Tech Accelerator
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Guide to business continuity planning during coronavirus

This guide offers information on the effect of the coronavirus on enterprises and the need for pandemic and business continuity planning to keep businesses safe and in operation.

Companies are beginning to evaluate the impact of the COVID-19 pandemic on their businesses and processes. Properly assessing this requires a review of corporate business continuity and disaster recovery plans, however, as well as specific pandemic plans. This effort will help organizations determine if they can continue to support a greater number of remote workers, gain visibility into their supply chain resilience and gauge the short- and long-term effects of a pandemic on their technology investments.

Throughout this guide, there are links to other articles that will help you learn more about preparing for and responding to business continuity planning challenges, such as the coronavirus and other global pandemics.

Why coronavirus is a threat to business

Coronavirus is a family of viruses that has common signs of infection, including respiratory symptoms, fever, cough, shortness of breath and other breathing difficulties. In more severe cases, according to the World Health Organization, "infection can cause pneumonia, severe acute respiratory syndrome, kidney failure and even death."

The COVID-19 map from Johns Hopkins University's Center for Systems Science and Engineering tracks global cases of the virus in real time and provides statistics on confirmed cases and confirmed deaths.

As organizations respond to pandemics generally and to the coronavirus specifically, they should be prepared for ongoing disruption to worker productivity, supply chains, product availability, corporate travel and more. Before COVID-19, Gartner said companies should plan for 25% absenteeism during a virus outbreak, an estimate based on the fallout from previous viruses, such as the one that causes SARS (severe acute respiratory syndrome).

Business continuity and pandemic plans

The last pandemic that threatened businesses in this way was H1N1, or swine flu, which happened a decade ago. Ideally, businesses have been keeping their pandemic plans up to date, testing for business continuity problems. Much has changed since then in terms of how businesses operate, including the rise of remote working, the increased use of software as a service and other cloud-based applications, and just-in-time manufacturing and lean production strategies in supply chains. Also, businesses today are more global in terms of workers, customers, vendors, partners and suppliers, making business continuity and pandemic plans far more complex to test and carry out.

Illustration of coronavirus
An illustration of coronavirus

So where should organizations start as they try to deal with the impact of COVID-19 or prepare for the next pandemic? Organizations should create and execute on a workplace pandemic preparedness plan along with business continuity plans. To familiarize employees and emergency teams with the plan, businesses should conduct exercises annually, if not more frequently. Use this pandemic recovery plan template to get started.

A pandemic impact analysis is critical to understanding how to help your company prepare for and recover from COVID-19 and other such disasters. By filling out this template, business leaders will learn the critical roles, procedures and assets that must be considered as a pandemic unfolds. Getting back to business as usual is going to take a lot of time and patience. The resumption of normal activities will depend on how well you execute your pandemic recovery plan.

Because organizations are so dependent on providers across all aspects of their business, they should well understand and have tested providers' pandemic plans. For instance, if the provider's own workforce is affected, it's important to know how the provider will maintain high availability of its application or respond to service issues. In many companies, line of business managers are the conduits to service providers; therefore, they must be coached on how to include them in pandemic plans. It's also important for organizations to centralize service-provider relationship information in case the managers themselves are unavailable.

One of the most important elements of pandemic planning, especially when assuming a high absenteeism rate, is to understand how employee skills complement one another. Conducting a skills inventory will let you know which employees could back up others if they are affected by an illness.

Learn more about business continuity planning.

Developing a remote work strategy

One of the best defenses a business has for preventing the spread of disease in the workplace is to have a comprehensive remote work strategy that ensures all users can securely access the tools they need to work remotely. This includes access to business systems, including HR, payroll, ERP, CRM, unified communications (UC) and collaboration tools, and email and file stores.

IT leaders across industries are responding in real time to business and user requests regarding remote work. Read about the challenges of supporting remote work and the possible solutions.

To start, IT needs to understand how user requests will differ in a home environment compared to supporting users in the office. For instance, IT likely will have to allot time to help users with basic tasks, such as securely connecting to the network.

According to survey results from Nemertes Research, 91% of companies now support working from home, up from 63% prior to the coronavirus outbreak. The survey also found that 72% of employees currently work from home, compared to 34% before the pandemic began. Call centers also use remote work technology to combat absenteeism challenges they are facing due to the coronavirus pandemic. TechTarget contributor Scott Sachs said allowing employees to work from home helps keep workers healthy and your call center up and running.

Expert Paul Kirvan explained how to support a surge of remote workers during a disaster, including how to work with providers to have an emergency strategy in place. Although some companies may have already had generous work-from-home policies matched to network configurations with enough bandwidth and licenses, most provision for VPN use by only 10% to 20% of staff. They typically don't count on numbers like Gartner's suggested 25% absenteeism rate, let alone what they've experienced with the COVID-19 outbreak. Therefore, a pandemic can easily overload the VPN and affect worker productivity. Learn the essential VPN terminology you need to know.

UC and pandemic plans

Workers will likely embrace remote work as the new normal, so companies would be wise to invest in UC, including collaboration tools and video conferencing, author Jon Arnold said. Integration considerations should be top of mind for organizations, including whether their corporate phone systems will work seamlessly with their collaboration tools.

