Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

5/14/2020
10:00 AM
Joan Pepin
Joan Pepin
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Ensuring Business Continuity in Times of Crisis

Three basic but comprehensive steps can help you and your organization get through adversity

What if your business is impacted by a natural disaster or your offices are suddenly closed due to unforeseen circumstances, say, a global pandemic? What's next? Is your business built to weather these storms? While nobody likes to think about the worst case scenario, planning ahead and putting together a Business Continuity Plan (BCP) will ensure that your organization is prepared for anything. 

While my company has had a BCP in place for years, COVID-19 provoked us to ensure that we had an actionable, pandemic-specific plan readily accessible. After creating our initial BCP and adjusting it to apply to our current reality, we felt our experience could be beneficial to other organizations, so we're sharing our process. 

Start from Scratch
In computer science, if hardware or a network has been partially destroyed or rendered inoperative, there's a limited function necessary to keep it going – that process of how the machine or system shuts down is called "graceful degradation." So, in a pandemic where your people could be out due to illness or permanently gone, you can apply the same question to your business: How do you degrade gracefully?

Start by evaluating the most critical functions of your organization that are needed in order to remain in business. Think of it like this – what is the thing that is 100% necessary to your business operations, what is the last thing you can discard before your doors would need to shutter? Once you've settled on these critical functions, work backwards. What do you need in order to keep these functions, well, functioning? 

For our business, we determined that our most critical function was maintaining service for our existing customers. While adding new customers is important, it was not deemed the most critical in times of crisis, so we prepared for a scenario in which our current customers were our only priority. 

From there, we imagined a scenario in which our global workforce of over 660 people was cut to just 10% of our original staff (unsettling, I know). We determined a plan for how to continue to service our customers with a sudden, undeniable strain on our workforce. Ask yourself, what is the minimum number of employees your organization needs to guarantee you can maintain your critical functions? Identify that number and continue to work backwards. 

Bulletproof Your Critical Functions 
Whether you plan for a scenario where 10% of your employee base needs to be cut, or only 10% will remain, you'll need to assess whether the remaining employees can protect your critical functions. 

Take for example, when adjusting our BCP to address concerns related to the COVID-19 pandemic, we considered a scenario in which all of our Seattle-based employees were suddenly ill, leaving the remaining workforce unable to complete a critical function. To avoid this, we implemented what I like to call the "hard drive tolerance" approach to cross training. To be considered fault-tolerant, hard drives are designed to have their data backed up in five different places, resulting in five different copies. With this in mind, we made plans to ensure that five people, all located in different areas, each understood how to perform specific critical functions. If your organization is unable to rely on separate geographic locations, I recommend considering cross-training staff within different departments.

Update Your Plan Regularly 
As your company evolves, your BCP should evolve too. Once you've completed an initial BCP, your team should revisit the plan twice a year to make any necessary revisions and keep it up to date. An outdated BCP will only cause further complications and stress when your company needs to reference it. During times of crisis, I recommend updating your BCP on a more frequent basis, about once a month. 

Identifying your business critical functions and the steps and number of employees it will take to keep them operational will strengthen your organization during times of crisis and beyond. From personal experience, I can confirm that a business continuity and actionable pandemic plan will make your organization stronger. Your teams will gain a better, more comprehensive understanding of their function and their greater impact on the company, your management will learn clear and actionable communication skills during an emergency, and your employees will rest assured that your organization is prepared to weather any storm. 

While the hope is for a BCP to remain untouched (aside from the occasional updates), creating an actionable continuity plan will ease stress amidst disaster and help to ensure that your business can keep its doors open.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "Cybersecurity Home School: Garfield Teaches Security."

As CSO, Joan is responsible for the holistic security and compliance of Auth0's platform, products, and corporate environment. She brings 20 years of experience to the role, with a career that has spanned a wide variety of industries, including healthcare, manufacturing, ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
News
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
News
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
News
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3035
PUBLISHED: 2021-04-20
An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlier than Checkov 2.0.26. Checkov 1.0 versions are not impacted.
CVE-2021-3036
PUBLISHED: 2021-04-20
An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where secrets in PAN-OS XML API requests are logged in cleartext to the web server logs when the API is used incorrectly. This vulnerability applies only to PAN-OS appliances that are configured to us...
CVE-2021-3037
PUBLISHED: 2021-04-20
An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs. Logged information includes the cleartext username, password, and IP address used to export the PAN-OS conf...
CVE-2021-3038
PUBLISHED: 2021-04-20
A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect app on Windows systems allows a limited Windows user to send specifically-crafted input to the GlobalProtect app that results in a Windows blue screen of death (BSOD) error. This issue impacts: GlobalProtect app 5.1 versions...
CVE-2021-3506
PUBLISHED: 2021-04-19
An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The hi...