Business Continuity Planning (BCP) During a Crisis

What is BCP?

BCP is a course of action that any organization will take if any unexpected situations occurs. BCP covers events like natural disasters, pandemics, an economics crisis, data breach and more.

As the novel corona-virus has increased the impact on our global communities and businesses, many organizations are recommending their employees to work from home (Teleworking) and cancel non-essential business travel.

This new “virtual reality” is putting a pressure on normal business operations at the same time hackers are trying to exploit various vulnerabilities.

I believe that staying vigilant and having a security-first business continuity plan is critical to running your company in the event of an emergency.

BCP requirements

  • Plan
  • Leadership
  • Teams
  • Teleworking policies
  • Security implications
  • Customer implications
  • Crisis communication
  • Vendor emergency plan

Get the right people in the right room

  • CEO: Primary leader
  • COO: quarterback
  • CMO: marketing: internal and external crisis communications
  • CTO/CIO: Technology stability assessment
  • CISO: Security risk Assessment
  • CFO: AP and revenue continuity
  • CPO: Employee Relations
Right people in the right room
Right people in the right room

Conduct your Risk Analysis

Protect Threats

Let’s discuss and identify critical buckets of risks across your organization that you will need to address in the event of an emergency as:

Source: OneLogin

Prepare Work from Home (WFH) Policies

  • Do you have a documented WFH policy?
  • Have your teams and managers been trained?
  • Do you have communication methods in place —zoom, slack, hangouts, skype, etc.?
  • Do you have physical network limitations? What about VPN?
  • Do you have Identity Access management (IAM) solution for secure application access?

Do you have Smart Authentication mechanism in your environment?

Smart Authentication

Crisis communications

Let’s consider both internal and external communications as:
Internal:

  • Choose a consistent method of communication –email, slake, zoom, Skype
  • Define a singular place for employees to go for information
  • Daily team stand-ups

External:

  • Define communication channel and frequency based on solution – email, slake channel, blog, social media
  • Consider white-glove phone calls for key customers
  • Provide in-application notifications (if applicable)

Prepare crisis communication Examples

Prepare service disruptions and technical dependencies as:

  • Evaluate technical point-of-failure
  • Cloud technology vs. On-premises technology
  • Data center diversity and redundancy
  • Reliability and scaling
  • Mission critical vendor’ BCP

Security Vulnerabilities

  • Can your employee securely access applications remotely?
  • Do you have password policies in place?
  • Are you using multi-factor (MFA) authentication?
  • Are your employee potential targets for breaches?
  • Are you communicating potential threats to customers and employee?

Response phases and example procedures for BCP

Steps 1 Disaster detection

  • First res-ponder –assess and response

Steps 2 Disaster declaration

  • Invoke the plan –notify leadership teams, alert comms, and set timeline

Steps 3 Mobilization

  • Inform team leaders – assign tasks, communication cadences, status updates

Steps 5 Ongoing crisis management

  • Action and recovery –strategic decision-making, emergency funding, timeline to resolution, consistent communication

Plan administration

  • Document, finalize, and version your plan
  • Involve legal to get their sign-off
  • Get the buy-in of key stakeholders and leaders
  • Develop document release procedures for employees and customers

Finally, Protect your brand, customers, and reputation stay vigilance stay safe!

Leave a Reply

Your email address will not be published. Required fields are marked *

error: Content is protected !!