering sneezes, staying home when you’re sick (or not permitting sick employees to come to work), disinfecting surfaces, and so on. These steps are covered quite well in traditional media, and the CDC has issued its own publication about these techniques, which you should read next.
But we will focus on using technology to make all of these techniques more effective. There are several steps to using technology to help reduce the severity of a pandemic like Coronavirus on your business. The primary goal of all of these steps is to reduce person-to-person contact, which will help to reduce the spread of the virus at work.
Plan for Remote Workers To Slow The Spread of Infection
Many employers have fought against the idea of letting employees work from home for decades, mostly because they feel that there is little or no way to monitor an employee’s productivity when working remotely or at home. But today, we have many ways to overcome these concerns. More importantly, if your business is hit by a pandemic, you may have no other alternative if you want to keep your business running.
And some studies, including one cited in an article from Inc. Magazine, indicate that workers can be even more productive when working from home. So now, with the goal of protecting your business from pandemic disaster, have an open mind as you consider the following.
1) Determine who can work at home. Certainly not every employee can work at home. But many information workers can effectively work outside of the office, some with increased productivity and effectiveness.
2) Company Computers. Of course, there’s no such thing as an information worker working from home if there’s no computer there. The best strategy is to provide a company computer for the employee to use at home. They can be secured to only allow business access and applications, with strict monitoring and security controls. And, if company computers aren’t in the budget, a “Bring Your Own Device” policy can be quickly put in place...again, with appropriate security restrictions.
3) Remote Network Access. In many cases, remote workers will need a connection to your office network in order to access some company resources. A Virtual Private Network (VPN) allows a secure connection from a remote location to the company network.
4) Remote Cloud Access. One of the best features of Cloud computing is that it so easily enables remote workers. No longer does an employee need to be sitting at a computer attached to a local area network which connects to a local file server. That was the best way in the 90’s and 2000’s, but cloud computing is rapidly displacing local file servers and resources. You will need to allow remote cloud access for the employees you permit to work at home, but the technology was built to do this.
5) VOIP Phones. If you haven’t made the switch to VOIP (Voice Over IP) phone service yet, it’s time. VOIP phones allow calls to be answered at virtually any location. All it takes is the addition of a VOIP phone handset to have the full office phone features at home. And most VOIP systems don’t even require a handset because they have software that puts a virtual handset right on your employee’s computer.
6) Instant Messaging. Secure Instant Messaging technology can replace a walk down the hall to ask a question or have a short conversation. The problem with in-person discussions -- besides the obvious possible transmission of an infection -- is that the first person is interrupting the second person on demand. As a result, Instant Messaging can be even more efficient because it, like emails, are “asynchronous”, which means that the participants do not need to both participate in the conversation at the same time. They can respond when they are available.
7) Video Conferencing. When a face to face meeting is required or helpful, there are countless Video Conferencing and screen sharing services that can put co-workers in front of each other almost instantly. And when ideas need to be seen to be understood, virtual white-boarding, screen-sharing and presentations are all easily available. And when that weekly staff or strategy meeting rolls around, instead of all gathering close together in a conference room, breathing the same air and touching the same donut tray, Video Conferencing allows the meeting to happen without the transmission of infections.
8) Digital Signatures. Many company documents require signatures and approvals. But Digital Signatures have been around for over a decade now, and are considered legal for contracts and agreements. In fact, in many cases, they are more secure and preferred by many companies. And you can avoid the transfer of physical paper from one employee to another, or from one company to another, with a good digital signature strategy.
Many of these technologies and strategies can be used to reduce person-to-person contact for employees still in the office, too.
For example, on-site employees can attend meetings via video conference, even if the other participants are just down the hall or across the building. It’s a great time-saver, allowing employees to reduce inner-office commute times, walking from one office or meeting room to another. And of course, they’re not being exposed to possible contamination along the way.
Continuing Operations Without Key Employees
When a Pandemic hits, you face the real prospect of having to operate without one or many key employees. Preparing for your business continuity -- more general than the protecting of your business from pandemic disaster we are discussing here -- is a bigger endeavor than you might think.
In February 2019, we reported on business continuity and told the story of a cryptocurrency company, QuadrigaCX, that held $145 million of its clients’ funds. The CEO distrusted everyone and was the only person with the cryptocurrency key (password) information. Unfortunately, he unexpectedly died, taking the cryptocurrency key with him. It was stored on his laptop, but that was also secured with passwords and other technology. As a result, the company -- and the company’s clients -- lost $145 million.
