COVID-19 is the epitome of the word “disaster”, but not one you would have expected to see in your lifetime. If you Google “types of disasters”, you will find a slew of results ranging from fires, tornadoes, hurricanes, ice storms, active shooter scenarios, flooding, pandemics, etc. etc. etc. Like me, you probably never paid much attention to the word “pandemic” though and honestly never gave it much thought until now. COVID-19 has and will change the way we live, interact, and do business for a long time to come.
Preparing your business for a disaster, is simply preparing for the worst, the unknown, anything that will impact providing service to your customer! COVID-19 is a disaster that is affecting all types of businesses both large and small. It is having a detrimental impact on providing service to customers both internal to your business and external alike. Or is it?
A good Disaster Recovery/Business Continuity plan ensures that the proper resources, people, technology, and processes are in place to continue and/or resume business in an acceptable time frame with little or no impact to your customer base.
Over the last several weeks, you most likely have been thinking about or implementing things that have not traditionally been included in your DR/BCP plan such as:
Reaching out to your peers to brainstorm. Before this pandemic became a pandemic, I reached out to several colleagues to ask how they were preparing for this threat. This isn’t something I typically do so in reply I received a lot of “Are you being serious or are you joking Chris?” responses or a lack of response all together. However, I was able to get some very valuable feedback from many people that were already taking this situation as seriously as I was.
For example, you may have a documented DR/BCP plan with key individuals and stakeholders named within it, but you may have not considered what to do if those key individuals got sick or refused to come to work due to the fear of becoming sick. What if day cares and schools shut down? They did! While you may have a backup for key individuals, you need to ensure that key processes are always documented and available to reference. Documentation should be organic and change as the underlying technology, processes and/or people supporting the business change. Cross-training with said documentation should be paramount.
Hardening your Internet, Mobile Device Management and VPN infrastructure. As if life is not already challenging enough during this pandemic, now we are having to be even more vigilant to keep the bad guys isolated from our confidential data and infrastructure. Back in the day, we used to be more concerned about the perimeter infrastructure and a good firewall, IDS/IPS, etc. was a decent security posture. Fast forward to today and we are now having to deal with the true weakness in any business which unfortunately is the employee. Attackers are taking advantage of penetrating the network from the inside out now. We are now challenged with phishing, ransomware, malware, pharming, spyware, social engineering, key loggers, etc. A new exploit method is created daily it seems.
By implementing web filtering that prevents DNS DOS attacks, newly added domain spoofing, safe search technology whether on or off campus, you greatly reduce an employee’s chance of falling victim to many of these attacks.
Protecting mobile devices that have sensitive and confidential data on them is equally important. You have most likely been spending time on ensuring you can remotely patch, wipe, lock and/or recover cell phones and laptops if they are compromised, lost, or stolen.
Last, but certainly not least, you are protecting the VPN tunnel into your network by implementing split-tunneling, MFA authentication and group security ACL’s.
Right?
Adapting to the needs of your remote workforce. Workforce mobility is a necessary evil and a crucial piece to your overall DR/BCP posture. I say its evil because it extends access to your private network outside the brick and mortar of a building virtually anywhere in the world, which can be a very high risk if not done properly. However, without this capability many businesses would be dead in the water.
While your core focus is on the data center, backups, network infrastructure, redundancy, security, etc., you must fully test your ability to support your remote workforce and protect the security of your network all at the same time. Some of the things you may experience by doing so and will need to address in a timely manner are:
Poor system performance of applications and services due to nationwide utilization of internet circuits that provide VPN connectivity to employees at other businesses.
Poor system performance of applications and services due to over utilization of your primary internet circuit that provides VPN connectivity to the remote workforce.
The realization that critical functions and business processes have never been tested while working remotely.
The realization that employee connectivity (ISP) or internet hardware at home cannot provide the necessary speed and consistency required to work remotely.
The realization that you lack the ability to do functions that require hardware not installed at employees’ homes. I.E. Scan, Fax, Print, etc.
While this does not represent all the things that you may have been forced to consider or address, it is a good start. What have you been challenged with in your business as a result of COVID-19?