Failures never make agreements; they don’t even knock on the door! But you have to be ready in case it happens to you. Here are some practical direct responses.
Business disruptions can affect organizations of all sizes in any area. Climate, control outages, political occasions, and of course, new to the list, pandemics. Organizations build resilience over time through comprehensive continuity planning. However, a major catastrophic event could test the effectiveness of these plans. The past few years have been an “on-the-fly resilience training” for many. The one big lesson is that planning does not have a bad side in avoiding pushing the boundaries of technology capability, workforce resilience, and existing business continuity and disaster recovery strategies.
Something is happening! The immediate actions
One of the recent practical approaches is to run multiple business models to find the best route out of the situation. It is imperative to establish a governance program to stabilize the current situation, evolve and then transition effectively. Every organization must quickly determine the extent to which they can carry out ‘business as usual’, both for the short term and for the continued operation of the business. While redesigning organizational resilience is a long-term initiative, organizations must define quick steps to achieve their initial best-effort business-as-usual.
When managing the multiple priorities, there are two categories that need to be addressed: people and processes and technology.
People and processes
One of the biggest changes in recent years has been the workforce approach, with many organizations adopting new approaches to what is an organization’s most valuable asset: its workforce. Follow these steps to protect it and ensure the continuity of the process:
Activate and join
- Activate business continuity plans and appropriate strategies.
- Engage the Crisis Management Team (CMT) to assess the impact of the situation and take measures.
- Determine the customer’s overall business impact and any other contractual obligations.
Setting up a governance structure
Create a program management structure to track statistics and set cadence/milestones for short and longer term crisis management, including:
- Representation throughout the organization
- Change management and process for identifying and tracking lessons learned
- Business processes change from task-oriented to result-oriented output
- Management of Change (MoC) process, including how to deal with remote worker trust and cultural impact
- Communication channel with staff and key stakeholders.
Assemble cross-functional teams to assess impacts on staff health and safety, as well as impacts of travel restrictions; the consequences for suppliers and customers; and the legal and statutory effects, among other practical effects.
Gather the troops
Mobilize the workforce without compromising safety as a top priority and key success factor. Establish a process to address common and recurring organizational-level issues in a structured and proactive manner, rather than solving individual user questions.
After ensuring the safety of its people and the continuity of the process, the organization should focus on the availability of its technology/IT infrastructure:
- Evaluate the impact for remote access, VPN, server, network capacity, and usage thresholds.
- Identify types of remote workers and ensure appropriate access control
- Ensure VPN capacity can accommodate the increase in traffic by allowing remote staff to access internal resources.
- Give all employees “how to” tips for remote working
- Continuously monitor the usage and uptime of applications, servers and network resources.
- Develop tactical plans to maintain/replace existing hardware for the remote personnel to avoid further complications while providing a support criterion
- Apply workarounds for all site dependencies based on the nature of the business; for example, payment processes for shops and suppliers that rely on scanners.
- Set up a process for each dependency, such as temporarily accepting vendor e-invoices to process payments.
- Sync often with customers and suppliers to create the workaround.
- Use remote, VDI, and intelligent collaboration options that aren’t dependent on the limitations of any platform, but still provide the ability to secure and manage data.
- Leverage cloud solutions such as MS365 as much as possible to ensure end-user productivity for the best user experience.
Once the sense of tackling the immediacy of a crisis has begun to evolve into more forward-thinking actions, the organization must focus on how its people will continue to thrive and how processes will continue to function. And think: has the immediate crisis led to better practices? Then see how you can move permanently to the new circumstance.
In terms of technology response, there is the opportunity to consider emerging technology solutions that can be used to improve performance and efficiency. With these ideas, you can limit the impact of disruptions now and in the future. However, with the recent turn of the workforce “work from anywhere”, be aware that any disruption or crisis can affect the work situation of employees, and the wake-up call is that the workforce is users of technology. It is no longer the case that the data center is the only consideration that needs to be addressed immediately.
In addition, the constant movement of data and processing to the edge via IoT means that businesses are equally dependent on ‘stuff’. There are many recent examples of malware or hacking paralyzing business operations.
We are in the era of groundbreaking digital disruptions; however, we must be equally imaginative and prepared for a wide range of risks.
Learn more at www.hpe.com/security
About Lois Boliek
Lois Boliek leads the Security, Risk and Management Practice for HPE Pointnext, Advisory and Professional Services. As a key factor in digital transformations, the practice’s mission is to advance security, as a business and technology enabler, to achieve faster time-to-value. She aligns her business strategy and focus areas to complement HPE, HPE GreenLake, and other practices to provide cohesive and relevant offerings to HPE’s customers.
Lois is a Certified Chief Security Officer and a Certified Information Security Manager. She is an active member of the EC Council C|CISO Board, where she offers her time and skills to develop the program and the C|CISO Body of Knowledge book. Her project delivery experience includes IT consolidations, secure internet banking, infrastructure security and identity management projects. Lois has also provided consulting services for IT organization building, IT operations, project management and application development.