The World Health Organization has declared the Covid 19 or the Coronavirus outbreak as a pandemic. Today, it is a Public Health Emergency of International Concern and of unimaginable proportion. From a business perspective, this is the best time for business continuity plans (BCP) to swing into action and mitigate the disastrous effects and ensure continuity of business.
For enterprises, which are lacking a clear BCP, it is high time for them to assess business risks and the impact that such an eventuality could have. For those who have a BCP in place, this is a good time for a reassessment. Many enterprises are already updating BCP to incorporate contingencies related to the rapidly unfolding Coronavirus outbreak.
Muqbil Ahmar, Executive Editor, dynamicCISO interacted with a few senior security professionals of the country on the subject and tried to understand their views and the key elements that should go into the making of a robust BCP.
According to Ravi Hirolikar, CISO at HighRadius, there are five essential elements that must go into it.
- A tried and tested effective remote work capability. (Provided it suits the type of industry).
- The need for a good collaboration platform.
- Solutions to prevent and monitor security breach attempts.
- A good crisis management team structure and established protocols.
- Requisite infrastructure to handle concurrent remote connections.
A leading cyber security professional, on condition of anonymity, says: “From the perspective of the current crisis, there are three key components which need to go into a BCP.” He lists them as follows:
- BCP should identify ways to “prevent” the crisis from materializing. In this case, prevention would entail reducing employee exposure (e.g., social distancing) and reducing the probability of infection (e.g., sanitizing).
- Second, the plan should have clear processes to “respond”. Response could include strategies for continuing operations (e.g., Work from Home) as well as protocols for what to do in case an employee is infected or getting in contact with infected persons.
- Third, it should outline the “recovery” process. Once the crisis is over, the organization needs to quickly get back to normal and should have a clear path to that.
Sapan Talwar, CISO at Tower Research Capital, goes a little more technical and says: “From my perspective, remote solutions such as Citrix are better than VPN, specifically to enable access to critical applications or data. Basic services such as email or intranet or communication channels can be accessed by VPN with MFA enabled.”
Besides all of the above, the plan needs to have a strong foundation of the various BCP components including business impact analysis, properly defined recovery strategies, testing of strategies in advance, and having a proper crisis management team.
Disclaimer: Views expressed are personal