Many states industries, and businesses are beginning to talk about reopening to mitigate some of the impacts of COVID-19. While many are feeling beyond ready for life to go back to ‘normal’, whatever that will look like, this is an important time to begin to plan for success. Many business continuity plans easily overlook the process to return back to normal operations and can easily fall into the old trap where failing to plan can be planning to fail. Here are five things you need to consider when returning to ‘business as usual’ after COVID-19:
- Plan and document your strategy in advance. Use your existing business continuity governance structure to ensure the plan addresses all affected areas of the institution. Include vendors and other external stakeholders who are critical to success. Create a complete plan with major milestones, phases and exit criteria should an unexpected impact surface.
- Once the plan is finalized, communicate it to employees, vendors and customers. Be sure to address the major phases and criteria in addition to what changes they should expect from normal &/or existing operations. Be sure to consider and reinforce crisis communication procedures to mitigate confusion and potential reputational risk. Address how employees can communicate concerns and ask questions as they begin to implement the plan.
- Follow local and best practice guidelines to protect employees and customers. The Centers for Disease Control (CDC) continue to revise and share best practices for work spaces- https://www.cdc.gov/coronavirus/2019-ncov/community/stay-safe.html. Here’s a spoiler: this doesn’t mean that precautions are no longer practiced. Still recommended are the same safeguards we have been using all along for critical businesses, including:
- Social distancing
- Masks
- Sanitizing
- Return to work criteria for those who were affected by the virus.
- Don’t forget the technology changes you made during the initial response. Which will remain in the long term, such as remote access, mobile banking, etc?
- For those that go, turn them off or reduce the access that was granted to only those that are necessary.
- For those that stay, were there any risks accepted during this time in order to get by? Can those now be mitigated or avoided? Remove or reduce any access that was only needed during shelter in place.
- Think about what other changes will be necessary going forward? This can be a good time to catch up on any risk assessments or vendor due diligence that may have been delayed.
- Hold a lessons learned session. This involves bringing together a representative from each area of the institution, including key vendors or contractors, to talk about what went well and did not. Be sure to set the tone by laying some ground rules for example: don’t look to place blame for things that went wrong, avoid venting or complaining, looking for constructive input on how to improve, etc. Document the outcomes of this session, good or bad. Plan to incorporate the improvements and test these in your business continuity plan in the future.
If you need help with planning, risk assessments, due diligence, or holding a lessons learned session, we're here to help! Email us at support@bedelsecurity.com or call us any time at 833-297-7681.
Other Resources:
Free Remote Access Risk Assessment
https://www.bedelsecurity.com/lp-remoteriskassessment
Controlling Sensitive Files Outside Your Institution
https://www.bedelsecurity.com/blog/controlling-sensitive-files-outside-your-institution
Top 5 Ways Cybercriminals are Exploiting COVID-19
https://www.bedelsecurity.com/blog/top-5-ways-cybercriminals-are-exploiting-covid-19
It's a Bad Time for a Cyber Breach
https://www.bedelsecurity.com/blog/its-a-bad-time-for-a-cyber-breach
Remote Work Security
https://www.bedelsecurity.com/blog/remote-work-security