Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

5/14/2020
10:00 AM
Joan Pepin
Joan Pepin
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Ensuring Business Continuity in Times of Crisis

Three basic but comprehensive steps can help you and your organization get through adversity

What if your business is impacted by a natural disaster or your offices are suddenly closed due to unforeseen circumstances, say, a global pandemic? What's next? Is your business built to weather these storms? While nobody likes to think about the worst case scenario, planning ahead and putting together a Business Continuity Plan (BCP) will ensure that your organization is prepared for anything. 

While my company has had a BCP in place for years, COVID-19 provoked us to ensure that we had an actionable, pandemic-specific plan readily accessible. After creating our initial BCP and adjusting it to apply to our current reality, we felt our experience could be beneficial to other organizations, so we're sharing our process. 

Start from Scratch
In computer science, if hardware or a network has been partially destroyed or rendered inoperative, there's a limited function necessary to keep it going – that process of how the machine or system shuts down is called "graceful degradation." So, in a pandemic where your people could be out due to illness or permanently gone, you can apply the same question to your business: How do you degrade gracefully?

Start by evaluating the most critical functions of your organization that are needed in order to remain in business. Think of it like this – what is the thing that is 100% necessary to your business operations, what is the last thing you can discard before your doors would need to shutter? Once you've settled on these critical functions, work backwards. What do you need in order to keep these functions, well, functioning? 

For our business, we determined that our most critical function was maintaining service for our existing customers. While adding new customers is important, it was not deemed the most critical in times of crisis, so we prepared for a scenario in which our current customers were our only priority. 

From there, we imagined a scenario in which our global workforce of over 660 people was cut to just 10% of our original staff (unsettling, I know). We determined a plan for how to continue to service our customers with a sudden, undeniable strain on our workforce. Ask yourself, what is the minimum number of employees your organization needs to guarantee you can maintain your critical functions? Identify that number and continue to work backwards. 

Bulletproof Your Critical Functions 
Whether you plan for a scenario where 10% of your employee base needs to be cut, or only 10% will remain, you'll need to assess whether the remaining employees can protect your critical functions. 

Take for example, when adjusting our BCP to address concerns related to the COVID-19 pandemic, we considered a scenario in which all of our Seattle-based employees were suddenly ill, leaving the remaining workforce unable to complete a critical function. To avoid this, we implemented what I like to call the "hard drive tolerance" approach to cross training. To be considered fault-tolerant, hard drives are designed to have their data backed up in five different places, resulting in five different copies. With this in mind, we made plans to ensure that five people, all located in different areas, each understood how to perform specific critical functions. If your organization is unable to rely on separate geographic locations, I recommend considering cross-training staff within different departments.

Update Your Plan Regularly 
As your company evolves, your BCP should evolve too. Once you've completed an initial BCP, your team should revisit the plan twice a year to make any necessary revisions and keep it up to date. An outdated BCP will only cause further complications and stress when your company needs to reference it. During times of crisis, I recommend updating your BCP on a more frequent basis, about once a month. 

Identifying your business critical functions and the steps and number of employees it will take to keep them operational will strengthen your organization during times of crisis and beyond. From personal experience, I can confirm that a business continuity and actionable pandemic plan will make your organization stronger. Your teams will gain a better, more comprehensive understanding of their function and their greater impact on the company, your management will learn clear and actionable communication skills during an emergency, and your employees will rest assured that your organization is prepared to weather any storm. 

While the hope is for a BCP to remain untouched (aside from the occasional updates), creating an actionable continuity plan will ease stress amidst disaster and help to ensure that your business can keep its doors open.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "Cybersecurity Home School: Garfield Teaches Security."

As CSO, Joan is responsible for the holistic security and compliance of Auth0's platform, products, and corporate environment. She brings 20 years of experience to the role, with a career that has spanned a wide variety of industries, including healthcare, manufacturing, ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Inside North Korea's Rapid Evolution to Cyber Superpower
Kelly Sheridan, Staff Editor, Dark Reading,  12/1/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-29565
PUBLISHED: 2020-12-04
An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the...
CVE-2020-5675
PUBLISHED: 2020-12-04
Out-of-bounds read issue in GT21 model of GOT2000 series (GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, and GT2103-PMBD all versions), GS21 model of GOT series (GS2110-WTBD all versions and GS2107-WTBD all versions), and Tension Controller LE...
CVE-2020-29562
PUBLISHED: 2020-12-04
The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
CVE-2020-28916
PUBLISHED: 2020-12-04
hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address.
CVE-2020-29561
PUBLISHED: 2020-12-04
An issue was discovered in SonicBOOM riscv-boom 3.0.0. For LR, it does not avoid acquiring a reservation in the case where a load translates successfully but still generates an exception.