As businesses all over the country get used to operating in a new normal, Jamie Paddon, (pictured) a leading business continuity expert from Bristol Risk Solutions, is urging businesses to set time aside to capture lessons learnt from how their operations coped with the COVID-19 lockdown, in order to help them be better prepared for future disruptions that may impact their businesses.

COVID-19 impact

There is no doubt that the COVID-19 lockdowns left businesses all over the world reeling from the experience, with many finding out the hard way that they were ill-prepared and ill-equipped to cope. However, as the lockdown took hold, most office-based businesses learnt to adapt; Zoom and Team meetings soon became an everyday occurrence; staff were able to log into their corporate networks using hastily purchased and distributed laptops; and business was being done amid playful cats, the drone of next door’s lawn mower, in between episodes of home-schooling, whilst sitting in tracksuit bottoms and sporting either a 70s style mullet or the Jason Statham look.

Whilst some businesses in a non-office environments have been able to carry on trading, either through online or distance selling, or by adapting what they do in line with government social distancing guidelines, many businesses have had to accept temporary closure and ride the situation out by furloughing staff, taking up government support, deferring costs and taking out loans.

Should businesses have been better prepared?

In short, the answer is “yes”, but although pandemic may have been on company risk registers for decades, and may even have been covered by existing business continuity plans, as we have not seen a pandemic in our country for some considerable time, it was easy to overlook this risk or for businesses to not fully comprehend what it might mean for them. However, now is the perfect time, whilst the experience of doing business in a pandemic is fresh in everyone’s minds, to think about what they did well and what they could have done better.

Jamie Paddon, a director of Bristol Risk Solutions says “businesses should think about what worked well for them during lockdown and what things could be improved upon before they forget what the experience was like for their staff and customers. During lockdown, we found many businesses were not even able to redirect their phones, and yet that is an issue which could have been solved relatively quickly and inexpensively”.

He says “businesses should critically review their IT arrangements and, if they have not already done so, move their systems and data into the cloud allowing staff to access them from home. Businesses using Citrix, or similar technology to allow home working, should review whether they had sufficient security tokens or licences for their workforce”.

Non-office-based businesses that found themselves unable to operate during lockdown should consider how they could have been better prepared and how they could do business differently should any further periods of lockdown occur. Could they sell online?  Operate with social distancing measures?   Maintain a cash buffer to ease cash flow?   At the very least, they ought to plan how to use any additional time they may have wisely, like writing social media blogs to raise their profile, improve their website, refurbish their premises or invest time into improving their business strategy.

Now our staff can work from home, we’ve got business continuity licked, haven’t we?

Those businesses whose staff can now work successfully from home might be forgiven for thinking they no longer need a business continuity plan (BCP), but that’s simply not the case, as Jamie Paddon explains “Businesses whose employees are now able to work from home will certainly have better resiliency, and be able to cope with snow days, protesters closing roads and other minor disruptions, but they won’t be ready for disasters which take down on-premise servers, such as a fire, flood, power failure or simply a fault with the server. Resiliency from these types of issues can be achieved by moving your IT systems onto a cloud platform, but even that does not solve all your continuity issues and won’t protect you from a cybersecurity event”.

Cyber-crime is on the increase

Jamie explains that over the past few years there has been a big increase in all forms of cyber-crime, and recently there has been an explosion of cases during the COVID-19 pandemic as cyber criminals take advantage of businesses relaxing their normal IT security controls, allowing staff to use non-corporate software and their own devices and home networks. He says, “it is vital that businesses implement measures to protect themselves from cyber-attacks have a plan to both deal with a cyber security incident and to continue business operations in a period when normal IT services may be unavailable”.

A business experiencing a cybersecurity incident, may find it needs to shut its IT services down whilst the damage is rectified, and that may take many weeks. And, even then, some data may be lost and need to be re-keyed, so it can take up to a month or more for businesses to fully recover, and there is also the reputational damage, potential financial losses and possible GDPR breaches to consider. All-in-all, it is better to be prepared and have a professionally designed IT Disaster Recovery Plan, which includes cyber recovery, and for these plans to be aligned with the BCP.

Training and testing is key

Even businesses that have a BCP and IT Disaster Recovery Plan may not be fully protected in the event of a disaster if they have not regularly trained their staff how to use the plan effectively and kept it up to date. Jamie explains, “It is vital that businesses train their staff how to use their business continuity resources and rehearse mock scenarios. It is also crucial for IT back-ups to be tested and for restore testing to take place, even where data is in the cloud”. He concluded by saying “If companies do not already have a business continuity plan and disaster recovery plan, they should seriously consider putting them in place. Some companies have used free or cheap template plans, but it is much better to get these written properly, specifically for their business, and it will save them money in the long-run”.

Bristol Risk Solutions, Bristol’s premier IT risk solution provider, helps businesses manage a wide range of risks such as business continuity, disaster recovery, cybersecurity, business transformation and IT project management, governance, and assurance.  If you would like to arrange an appointment to see how we can help, call 0117 318 5525 or visit our website: www.bristolrisksolutions.com