To protect your workforce and help ensure its continued productivity, it is critical to Review Business Continuity Plans Amid Coronavirus Outbreak
- Have you established a strategy that enables employees to continue to function without endangering them?
- Do you have a plan to isolate employees should the threat of possible infection arise?
- Can your employees work effectively from home?
- Do you have the tools, technology, capacity, and security measures in place to support a large remote workforce?
- Have you reviewed your HR policies to ensure employees will not be personally impacted if they must be quarantined for an extended period?
- Have you considered modifying any policies as appropriate to give greater flexibility to normal working arrangements?
- Have you determined your priorities and the minimum staffing requirements to support these priorities, in case you need to function with a significantly reduced workforce?
- Have you identified key employees and ensure other staff members have received appropriate training to comprehensively cover their absence?
- Do you have a communications plan that includes providing employees and other stakeholders with regular situation updates as well as actions taken?
With cases of the Novel Coronavirus (COVID-19) emerging daily “remote working,” or simply “working from home,” will be a centrepiece business efforts to maintain operations. With this is mind it is critical to ensure that the cyber security aspects of remote work are managed
- Have you reviewed your current information security and other similar policies to determine if there are any established security guidelines for remote work and remote access to company information systems?
- Are your Managers familiar with applicable security guidelines, plans, and policies, and ensure that pertinent information is disseminated down to their teams and throughout the organization?
- Have you reviewed your data breach and incident response plans to ensure that the organization is prepared for responding to a data breach or security incident?
- Have you informed your employees of the types of information that they need to safeguard such as confidential business information, trade secrets, protected intellectual property, work product, customer information, employee information, and other personal information (information that identifies a person of household).
- Is sensitive information, such as certain types of personal information (e.g., personnel records, medical records, financial records), that is stored on or sent to or from remote devices encrypted in transit and at rest on the device and on removable media used by the device?
- Have the employees been trained on how to detect and handle phishing attacks and other forms of social engineering involving remote devices and remote access to company information systems?
- Has non sharing of work computers and other devices been communicated to reduce the risk of unauthorized or inadvertent access to protected company information?
- Has a plan been put in place to make sure employees exclusively use the VPN when remote working and when accessing company information systems remotely?
- Have you ensured that security software is on employee devices and that all versions are up to date with all necessary patches?
- Have you set limits to employee access to protected information to the minimum scope and duration needed to perform their duties?
- Are there mobile device management measures in place that remotely implement several security measures, including data encryption, malware scans, and wiping data on stolen devices?
The coronavirus will have an impact on a company’s revenue through production slowdowns, difficulties in delivering goods or services to the market, significant drops in demand for the company’s goods or services, and delays in customers paying outstanding invoices etc.
Based on the above what is your strategy regarding risk in consideration of the Coronavirus (COVID-19) Pandemic?
- Have you considered whether your expected objectives for long-term risk strategies are achievable?
- Have you considered the range of financial outcomes (positive or negative) that might result?
- Will the risk to assets and personnel be acceptable, should certain threats escalate and crystallize?
- Do you understand the timeframes in which events might play out and the potential impacts on different parts of your business?
- Do you know what your second- and third-order consequences? (Every change you make to a system will have Second-Order Effects, which may affect the system’s functionality).
- How well do your current risk response strategies serve you?
If you would like more information on how we can assist you in any of the above tips please do not hesitate to contact us at firstname.lastname@example.org with your contact details and we will get back to you.