Over the past week, the narrative has shifted around the new coronavirus (COVID-19). Global markets took a nosedive, Italy seemingly overnight became a hotbed for new cases, Japan is closing all its schools, and both Microsoft and Apple now expect to miss Q1 revenue targets. In the U.S., the Centers for Disease Control and Prevention (CDC) warn the virus is expected to spread more widely than originally thought. Suffice to say, we can expect more of these developments in the next several weeks.
Certainly, this is hardly a typical infosec issue, but the supply chain ramifications are already being felt. For example, global server shipments are forecast to drop 10 percent in Q1. At a minimum, it’s a good idea to update and review business continuity/disaster recovery (BCDR) plans.
In this Executive Briefing webcast, IANS Faculty and Sprint CISO Mark Clancy offered his insights and guidance on the issue.
Coronavirus Predominantly Creates a Business Continuity Challenge
As the new coronavirus escalates, the primary business risk stems from loss of business continuity. Forced quarantines and workers choosing to isolate themselves by working from home put a strain on continuity strategies. Fundamentally, businesses need to consider three issues:
- Remote access: Employees may be forced to work at home or be quarantined in a foreign country while traveling. CISOs must help the board understand the potential disruption and need for contingency plans to support remote work. Issues to consider:
- Can the systems that support remote work handle a usage spike?
- Do you need to change your remote data access plans to support data accessibility in a disaster?
- What are your backup plans if employees are stuck in a foreign country where virtual private network (VPN) use is banned or the government shuts down the internet in response to unrest?
- Decision-making: CISOs – with their expertise in responding to emergency incidents – are well-positioned to help their organizations analyze information and improve decision-making. CISOs should:
- Filter out distractions that emerge in this kind of emergency and help decision-makers focus and divert resources to the most critical parts of the business.
- Connect with in-house owners of the company’s insurance (including cyber) policies to determine what is covered and what steps must be taken to ensure coverage.
- Assess the risks associated with recovery locations and help leaders determine the pros and cons of policies on remote work.
- Communication: CISOs, human resources, legal and corporate communications must get on the same page and implement communication procedures to keep workers informed of emerging risks, policy changes and emergency alerts.
For a deeper dive on this issue -- including coronavirus-related phishing attacks, long-term planning steps to take and how to deal with employees traveling to impacted locations – check out the webcast recording.
Any views or opinions presented in this document are solely those of the Faculty and do not necessarily represent the views and opinions of IANS. Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our written reports, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by the client in connection with such information, opinions, or advice.