So, what’s next for Business Continuity Post Covid-19?
I wish I knew – I wish I had the magic bullet that addresses this question – but I don’t!
We’re still in the grips of this global pandemic; we don’t know what’s around the corner until a vaccine is sourced but what we do know, is that there is an unprecedented rise in ransomware and cyber crime since we went into lockdown. Attacks are now targeted, and nation state attacks are coming to the fore, seeking to gain the IP to be the leading country to ‘release’ the vaccine, which will undoubtedly swell their financial coffers.
What I can say, is that how we operated pre-March 2020 is gone – we now operate in a completely different way. Digitisation has taken a leap and with it, the leap in cyber attacks; phishing scams; data breaches and other threat vectors. Digital transformation will become the new-normal – virtual meetings; virtual house viewings for tenants and online services via secure citizen portals.
Whatever your organisation chooses, we recommend that you check over what you have (or need) and get your BCP in order. During this unprecedented time, conventional high impact risks will remain, and their effects amplified – this leaves you with less time, less resource to recover, so there’s no room for error. However, because of this, you can expect your stakeholders, senior management, regulators and customers who are on this same journey with you, to be more risk-aware and more risk-averse. Expect more stringent checks on your organisation including your strategies around business continuity and your plans.
You may already have a strong BCP – but please don’t rest on your laurels just yet. Review what you have and address your existing BCP with these five considerations:
- Consolidate on what you’ve learnt as a team over these last few months
How did you handle the onset and development of Covid-19. Critically review your decisions made – would you make the same conclusions again, knowing what you now know? What improvements can you make to your BCP?
- Discipline – your one true friend!
BC planning, is by many, still considered to be a tick-box exercise. The production of documents, generally created to satisfy auditors, regulators and customers – once produced, remain static or the very least, are updated with a new version number and a box completed to say, reviewed within the 12-month period. STOP!! Embrace the discipline of continual reviews of your BCP. By not doing so, it simply misleads stakeholders that the plans will work – and when they don’t at the point of invocation, cost you time, effort, resource and money.
- Define and update your response
No one wants to be the one to communicate bad news in the event of an issue. By having prepared responses, again, that are reviewed regularly, means that with a Communications Plan, at the correct part of invocation of your BCP, takes the pressure off you. Review the response and adapt them as needed. Sending the wrong communication at a time of heightened panic or a staff member, believing that they are doing the right thing by relaying the wrong information can have a significant impact on your organisation both during and after the event.
- Review the Risks
Every organisation has changed over these past few months, and your defences will have changed too. Buildings remain empty, or sparsely occupied as you dip your toes into ‘getting back to the office’; staff remain worried about returning to work and ‘home’ is the new office for many. However, it is imperative that you review your risk profile and risk registers again – review your risk appetite’s for what was once tolerated, may now need to be treated, transferred or terminated.
- Manage your Supply Chain
All too often, we’re focussed on ourselves and our people, but the relationships with our partners, suppliers and managed services is important. How have they addressed business continuity and disaster recovery and what are their identified risks in this new world? You may wish to consider requesting these as you review your revised risk strategies – have they amended their contractual obligations or your requirements?