Business planning during the COVID-19 pandemic

Working from home is not complicated. Most of us do so now and again. Accessing an internet connection is easy enough, and cloud office suites and SaaS applications make it seamless to transition from working at the office to doing so on the couch in your living room. But most organizations will not have supported so many employees working remotely, and employees themselves may be a little out of practice in observing best practices when working from home.

Business planning during the COVID-19 pandemic

We’re in this together as a business community. Here are some places where you can find the latest COVID-19 news and resources for your business and employees:

TAKE THE FIRST STEP

Fill out the form to download the white paper

Business planning for the coronavirus

Business leaders are asking about the impact the COVID-19 coronavirus will have on the economy, and what they can do to help their employees. Along with looking out for staff, businesses should also be considering prepping their own infrastructure for a disaster. There’s a good chance that not too much will happen to business plans, but there is a small possibility of severe problems.

Medical professionals have plenty of unanswered questions, but certain facts are known:

  • COVID-19 symptoms resemble common colds and flu, including coughing and fever. By the time a quarantine has been put into effect, some infected people have already left the quarantine area. So expect the disease to spread.
  • A vaccine will take at least a year to develop, test and distribute – and that’s the best possible case.
  • A treatment to mitigate harm may come soon, but there are no guarantees that one will be found.
  • The disease seems to be most deadly to the elderly and those with existing medical problems.

The World Health Organization reported (update on 27 February 2020, updates to be published) that the Hubei Province had 65,596 confirmed cases cumulatively, in a population of 59 million people, producing an incidence of just over one in 1000 people. So far 81% of the cases have been mild. The evidence so far denies reason to panic, but justifies contingency planning.
Medical professionals have plenty of unanswered questions, but certain facts are known:

Business challenges fall into two categories: direct effects and quarantine/restriction effects.

The most likely direct business problem is several workers falling ill around the same time. Because the disease spreads best when people are close, cases are likely to cluster among different work groups. One team working in close quarters may have several people get sick, while others in the company remain healthy. Thus, companies could lose one or two functions while otherwise operating at full capacity. Workers in open office spaces take more sick days than people in enclosed offices, so the company’s work environment affects their risk.Medical professionals have plenty of unanswered questions, but certain facts are known:

The most likely direct business problem is several workers falling ill around the same time.

The key business issue is what functions are lost when the illness takes hold. If the engineering department is late producing a new prototype, the company rolls on. If new order processing is struck, then the company could be severely damaged. And if a function such as tech support or production scheduling is hit, then slowdowns would spread across the business.

Companies may also face problems from quarantines, travel controls and limits on public assemblies. Public transportation may be closed or limited. These indirect effects are causing most of the economic damage in China.

Absenteeism among healthy workers may increase, as they stay home to care for sick relatives. They may also be unable to get to work if public transportation is shut down or they live in a quarantined area.

An existing disaster recovery plan may provide a good blueprint, though some do not address epidemics. Even then, however, they may list critical areas to consider. Businesses without recovery plans might consider these practices:

Tell sick employees to stay home. Businesses that do not offer paid sick leave should consider temporarily offering sick leave.

Identify critical employee groups. This could be a shipping department, payment processing team or any functions that the company absolutely must have operating every day. Then consider whether some of these functions can be covered by employees at a different location. For example, is it possible for one regional office to provide service to another regional office whose employees are sick?

With many people working at home, businesses need protocols to limit security risks.

Identify employees with critical skills who are not easily replaced on short notice. Look for others who could learn the task, recent retirees or consider an outsourcing plan.

Talk to critical suppliers of both goods and services about their ability to deliver reliably. Forward this article along to them, then have a conversation. Consider setting up alternative suppliers.

Ensure that work-from-home systems are running well, which includes computer security. Many businesses are now scammed by a fake email that tells an employee to send a payment to a new supplier. With many people working at home, businesses need protocols for phone conversations to limit this risk.

Plan to close some of your locations. Think through security and equipment maintenance issues ahead of time.

