Worldwide concern over the Coronavirus pandemic has gained momentum over the past few weeks.
Traditional DR (Disaster Recovery) plans traditionally only focus on catastrophic events where business assets are damaged or destroyed. However, pandemics hit hardest at a firm’s most important asset, its people. Therefore, traditional DR plans are not adequate when planning for a pandemic such as Coronavirus.
Here are some specific (but high level) technical areas a firm will need to consider when preparing a Pandemic Preparedness & Response Plan to minimise the impact on the firm. Please note this is not a comprehensive list nor a complete plan, as creating this is a detailed and time intensive exercise. If you would like more information on having a tailored Pandemic Preparedness & Response Plan created for your firm then please get in contact with us.
Virtual Private Network:
A Solid VPN architecture certainly applies when thinking about pandemic planning. A traditional VPN is generally focused on simply getting the client computer connected to the network within the office in a secure manner. Please note the following considerations:
While all our clients have a solid UTM (Unified Threat Management) device in place that allows for an SSL VPN to be configured, it’s generally only configured for certain users. Getting this setup requires client software to be installed on any machine accessing the VPN (i.e. your employees home computer). This requires pre-planning in terms of a pandemic situation to ensure these machines are fit for purpose (i.e. current and up-to-date version of Microsoft Windows are fully patched and with up to date security in place).
A pandemic ready VPN solution must have adequate bandwidth as usage will likely skyrocket. When planning for a pandemic, investigate what bandwidth levels are required for normal usage and estimate pandemic usage requirements based upon high absentee rates. This applies not only to the Internet Connection in office, but also for the employee’s home Internet as well.
VPN availability is critical during a pandemic. Redundancy in both the VPN solution itself and the enterprise Internet connection is extremely important. Internet redundancy can be accomplished many ways but is equally important.
Business Communications:
Beyond basic communications tools, VOIP technologies and unified communications solutions can dramatically help while staff are working from home. Firms with these technologies should have a distinct advantage when dealing with a pandemic, assuming appropriate connectivity is available both at the office and the homes of its employees.
Being able to continue to use the office phone system via soft phone, collaborate with co-workers, meet via video conference, chat using instant messenger and login to a call centre remotely provide the tools necessary to keep business communications flowing while employees are unable to be in the office. Licensing is again another key caveat to consider during a pandemic.
Work at Home Training:
To prepare for any issues relating to working at home with your staff is to require all employees to telecommute at least once a quarter. This will help address any technical issues and give all employees a basic comfort level with telecommuting. This can also bring to light any unforeseen issues such as applications which do not work well over the VPN or processes which must still be performed in the office. This will address any VPN access issues rather than waiting until the eleventh hour as well.
Security Posture During a Pandemic:
Data security can be very challenging during a pandemic. Remember that a pandemic is not a one or two-day event, but rather could last weeks or months. Employees are likely to want to be prepared and that means taking data home both electronically and as a hard copy. From a technical perspective, encryption of laptops, removable media and mobile devices is the best option for protecting company data regardless of whether a pandemic is ongoing or not. Some questions that will need to be addressed are:
Are your HR Polices on working remotely and Bring Your Own Device (BYOD) up to date?
- Anti-virus and Malware protection on employee’s home computers?
- Security Updates employee’s home computers?
- Monitoring and tracking logins and logoffs
- Is the computer used solely for work or is it shared among other family members?
- Password management policies?
- Should clients be configured to automatically update applications and operating system files?
Even if you don’t have a server, having a Pandemic Preparedness & Response Plan is a MUST.
Just because you are using applications like Xero (and other Software-as-a-Service) applications you are not immune from this threat. Having staff access Software-as-a-Service (SaaS) application on out of date and unsecured devices will result in a possible Data Breach. A pandemic does not mean you can let your guard down around Cyber Security. Just because you have Multifactor Authentication (MFA) enabled does not mean it is unhackable and MFA does not prevent phishing or social engineering attacks on your users work from home.
A pandemic can put any firm under a great deal of stress. A firm can quickly lose a large percentage of its most important asset, its people, for a lengthy time frame.
However, having a Pandemic Preparedness & Response Plan will serve a firm well and help you successfully navigate through the challenges a pandemic situation will bring.
If you would like more information about creating a tailored Pandemic Preparedness & Response Plan for your firm, please contact Iain Enticott, Technology for Accountants for a more detailed discussion.
This article was provided by Iain Enticott, Technology for Accountants.