Cybersecurity - don't drop your guard
Cybercriminals will see COVID-19 as an opportunity and there is an increased risk that you could fall foul of a cyber-attack when staff are distracted.
Businesses should continue to run penetration test solutions, educate staff and formulate a cyber crisis response plan/strategy. Often businesses consider fire/flood scenarios within their Business Continuity plans but not cyber incident management.
In particular, you need to have a cyber incident response plan ready and tested. Phishing campaigns related to COVID-19 are increasing and well-disguised as reputable health organisations. Therefore, you should increase communication and awareness around this. Hackers may send emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fraudulent charities or even purchase vaccines for Covid-19.
Are your IT services suitably resilient to protect your business from hardware failures or power cuts? Have you identified and addressed all unacceptable single points of failure (SPoF) within your IT architecture? Are your IT disaster recovery (ITDR) plans aligned to your business continuity plans and have these been tested?
It is unlikely your Business Continuity and ITDR plans have been tested for a scenario where the entire organisation works from home? Ensure IT is a key component of your business continuity planning and your ITDR plans are aligned too.
With more demands than usual on other areas of your IT networks and systems have you checked you have the suitable capacity in place or how long it would take to scale up if required?
IT networks are like roads, if suddenly you put motorway traffic on an A road it will stop or go very slowly. Plan your capacity needs with your IT function, or third-party provider if outsourced, and ensure you have the right number of remote working licences.
Enabling your workforce
Do your staff have enough overall IT/software licences to support remote working? Do you have enough devices such as iPad/laptops to support remote working?
Supply chains for laptops are being disrupted and retailers may shut shops or run out of stock. Can you get what you need when you need it?
This is just one aspect of an IT/Digital Strategy which should be aligned to your Business Continuity Plan. Consider the use of softphone technology, a softphone is software that can be installed on a mobile device, such as a laptop, and allows the user to place and receive calls without requiring an actual telephone set – this may be useful for receptionists or PAs/EAs if they don't have mobiles.
Managing IT third parties
If you are reliant on third parties for IT services or applications, such as cloud hosting, are you satisfied they have appropriate resilience in place to continue to provide your services and scale up to support remote working?
Talk to your provider and seek reassurances if they have not been proactive in this area and if they have the capacity and skills to support you.
In conclusion, Covid-19 will have an impact on your technology function and your ability to deliver key contingency solutions such as remote working will be dependent on planning for the impact of this on your IT team.
Finally don't forget about maintaining security and the availability of your IT services, this is of the upmost importance for delivery.
This article was written by Asam Malik , Partner (Technology Consulting & Assurance) at Mazars UK.