As the Covid-19 situation develops across Europe, governments and businesses are taking steps to protect the health and safety of their people and roll out precautionary measures. On 15 March, the Luxembourg government renewed calls for remote working as a means to enact “social distancing” and reduce contact between people, therefore limiting the spread of the infection.
Luxembourg businesses have taken prompt action, with many larger players announcing new home-working policies. Behind the scenes, those in charge of IT functions and business continuity management are playing a leading role in rolling out large-scale homeworking schemes and enacting other measures to ensure business continuity. As businesses prepare, we’d like to share our pandemic planning which acts as a guide for issues that should be considered by all IT functions during a pandemic.
Issues to be considered in IT and business continuity planning
Below is a list of activities already taken by organizations to date. These can be useful for comparison with your business plans to establish a robust roadmap.
- Confirm critical processes can be performed remotely or identify an alternative
- Validate essential tools to work remotely are available (i.e. laptop, VPN, etc.)
- Increase network bandwidth due to increased telecommuting, etc.
- Remote security access capabilities
- Establish a Help Line to assist employees who are not familiar with telecommuting or test thoroughly in anticipation of a pandemic
- Review the organization’s Risk Assessment and Business Impact Analysis to confirm the critical business sites, processes, products, services, and a prioritized list of customers that will be the focus of continued operations during a pandemic event
- Determine which business processes will cease during the pandemic – deliver minimal viable product
- Review the potential impacts to:
- Legal/Regulatory Requirements
- Reputation
- Customer Service/Any Current Service Level Agreements
- Operational Maximum Allowable Downtime
- Sign-off that the Pandemic Plan has been reviewed and approved by the Board of Directors or Committee annually
- Validate the Pandemic Plan annually (i.e. through tabletop exercises, functional exercises, tests): So personnel understand their roles and responsibilities
- Validate critical business processes can continue with internal and external support
- Confirm communication tools are available and operational
The cyber threat
It has emerged today that hackers are capitalizing on the ongoing uncertainty and targeting individuals and industries, including aerospace, transport, manufacturing, hospitality, healthcare and insurance.
To combat this threat, companies that have either recently implemented work from home solutions (e.g. VPN), or expanded their scope, can consider a number of measures to strengthen their security.
- Strong authentication processes should be implemented to prevent password-related attacks.
- Communications should be encrypted in line with leading standards.
- Access hours and the geographical location of users should be correlated to intended use in order to detect and remediate any hacking or fraudulent attempts.
- Risk assessments linked to the implemented work from home solution should be performed and updated according to evolutions in the cyber threat landscape.
- Reminders around phishing and security best practices should be shared with employees in light of scams exploiting coronavirus fears.
As more information emerges on COVID-19, we will continue to update you with the latest information. The pandemic planning document, in full, can be accessed here.