Tech Accelerator

Guide to business continuity and pandemic planning

This guide explains the enterprise impact of the COVID-19 pandemic and how business continuity planning keeps organizations safe and in operation.

The COVID-19 pandemic revealed flaws in corporate business continuity and disaster recovery plans, as well as specific pandemic plans. Companies struggled to support larger numbers of remote workers, gain visibility into their supply chains and fully understand the long-term impact of the pandemic on their technology investments. Now that vaccines are being administered, companies can take time to evaluate the success of their pre-pandemic planning and close any gaps.

This guide and its related links will help IT and business leaders learn more about preparing for and responding to business continuity planning challenges, including global pandemics and natural disasters.

Business continuity and pandemic plans

The last pandemic that threatened businesses the way COVID-19 did was the H1N1 virus, or swine flu, which happened more than a decade ago. Much has changed since then in terms of how businesses operate, including the rise of remote work, the increased use of software as a service and other cloud-based applications, and just-in-time manufacturing and lean production strategies in supply chains. Also, businesses today are more global in terms of workers, customers, vendors, partners and suppliers, making business continuity and pandemic planning far more complex to test and carry out.

Illustration of coronavirus
An illustration of coronavirus

So where should organizations start as they try to deal with the impact of COVID-19 or prepare for the next disaster? Organizations should create and execute on a workplace pandemic preparedness plan along with business continuity plans. To familiarize employees and emergency teams with the plan, businesses should conduct preparedness exercises annually, if not more frequently. Use this pandemic recovery plan template to get started.

A pandemic impact analysis is critical to understanding how to help your company prepare for and recover from disasters. By filling out this template, business leaders will learn the critical roles, procedures and assets that must be considered as a disaster unfolds. Getting back to business as usual is going to take a lot of time and patience. The resumption of normal activities will depend on how well you execute your pandemic recovery plan.

Because organizations are so dependent on providers across all aspects of their business, they should well understand and have tested providers' pandemic plans. For instance, if the provider's own workforce is affected, it's important to know how the provider will maintain high availability of its application or respond to service issues. In many companies, line of business managers are the conduits to service providers. Therefore, managers must be coached on how to include providers in pandemic plans. Leadership should centralize service-provider relationship information in case the managers themselves are unavailable.

One of the most important elements of pandemic planning is to understand how employee skills complement one another. Conducting a skills inventory will let you know which employees could back up others if they are affected by an illness or unable to access the network.

Learn more about business continuity planning.

Developing a remote work strategy

One of the best strategies a business has for preventing the spread of disease in the workplace or dealing with disasters that impede a workforce's ability to come into the office is to have a comprehensive remote work strategy that ensures all users can securely access the tools they need to work remotely. This includes access to business systems, such as HR, payroll, ERP, CRM, unified communications (UC) and team collaboration tools, and email and file stores.

IT leaders across industries had to respond in real time to business and user requests regarding remote work during the pandemic, creating a roadmap for future disaster preparedness. Read about the challenges of supporting remote work and the possible solutions.

To start, IT needs to understand how user requests differ in a home environment compared to supporting users in the office. For instance, IT must allot more time to help users with basic tasks, such as assisting with a home office setup and securely connecting to the network.

According to survey results from Nemertes Research, 91% of companies now support working from home, up from 63% before the coronavirus outbreak. The survey also found that 72% of employees currently work from home, compared to 34% before the pandemic began.

Expert Paul Kirvan explained how to support a surge of remote workers during a disaster, including how to work with providers to have an emergency strategy in place. Although some companies may have already had generous work-from-home policies matched to network configurations with enough bandwidth and licenses, before the pandemic, many provisioned for VPN use by only 10% to 20% of staff. Post-pandemic, companies need to study current remote usage strategies and provision network resources accordingly.

UC and pandemic plans

Workers are embracing remote work as the new normal, so companies that haven't done so already would be wise to invest in UC, including collaboration tools and video conferencing. Integration considerations should be top of mind for organizations, including whether their corporate phone systems will work seamlessly with their collaboration tools, according to Jon Arnold, principal at J Arnold & Associates.

If an organization is going to ramp up its reliance on UC, especially video and voice services, then it must consider three key security threats, including denial-of-service attacks. Encryption is a major aspect of security that businesses must evaluate, test and monitor to be able to trust the technology as a safe and effective business tool.

