Business Resilience during a Pandemic

Blog 1 of 5

This series of blogs is designed to help leaders better perform during a pandemic by gaining control of the situation by developing options.

In a situation like a pandemic, it’s easy for a business leader to feel powerless. That feeling comes from a lack of options.

At the start of COVID-19, if you had business continuity or crisis management plans in place, you had confidence that the work had been done and the choices had been made maximising your options.

If you had a reactive approach, let’s be honest WFH was your only option and you found yourself “between the hammer and the anvil”.

Congratulations, you made it through either way, you are here and it’s on to the next challenge.

Your next challenge will likely be during this pandemic. So ask yourself, when the time comes, do you want options?

Blog 2 of 5

If you managed to successfully conquer the first hurdle of the pandemic without having in place business continuity or crisis management plans, remember that was the first hurdle and there are more challenges to come in this pandemic, Lightning strikes twice.

It’s likely you are still searching for answers. First, you need to be sure, you’re asking the right questions.

Work with your crisis management team and ask the following:

  • How sustainable is our business continuity plan?
  • What are our new operational risks?
  • What is our ‘Perfect Storm’ scenario?

It’s important within the current state to envision plausible scenarios, then test your resilience in these areas.

Given the new state of ‘normal’ also take a look at your ‘worst case scenarios’ and if you have done this in the past, see how they have changed.

  • Have they increased in likelihood; do they seem more plausible now?
  • Has the impact, or velocity of the scenario changed?
  • Will business disruption be more prevalent or immediate?

Use this exercise to develop new contingency strategies to enhance your ability to anticipate, prevent, respond and recover.

Blog 3 of 5

Having achieved your new business as usual, what is the aftermath?

We all are aware by now, there has been a significant increase in cyber threats.

Have the changes in business dynamics and activities, increased the likelihood or impact of a Cyber Security Event?

Some things to consider, under your new circumstances;

  • Poor configuration – Implementation of new technical tools without formal change control
  • User error under stress/inadequate device security – Staff working from home for the first time
  • Phishing – People are seeking answers and want to be kept up to date so are more likely to click on unsolicited emails
  • Data loss – Staff uploading documents and records to personal or insecure cloud services
  • Social engineering – Workers less vigilant to new requests or phone calls from people they do not know

What other changes have occurred within your own organisation that may expose you to a cyber security event, or increase the likelihood? In terms of how staff engage, how staff have reacted and how they use technology.

  • Have the changes impacted existing security controls or policies?
  • What new controls or amendments are required to prevent a cyber security event?
  • How prepared are you if a cyber security event were to occur during this current crisis?
  • Do your incident management or recovery plans or capabilities need to change?

Blog 4 of 5

We have found that many strategies for business continuity, did not consider suppliers outside of the organisation, which is probably fine during most events. However, during a pandemic, this is critical because we are all experiencing the same event.

If you rely heavily on a supply chain, or your business continuity strategies are reliant on them:

  • Have you mapped your supply network?
  • What is the impact of loss of their product or service on your own continuity plans?
  • What are the key risk indicators? (How can we predict a change?)

Staying in regular contact with your suppliers is key, understand what they may be going through and what may cause a disruption to their products or services.

  • Who in the chain is your weakest link?
    • Are the suppliers already at their limits?
    • What if the current crisis is sustained, can they survive?
    • Do you need to run to the hills and find alternative suppliers?
    • Can you start to build redundancy or are you too late?
  • What is their new ‘business as usual’ (BAU)?
    • Is it acceptable?
    • How will it impact your products/services?
    • Are there new operational risks as a result?

Blog 5 of 5

There will be a time very soon where this pandemic will end.

People will come together for a big group hug and toilet paper will flow like the falling rain and we will resume services to business as usual (BAU) but it will be a brave new world.

  • What are the key indicators you will use to signify when to come out of the current crisis?
  • How quickly can your suppliers recover to BAU?

You will need to pick up on the changes quickly so that you can respond, inform and recover in a time efficient manner.

  • How can you plan the transition back to BAU?
  • What do staff need to readjust?
  • How quickly are staff expected to transition back to the office?  Is it likely to be gradual?
  • What retrospective work is required to ensure you comply with company policies, standards or regulations?  i.e. do you need to do a retrospective change approval for any emergency changes and expenses that occurred?
  • Do you need to review supplier contracts?
  • How will you prevent data loss and manage the transfer of data and records back into systems?
  • Have you updated your asset register? Are you across who has taken equipment home (laptops/monitors/mobile devices/chairs)?
  • Are there any changes to your way of working that were positive that should be maintained as the new BAU? Which capabilities do you want to keep?

ISDefence is South Australia’s Premier Independent Business Resilience Company.

A couple of weeks ago, we offered free advice and the volume of emails encouraged this blog series.

We partner with our clients to build Business Resilience programs that may include Cyber Security, Business Continuity, IT Continuity, Information Security Management, Disaster Recovery, Privacy and Training.

The world has a very disconnected feeling at the moment, we decided to connect this blog with a relevant theme. This blog is dedicated to all that have music as their escape and live for live music. Postponed music events are worth the wait.

Get In Touch