In speaking with businesses, partners and vendors over the last week, I heard a variety of plans regarding how companies are responding to the COVID-19 coronavirus outbreak. Some were going to try to do business as usual and tough it out. Some were more cautious in their outlook but are struggling to continue to serve their customers. And a few have decided to err on the side caution and are severely curtailing or scaling back their businesses for some period of time.
These are all correct responses. Each business will need to evaluate how it will operate under these conditions. The businesses that are the best prepared for this situation, in my opinion, are those that have performed comprehensive business continuity plans. This typically consists of a Business Impact Analysis (BIA) and a Business Risk Assessment to define and prioritize risks, responses and emergency operation plans.
Don’t have a pandemic business continuity plan?
For those businesses that don’t have a plan for global pandemics, don’t panic. While It’s almost certainly too late to do a comprehensive plan now, here are three simple guidelines that I think are appropriate for most businesses:
- Take care of yourself, your family and your employees
- Take care of your business – keep servicing your customers and generating revenue, as best you can
- Take care of your business obligations and responsibilities
Suggestions 1 & 2 are obvious, so let’s discuss the 3rd item. What are your mandatory business obligations? Meeting your financial obligations (pay your bills). Meeting your regulatory compliance requirements: HIPAA, GLBA, CCPA, etc. And finally meeting your contractual obligations and requirements. This includes third-party compliance requirements imposed by your customers, partners and other non-regulatory requirements. A data breach is still a data breach, regardless of worldwide business conditions or scaled back operations that may allow your workforce to work from home.
You can still take decisive action
Businesses and organizations that are best prepared for business continuity are those that have planned for workers who may need to access their business applications and files remotely regardless of where the applications reside. And the businesses have planned for workforce scalability by automating their Information Security, Privacy and Compliance Management processes. The good news is that it’s not too late to technically rearchitect for the location of workers or to implement automated security and privacy management and controls. Some of these actions like automating CCPA compliance, or rolling out a cloud-based gateway to the business and the internet for home-based workers can require only days.
Security and privacy compliance achievement doesn’t need to be costly, complex or take a long time to implement. It only needs to be effective.
For a related articles see https://assuredspc.com/resource-library/