This company had no Business Continuity plans, but your company needs to. Here are two excerpts from that article, with new commentary:
1. Write Company Operations Manuals. It happens all the time. “Only Carol from Accounting knows how to access the bank accounts online,” or “Bob has this special way of processing the orders for our biggest accounts.” And then one day, Carol leaves the company or Bob gets ill. What then? The company is stuck. All company processes should be well documented in Company Operations Manuals.
If Coronavirus or some other pandemic comes to your company, Carol and Bob (or their entire departments) might not be coming into work for a while, and they may not be able to answer any questions for you. Bills won’t get paid. Clients won’t get sold and billed, and your business will grind to a halt. You absolutely need to create proper business documentation. You need Company Operations manuals, and they need to be kept up to date, in order for your business to survive.
2. Use Password Managers. You need Secure Documentation and Storage of Logins, Passwords and Encryption Keys. And this is where QuadrigaCX could have used some help. Only one person had the ability to access their Cryptocurrency. If you have logins for critical services and functions that your company performs, make sure there is documentation -- both physical and digital -- so that the information is stored securely and can be retrieved in case of emergency. Some password management systems even have the ability of keeping passwords private (even from those who are able to use them) so that they cannot be stolen and used outside of the office.
Some of the most valuable corporate assets these days are the passwords and other credentials used to access company resources, such as banks, vendor accounts, and other resources. Allowing employees to “remember” passwords or store them in insecure spreadsheets or word processing documents...or pieces of paper taped below their keyboards...is simply asking for trouble. Remembered passwords can (and will) be forgotten and are totally inaccessible when the employee is incapacitated. And passwords stored insecurely can be hacked...easily. Create a company Password-Manager policy, which we discussed in June 2019, and implement it immediately.
3. Cross-Training. Something not in that prior article is the necessity to cross-train. Every mission-critical position or responsibility needs to have multiple people trained how to perform that task. This can be a major challenge, especially when it comes to financial resources, but if you want to ensure the survival of your business, it has to be done.
Maintaining Security of your IT Resources
Making all of these changes doesn’t come without risks. And protecting your business from pandemic disaster without security changes could result in even more disasters. That’s why every change you implement will require additional changes to your cyber security strategy.
- Network Segmentation. VOIP phones should have their own office subnetworks and special firewall configurations. Vendors often open holes in firewalls to simplify their installation, but they often open too much, allowing hacks and breaches. In March of 2019, we wrote about simplifying and segmenting your network for better security.
- Additional Bandwidth and Backup Internet. Your new services may require additional bandwidth. Make sure your new services are secure.
- Operations Manual Security. Operations Manuals need to be physically and digitally stored with high security. If the wrong people were to get access to your operations manuals, your business could suffer the consequences. As a result, secure the manuals, but create procedures to access the manuals in case of emergency.
- New and Stronger VPNs. If you’re going to have more employees from more levels in your company operating from home, you are going to need a strong and secure VPN. And it may need to increase your bandwidth to accept the new user load.
- Backup your new resources. Of course, as with all of your company data, you need to make sure that all of your resources are backed up. That includes the new company laptops you are sending home with your employees.
- Log and Monitor Everything. All of your network operations should be logged. If you’re adding external/remote users, their actions need to be logged, too. But logging isn’t helpful unless it’s also monitored by something like our SIEM, which provides continuous real-time monitoring of your security logs. And our Security Operations Center has actual live security specialists watching over everything.
Plan Now. Implement Now. Test Now.
This pandemic business planning list, as long as it is, is just a start. But it’s a critical start. And with the Coronavirus spreading so fast, the time to protect your business from a pandemic disaster is now.
- Plan now. Convene a team or committee and start your planning now. Determine which of these steps you already have, which ones you need to implement.
- Implement Now. The time for building your pandemic business plan is not when the pandemic hits. The time for doing that is now.
- Test Now. Once your system is built, test it!
And if you need help with any of this, Digital Uppercut is here and ready for you. We’ve already seen a rise in companies asking for our help implementing these strategies in the face of the Coronavirus threat, but it may not be too late for you...yet. Call us at 818-913-1335 or or contact us online today.
Notice: Get more helpful Cyber Security Information by signing up for our Cyber Security Updates email list.