As businesses all over the country get used to operating in a new normal, Jamie Paddon, (pictured) a leading business continuity expert from Bristol Risk Solutions, is urging businesses to set time aside to capture lessons learnt from how their operations coped with the COVID-19 lockdown, in order to help them be better prepared for future disruptions that may impact their businesses.
There is no doubt that the COVID-19 lockdowns left businesses all
over the world reeling from the experience, with many finding out the hard way
that they were ill-prepared and ill-equipped to cope. However, as the lockdown took
hold, most office-based businesses learnt to adapt; Zoom and Team meetings soon
became an everyday occurrence; staff were able to log into their corporate
networks using hastily purchased and distributed laptops; and business was
being done amid playful cats, the drone of next door’s lawn mower, in between
episodes of home-schooling, whilst sitting in tracksuit bottoms and sporting either
a 70s style mullet or the Jason Statham look.
Whilst some businesses in a non-office environments have been able
to carry on trading, either through online or distance selling, or by adapting
what they do in line with government social distancing guidelines, many
businesses have had to accept temporary closure and ride the situation out by
furloughing staff, taking up government support, deferring costs and taking out
Should businesses have been better prepared?
In short, the answer is “yes”, but although pandemic may have been
on company risk registers for decades, and may even have been covered by
existing business continuity plans, as we have not seen a pandemic in our
country for some considerable time, it was easy to overlook this risk or for
businesses to not fully comprehend what it might mean for them. However, now is
the perfect time, whilst the experience of doing business in a pandemic is
fresh in everyone’s minds, to think about what they did well and what they
could have done better.
Jamie Paddon, a director of Bristol Risk Solutions says
“businesses should think about what worked well for them during lockdown and
what things could be improved upon before they forget what the experience was
like for their staff and customers. During lockdown, we found many businesses
were not even able to redirect their phones, and yet that is an issue which
could have been solved relatively quickly and inexpensively”.
He says “businesses should critically review their IT
arrangements and, if they have not already done so, move their systems and data
into the cloud allowing staff to access them from home. Businesses using
Citrix, or similar technology to allow home working, should review whether they
had sufficient security tokens or licences for their workforce”.
Non-office-based businesses that found themselves unable to
operate during lockdown should consider how they could have been better
prepared and how they could do business differently should any further periods
of lockdown occur. Could they sell online? Operate with social distancing measures? Maintain a cash buffer to ease cash flow? At the very least, they ought to plan how to
use any additional time they may have wisely, like writing social media blogs to
raise their profile, improve their website, refurbish their premises or invest
time into improving their business strategy.
Now our staff can work from home, we’ve got business continuity
licked, haven’t we?
Those businesses whose staff can now work successfully from home might
be forgiven for thinking they no longer need a business continuity plan (BCP),
but that’s simply not the case, as Jamie Paddon explains “Businesses whose
employees are now able to work from home will certainly have better resiliency,
and be able to cope with snow days, protesters closing roads and other minor
disruptions, but they won’t be ready for disasters which take down on-premise
servers, such as a fire, flood, power failure or simply a fault with the server.
Resiliency from these types of issues can be achieved by moving your IT systems
onto a cloud platform, but even that does not solve all your continuity issues
and won’t protect you from a cybersecurity event”.
Cyber-crime is on the increase
Jamie explains that over the past few years there has been a big
increase in all forms of cyber-crime, and recently there has been an explosion
of cases during the COVID-19 pandemic as cyber criminals take advantage of
businesses relaxing their normal IT security controls, allowing staff to use
non-corporate software and their own devices and home networks. He says, “it is
vital that businesses implement measures to protect themselves from
cyber-attacks have a plan to both deal with a cyber security incident and to continue
business operations in a period when normal IT services may be unavailable”.
A business experiencing a cybersecurity incident, may find it
needs to shut its IT services down whilst the damage is rectified, and that may
take many weeks. And, even then, some data may be lost and need to be re-keyed,
so it can take up to a month or more for businesses to fully recover, and there
is also the reputational damage, potential financial losses and possible GDPR
breaches to consider. All-in-all, it is better to be prepared and have a
professionally designed IT Disaster Recovery Plan, which includes cyber
recovery, and for these plans to be aligned with the BCP.
Training and testing is key
Even businesses that have a BCP and IT Disaster Recovery Plan may
not be fully protected in the event of a disaster if they have not regularly
trained their staff how to use the plan effectively and kept it up to date.
Jamie explains, “It is vital that businesses train their staff how to use their
business continuity resources and rehearse mock scenarios. It is also crucial
for IT back-ups to be tested and for restore testing to take place, even where
data is in the cloud”. He concluded by saying “If companies do not
already have a business continuity plan and disaster recovery plan, they should
seriously consider putting them in place. Some companies have used free or
cheap template plans, but it is much better to get these written properly,
specifically for their business, and it will save them money in the long-run”.
Bristol Risk Solutions, Bristol’s premier IT risk
solution provider, helps businesses manage a wide range of risks such as
business continuity, disaster recovery, cybersecurity, business transformation
and IT project management, governance, and assurance. If you would like to arrange an appointment to
see how we can help, call 0117 318 5525 or visit our website: www.bristolrisksolutions.com