About nine months ago, nearly overnight, many business found themselves with workforces that needed to work entirely remotely.  We saw long established pandemic response built on phases move almost immediately to full economic shutdown. Turning to the Business Continuity plan on the shelf, it was quickly seen that the plan and supporting technologies were inadequate for the situation at hand.

How to start from here?

We have all lived the near total disruption we call 2020.  Hopefully we have learned a lot of what works, what doesn’t, what’s needed, and what’s not.  Now is a great time to critically evaluate our Business Impact Analysis (BIA) methodology and results and correct it with our newly learned lessons.  Effective Continuity plans start with a through and accurate BIA, without this projection of disruption impact we can’t determine contingency need.

The Plans

The plan is to keep-on-keepin’-on, in a worst case scenario.  The good news is we have first hand experience. No doubt all of us saw our co-workers step up, figure things out, and make things happen.  Let’s reflect on this experience, form a future strategy, and document it. Update the plans and bring everyone into the process – make a goal to make everyone more capable in the next event.

Is there more or different technology in use today than nine months ago? Are these solutions disaster ready?  We can’t take for granted that we are operating in a disaster scenario, and have the view that a different disaster can’t or won’t occur. We are running now on what we are running; what happens if a disaster hits? Can we recover our new technology that is now critical to the operation in this current disaster? Review the updated BIA, carefully examine the new objectives and new assets -- can we support this from here?  Bring the business in and discuss the needs for further investment and actual testing.  We all must accept that from where we are standing now, there is much of this that will remain “normal” and must be recoverable in our more typical disaster scenarios.

The Reality

Let’s look at the restaurant industry. They have needed to shift gears a number of times.  Many early on in the pandemic, adjusted menus and staffing and moved to a takeout model; others closed for good.  For the ones that remained open, did they have a plan or at the very least create one on the fly? Did the ones that closed not have a plan?  For some, they couldn’t make the pivot on the fly and were unable to make it for one reason or another.  Others seemingly figured out a way to make it work almost overnight. Still others yet were ready for the change.  I use this to illustrate that a crisis requires us to think differently.  If we do some of that critical thinking ahead of time, we are more likely to continue in operation.

The reality is that threats to our operation abound, and those threats don’t care if we are dealing with one already. Having a good understanding of our operation, capabilities, and options will make all the difference in a critical situation. Are we convinced that it isn’t about if, but rather when?  Let’s commit to documenting our recent experiences, gain greater input from others, brainstorm on the “that won’t happen”, reserve time to train, and conduct real-life tests.  Let’s build resiliency through alignment -- alignment of team, mission, and capability.

OCTELLIENT - Our mission: simplify information security. With a Business First approach, we want to help you and your organization get to your core priorities and make the most of your infosec investments.  Our goal is to be your side-by-side partner, working together to navigate a tailored infosec strategy and bring expert advice to your toughest challenges.

 Ask us about Propulsion, Deepwater, and the 8-point Dossier

info@octellient.com

www.octellient.com