As the pandemic continues and employees continue to work from home, organizations must consider the costs of collaboration tools once free introductory offers expire.

If an organization is going to ramp up its reliance on UC, especially video and voice services, then it must consider three key security threats, including denial-of-service attacks. Encryption is a major aspect of security that businesses must evaluate, test and monitor to be able to trust the technology as a safe and effective business tool.

IT teams trying to depend on legacy UC architectures might run into trouble with the heavier work-from-home traffic. If so, deploying either a hybrid UC or fully SaaS approach might help resolve issues.

Adjusting bandwidth levels and implementing connectivity upgrades should be considered to help manage video traffic during the surge in work-from-home traffic.

Licensing can also cause trouble when businesses are trying to rapidly ramp up usage. Getting a little creative with how applications are used can save some of the licensing complexity and costs of expanding an organization's pools of licenses.

According to Irwin Lazar, the remote work experience is enhanced by video conferencing because it increases engagement among participants.

But employees must be properly trained ahead of a pandemic in how to use UC tools securely, which should include best practices for connecting to the network and cloud applications from their home networks. Otherwise they could unknowingly put corporate data at risk. Likewise, IT should make sure business-critical applications are up to date and accessible from remote environments without suffering performance hits or introducing vulnerabilities.

Learn more about IT support during a pandemic.

Pandemic security preparedness

Pandemics, like other headline-making events, are enticing to cybercriminals who take advantage of crises to infect systems, steal data and disrupt operations. Their best way in, often, is through users.

Kaspersky detected coronavirus-specific threats, including malicious files disguised as PDF, MP4 and DOCX files with names suggesting that the attachment held useful information about the coronavirus. What users got instead were Trojans and worms that could destroy, block, modify, copy or exfiltrate personal data and interfere with systems.

Security expert Ashwin Krishnan offered four tips to help protect businesses from security threats while supporting work-from-home strategies, including how to enforce remote employee security and privacy best practices.

During a pandemic, organizations need their cybersecurity teams to be on their A game to protect the organization from threats and to alert users about phishing, ransomware and other malicious attacks targeting them and the business.

Companies need a plan for how to handle cybersecurity if members of the cybersecurity team are absent due to illness. Read these tips for updating your pandemic response plan to include cybersecurity management activities.

As working remotely continues, CISOs should revisit the security policies they may have relaxed to accommodate a ramp up in telework. A careful review will turn up vulnerabilities, and CISOs must tighten controls and insist on a return to strong corporate and industry standards.

IT must also mitigate the risk the home office presents overall and can do so by helping users build a more secure environment. From wireless LAN access points to ensuring fast enough speeds and implementing cloud-based management where possible, organizations can utilize SMB tools to strengthen security for workers outside of the office.

Learn more about how to prevent ransomware and phishing during a pandemic.

HR's role in pandemic planning

For remote work to be successful, HR must proactively manage remote work procedures and communicate productivity expectations, being realistic that employees who are less familiar with remote work technology might have a learning curve. Contributor Pam Baker offered five tips for HR leaders to successfully manage their organization's coronavirus response.

HR leaders should team with IT to share and enforce information security policies, practices and communications among remote workers.

The key to excellent communication during a pandemic might lie within an HR system and how it is utilized. For instance, an HR system should enable businesses to keep employees apprised of important changes to corporate policies due to COVID-19.

In another article, Baker explained that HR's response to the pandemic can affect how employees engage with work in a remote environment and how they collaborate with their coworkers.

Everything surrounding the coronavirus is changing rapidly, and it is imperative that employers and HR managers understand the vocabulary of this pandemic. Our glossary is an at-a-glance reference tool with all the relevant coronavirus terms.

Organizations should expect to see budget shifts to account for a larger remote workforce. Managers should review their spending and prepare for an increased investment in technologies that support high-performance and secure work-from-home strategies. They must also pay close attention to the supply chain risk posed by pandemics.

CDC recommendations for employer actions for coronavirus

Supply chain risk

Pandemics wreak havoc on supply chains because they can force factory shutdowns, delay shipments and create workforce shortages. Experts warned that the impact of coronavirus on the global supply chain would worsen in the second quarter of 2020 and might lead to some companies going out of business.

The concentration of suppliers in a single geographic area creates risk for the supply chain during pandemics, as do just-in-time manufacturing and lean production strategies. For example, companies that migrated to just-in-time and lean approaches may not have the inventory on hand to avoid a disruption to product assembly or sales fulfillment.

To balance out these cost-reduction approaches and protect the business during pandemics, companies can implement an "early warning system" with supply chain risk assessment tools. The tools offer visibility across the entire pipeline and alert businesses to slowdowns, interruptions and other issues. This insight also can help businesses understand where they are most vulnerable so they can introduce redundancies, such as suppliers and distributors located in different parts of the world. These seven supply chain management best practices will help businesses operate during the COVID-19 pandemic and beyond.

Dig Deeper on Disaster recovery planning - management