IT teams that tried to depend on legacy UC architectures likely ran into trouble with the heavier work-from-home traffic. If so, deploying either a hybrid UC or fully SaaS approach might help resolve such issues. Adjusting bandwidth levels and implementing connectivity upgrades helped deal with video traffic during the surge in work-from-home traffic.

Licensing can also cause trouble when businesses are trying to rapidly ramp up usage. Getting a little creative with how applications are used can save some of the licensing complexity and costs of expanding an organization's pools of licenses.

According to Metrigy president and principal analyst Irwin Lazar, the remote work experience is enhanced by video conferencing because it increases engagement among participants.

But employees must be properly trained on how to use UC tools securely before a disaster happens. Training should include best practices for connecting to the network and cloud applications from their home networks. Otherwise, workers could unknowingly put corporate data at risk. Likewise, IT should make sure business-critical applications are up to date and accessible from remote environments so that they don't experience performance hits or introduce vulnerabilities.

Learn more about IT support during a pandemic.

Pandemic security preparedness

Pandemics, like other headline-making events, are enticing to cybercriminals who take advantage of crises to infect systems, steal data and disrupt operations. Their best way in, often, is through users.

In 2020, Kaspersky detected coronavirus-specific threats, including malicious files disguised as PDF, MP4 and DOCX files with names suggesting the attachment held useful information about the pandemic. What users got instead were Trojans and worms that could destroy, block, modify, copy or exfiltrate personal data and interfere with systems.

Security expert Ashwin Krishnan offered four tips to help protect businesses from security threats while supporting work-from-home strategies, including how to enforce remote employee security and privacy best practices.

During a disaster, organizations need their cybersecurity teams to be on their A game to protect the organization from threats and to alert users about phishing, ransomware and other malicious attacks targeting them and the business.

Companies need a plan for how to handle cybersecurity if members of the cybersecurity team are absent due to illness. Read these tips for updating your pandemic response plan to include cybersecurity management activities.

As working remotely continues, CISOs should revisit the security policies they may have relaxed to accommodate a ramp up in telework. A careful review will turn up vulnerabilities, and CISOs must tighten controls and insist on a return to strong corporate and industry standards.

IT must also mitigate the risk the home office presents overall and help users build a more secure environment. From wireless LAN access points to ensuring fast enough speeds and implementing cloud-based management where possible, organizations can utilize SMB tools to strengthen security for workers outside of the office.

Learn more about how to prevent ransomware and phishing during a pandemic.

HR's role in pandemic planning

For remote work to continue to be successful, HR must proactively manage work-from-home procedures and communicate productivity expectations, being realistic that employees who are less familiar with remote work technology might have a learning curve. Contributor Pam Baker offered five tips for HR leaders to successfully manage their organization's coronavirus response.

HR leaders should team with IT to share and enforce information security policies, practices and communications among remote workers.

The key to excellent communication during a pandemic lies within how an HR system is utilized. For instance, an HR system should enable businesses to keep employees apprised of important changes to corporate policies during a disaster.

In another article, Baker explained that HR's response to a pandemic affects how employees engage with work in a remote environment and how they collaborate with their coworkers. Organizations should expect to see budget shifts to account for a larger remote workforce. Managers should review their spending and prepare for increased investment in technologies that support high-performance and secure work-from-home strategies.

CDC recommendations for employer actions for coronavirus

Supply chain risk

Disasters wreak havoc on supply chains because they can force factory shutdowns, delay shipments and create workforce shortages.

The concentration of suppliers in a single geographic area creates risk for the supply chain during pandemics, as do just-in-time manufacturing and lean production strategies. For example, companies that migrated to just-in-time and lean approaches may not have the inventory on hand to avoid a disruption to product assembly or sales fulfillment.

To balance out these cost-reduction approaches and protect the business, companies can implement an "early warning system" with supply chain risk assessment tools. These tools offer visibility across the entire pipeline and alert businesses to slowdowns, interruptions and other issues. This insight helps businesses understand where they are most vulnerable so they can introduce redundancies, such as having suppliers and distributors located in different parts of the world. These seven supply chain management best practices will help businesses operate during pandemics and other large-scale disasters.

Dig Deeper on Disaster recovery planning and management