Most epidemics have a severe spike, followed by diminished disease incidence. The population builds up immunity, preventing further spread of the virus. This appears to have already happened in China, but not in Europe. So this outbreak probably won’t last too long. Epidemiologists note that sometime an epidemic flares up a second time, so uncertainty reigns.

Tips for secure remote working during the coronavirus outbreak

Working from home is not complicated. Most of us do so now and again. Accessing an internet connection is easy enough, and cloud office suites and SaaS applications make it seamless to transition from working at the office to doing so on the couch in your living room. But most organizations will not have supported so many employees working remotely, and employees themselves may be a little out of practice in observing best practices when working from home.

So now is definitely the time to review and enhance security around remote access to corporate data, at both ends of the connection.

Here are tips for secure remote working for employees, and for their employers.

Best practices for employees

We naturally tend to be more relaxed at home, especially when it comes to security. After all, we’re in the safety of our own homes, so what could go wrong? Unfortunately, cyber criminals are seeking to exploit exactly this sort of complacency with carefully-engineered phishing exploits and threats.

Here is some advice for employees:

  • Pay attention to passwords: It’s a good idea to review and strengthen passwords that you use for logging onto remote resources, such as email or work applications.
  • Be phishing-aware: Be wary of clicking on links which look in any way suspicious, and only download content from reliable sources that can be verified.

Research teams have uncovered that domains related to coronavirus are 50% more likely to be malicious.

Remember that phishing schemes are a form of social engineering, so if you receive an email with an unusual request, check the sender’s details carefully to make sure that you are communicating with colleagues, not criminals. Research teams have uncovered that domains related to coronavirus are 50% more likely to be malicious, so make sure to cast a critical eye over anything unexpected that pops into your mailbox.

  • Choose your device carefully: Many employees use their company computer or laptop for personal use, which can create a security risk. The risk is even greater if you use a personal computer for work purposes. If you have to use a home or personal computer for work, talk to your IT team about how to strengthen security – for example, by adding a strong anti-virus and security package to it.
  • Who’s listening in?: Does your home wi-fi network have a strong password, or is it open? Make sure it is protected against anyone within range being able to access and connect to the network.

With many people working at home, businesses need protocols to limit security risks.

Best practices for employers

This guide should serve as a starting point for organizations, whether their apps and data are stored in data centers, public clouds or within SaaS applications:

  • Trust no one: Your entire remote access plan has to be built using the mindset of zero trust, where everything must be verified and nothing should be assumed. Make sure that you understand who has access to what information – segmenting your users and making sure that you authenticate them with multi-factor authentication. Additionally, now is the time to re-educate your teams so that they understand why and how to access information safely and remotely.
  • Every endpoint needs attention: In a typical scenario, you might have people working on desktops inside the office. Assuming that their devices aren’t going home with them, you now have a slew of unknown devices which need access to your corporate data.
  • You have to think ahead about how to handle the threats posed by data leakage or attacks propagating from a device into your network. You also need to ensure that the overall security posture of devices is sufficient.
  • Stress-test your infrastructure: In order to incorporate secure remote access tools into your workflows, it’s critical to have a VPN or an SDP. This infrastructure must be robust and should be stress-tested to ensure that it can handle a large volume of traffic, as your workforce shifts gears to work from home.
  • Define your data: Take the time to identify, specify and label your sensitive data, in order to prepare for policies that will make sure that only the appropriate people can access it.
  • Make no assumptions about previous data management, and take a granular approach which will serve you well once remote access is fully enabled. No one wants to accidentally provide the entire organization with access to HR.
  • Segment your workforce: Run an audit of your current policies relating to the access and sharing of different types of data. Re-evaluate both corporate policy and your segmentation of the teams within your org, so that you can rest assured that you have different levels of access which correlate with the various levels of data sensitivity.

These cornerstones of remote access security will help organizations better protect their data and networks against threats and interception at both ends of the connection.