In an effort to assist you to protect your business and stay in business during the coronavirus (COVID-19) outbreak, we have a straightforward checklist that you can use to plan for the pandemic situation at hand.

Whether you’re a CIO, CEO, IT executive, or employee that knows the importance of planning for the unexpected (especially when health risks are possible); you’ll see what can be done to protect business operations, organize staff and everyone who works with the company, as well as review existing and/or new technology and processes in place.

Although these measures are focused on aspects of cybersecurity, due to their foundation being one that involves a holistic cybersecurity posture, this means they take into consideration all areas of conducting business operations: people, process and technology. 

This is one of the reasons why we always try to get businesses to embark on a holistic cybersecurity posture and not just one aspect of cybersecurity.  Getting back to the pandemic planning checklist.

When you take into account people, procedure and technology for your pandemic plan, you are able to cover all your bases for any circumstance that presents a risk to business, including staff shortage.  It’s not only about your network or a data breach or training employees about phishing emails; it’s about all of this and more.

Let’s begin.

    • If you have one great, you want to revisit it with this particular pandemic situation in mind and ensure it includes how you are going to take care of potential sick employees with all staff, including your IT department and those who manage your cybersecurity posture.
    • If you don’t have a BCP, you want to move forward with developing one (even a short one).  Your BCP needs to include all the critical components to your organization’s operations, process and resources for continuous operation with staff working from home, and potentially getting sick (so in case that happens, defining who can replace them from within the company and/or what other options do you want to consider – such as outsourcing).

 

    • Whether or not you will be operating from the office, your network remains active and therefore requires security steps to ensure its safety from cyberattack and remote working risks. 
    • Ensure you have set up a way for your firewall rules to always stay up-to-date, that you have an intrusion detection/intrusion prevention system available to monitor your network (if not, please feel free to contact us to see if we can help), that your virus software and all business software are patched and up-to-date.
    • You want to get your IT department to render these areas available to them remotely to keep everything up to date while offices are closed.
    • You want to have someone who can substitute for the IT executive in charge of the management of your network security, just in case they get sick with COVID-19.

 

  • Incident Response Plan (IRP)
    • If you have one, you want to make sure you add to it an area that takes care of who can take over the IT member responsible for oversight of management of alerts and action to the threats alerted about.
    • If you don’t have an IRP, like with the BCP, you should get one set up and identify the person who oversees this aspect, as well as who can substitute them, were they to get sick.
    • Planning for incident response requires you to identify and catalog all areas of the business operations you conduct online and offline. 
      • You want to know how the online and offline data are being monitored for potential intrusion, and by whom.  Offline data, which includes files, can be stolen. This is still considered a breach that will require investigation and reporting.
      • You want to know what data you have, where and who has access to it, as well as on what software and technology it’s located (and accessible by others).
      • Your list should also include: the cloud, all devices (IoT, mobile, everything), your server(s), third-party apps and partners, and the systems you use to process payment and communication (emails).

 

  • Staffing Solutions (especially IT department)
    • First of all, you want to set up a plan to get everyone on the same page on what to do if they need time off for sickness.
    • Identify roles and tasks for all employees, including the executive team, as well as the IT department.
    • Decide on these areas: cross-training so you can have in-house staff replace each other; external consultants and experts for specific areas where you require that type of talent; and potential replacement with identified temporary candidates that fit the different roles with the skill-set needed.

 

  • Teleworking, Remote Working, Working from Home Cybersecurity Steps
    • Thanks to the online world and business operations already being conducted online for the most part or that can be organized to be conducted online, today staff can work from home.
    • Many businesses have already taken action to get everyone who can work remotely to do so.
    • The network and safety of conducting business operations is your main concern.  Here are two training videos that we have, that will help with this aspect of network and data security.
      • Home and VPN Security Training Video: https://training.ncxgroup.com/share/remote/1
      • Public Wi-Fi Security Training Video: https://training.ncxgroup.com/share/wifi/1

For additional help as you work on your pandemic plan, please feel free to reach out and schedule a free consultation.

Also, please remember that the effectiveness of your pandemic plan has to be set up for your unique business operations and team needs, a prefabricated one can be a foundation, but it won’t do if you don’t take into consideration all aspects of your business.

Stay safe, secure, and as always, you have us for any of your cybersecurity needs.  Please give us a call if you need help in these trying times.

 

Photo Courtesy of Maksim Kabakou