Disruption Doesn’t Make an Appointment. A Guide for Handling the Unwelcome Knock.

Disruptions never make appointments; they don’t even knock at the door! But you need to be ready in case it happens to you. Here are some practical immediate responses.

Business disturbances can affect organizations of any size in any area. Climate, control blackouts, political occasions, and of course, new to the list, pandemics. Organizations build resiliency over a period through extensive continuity planning. However, a major catastrophic event can test the effectiveness of these plans. The last couple of years have been “resiliency training on the fly” for many. The one huge lesson is there’s no bad side to planning to avert pushing the limits of technology capacity, workforce resiliency, and existing business continuity strategies and disaster recovery planning.

Something happens! The immediate actions

One of the recent practical approaches involves executing multiple operating models to find the best route out of the situation. It is imperative to establish a governance program to stabilize the current situation, to evolve, and then transition effectively. Each organization needs to quickly define the degree to which they can conduct “business as usual” for both short-term and continued business operations. While redesigning organizational resiliency is a long-term initiative, organizations must define quick steps to achieve their initial best-effort business-as-usual.

In managing the multiple priorities there are two categories to address: People and Process, and Technology.

People and Process

One of the biggest changes in the last few years has been the approach to the workforce, with many organizations adopting new approaches to what is an organization’s most valuable asset: the workforce. Follow these steps to both safeguard it and ensure continuity of its process:

Activate and engage

• Activate business continuity plans and applicable strategies.
• Engage the Crisis Management Team (CMT) to assess and take actions to contain the impact of the situation.
• Determine the overall business impact and any other customer contractual obligations.

Establish a governance structure

Create a program governance structure to track metrics and set cadence/milestones for immediate and longer-term crisis management, including:

• Representation across the organisation
• Change management and process for identifying and tracking lessons learnt
• Changing business processes from task-oriented to result-based output
• Management of Change (MoC) process, including how to deal with remote worker trust and cultural impacts
• Communication channel with the workforce and the key stakeholders.

Assemble cross-functional teams to assess the impacts on the health and safety of the workforce, as well as the effects of travel restrictions; the implications for vendors and customers; and the legal and statutory impacts, amongst other practical impacts.

Rally the troops

Mobilize the workforce without compromising safety as a top priority and a key success factor. Establish a process to address common and recurring issues at an organizational level in a structured and proactive way, rather than resolving individual user queries.

Technology

After ensuring the safety of its people and continuity of the process, the organisation should focus on the availability of its technology/IT infrastructure:

Connectivity

• Assess the impact for remote access, VPN, server, network capacity, and utilization thresholds.
• Identify types of remote workers and ensure appropriate access control
• Ensure VPN capacity can accommodate the increase in traffic due to the workforce accessing internal resources remotely.
• Provide remote working “how to” tips to all employees

Technology dependencies

• Continuously monitor utilization and uptime of applications, servers, and network resources.
• Develop tactical plans for servicing/replacing existing hardware for the remote workforce to avoid further complications, while providing a support criterion
• Apply workarounds for all site dependencies based on the nature of the business; for example, retail and vendor payment process that have a dependency on scanners.
• Set a process for each dependency, such as accepting e-invoices from vendors temporarily to process payments.
• Sync often with customers and vendors to establish the work-around.
• Adopt options around remote working, VDI, and Intelligent Collaboration that are not dependent on the limitations of any platforms but still give the ability to secure and control data.
  • Leverage cloud solutions like MS365 as much as possible to guarantee end-user productivity for the best user experience.

Reflection

Once the sensation of addressing the immediacy of crisis has started to move towards more forward-thinking actions, the organization needs to focus on how its people will continue to thrive and processes continue to function. And consider, has the immediate crisis created better practice? If so, look at how to move permanently to the new circumstance.

As for the technology response, there is the opportunity to consider emerging technology solutions that could be leveraged to improve performance and efficiencies. With these ideas, you can mitigate the impacts of disruptions now and in the future. However, with the recent workforce “work from anywhere” twist, you need to be cognisant to the fact that any disruption or crisis can impact employees’ working situation, and the wake-up call is the workforce being users of technology. It’s not the case anymore that the data center is the only consideration to be addressed immediately.

In addition, the continued movement of data and processing to the edge through IoT means that businesses are equally dependent on “things.” There are many recent examples of malware or hacking crippling business operations. 

We are in the age of game-changing digital disruptions; however, we must be equally imaginative and prepared for a wide range of risks.

Learn more at www.hpe.com/security

____________________________________

About Lois Boliek 

Lois Boliek leads the Security, Risk, and Management Practice for HPE Pointnext, Advisory and Professional Services. As a key enabler in digital transformations, the practice’s mission is to advance security, as a business and technology enabler, to achieve faster time to value. She aligns her business strategy and focus areas to complement HPE, HPE GreenLake, and other practices to bring cohesive and relevant offerings to HPE’s customers.
           
Lois is a Certified Chief Security Officer and a Certified Information Security Manager. She is an active member of the EC Council C|CISO Board where she offers her time and skills to evolve the program and C|CISO Body of Knowledge book. Her project delivery experience includes IT consolidations, secure internet banking, infrastructure security, and identity management projects. Lois has also provided advisory services for building IT organizations, IT operations, project management, and application development.