The coronavirus pandemic changed the way businesses operate across the globe, seemingly overnight.
Were you prepared with a Business Continuity Plan (BCP), or did you find yourself scrambling for answers amidst the crisis?
Milinda Rambel Stone is Vice President and CISO for Provation Medical, a company that implements software in hospitals. Talk about ground zero during the pandemic.
She recently explained to us how she adapted the company's business continuity plan in the middle of the COVID-19 response. We spoke to her in our series of daily online briefings, called the SecureWorld Remote Sessions.
Fortunately for Rambel Stone, her team was already defining a BCP and had the structure in place. With Provation Medical based in Minnesota, most of the scenarios were weather related. For example, what happens if a big storm sweeps through and no one can come to the office?
However, when the team took notice of what was happening in China back in December, they decided "pandemic" should be added to the list of scenarios in their plan.
"We identified that there was a high level of risk around it, and identified it would be wise to add it in," Rambel Stone shared. "We had hoped it would never be called to implement, but we would at least have the structure in place so that if we ever needed to, it would be there. What we didn't anticipate is that it would get called to be implemented so quickly."
The very afternoon her team added "Pandemic Planning" to their business continuity plan, the team was asked to implement it immediately.
Although her team had a foundation in place, Rambel Stone explains that it was still a huge endeavor to move forward. New technologies had to be added, an HR perspective had to be added, and her team had to identify the gaps and quickly prioritize them.
Since Provation Medical provides and implements software inside hospitals, the company was forced to shift gears drastically to keep operations going amid coronavirus concerns.
With social distancing requirements, the company had to begin implementing software remotely in a digital fashion.
Simultaneously, Provation Medical's employees transitioned from the office environment to a remote workforce.
Finally, Provation Medical acquired another company at the beginning of the year, so Rambel Stone's team had to get all of the acquired company's documentation and incorporate it into their entire response plan within a week.
Those are a lot of moving parts!
"It's also devising a playbook, so that if you ever need to implement any portion of your Incident Plan or your BCP, you can call it and work it through the steps," she said.
She also explained that her team had been performing monthly tests against their BCP that helped them identify gaps and tweak items from the results.
Rambel Stone recommends creating a cross-functional business continuity team made up of cybersecurity, HR, communications, customer service, and others which make sense for your organization. It is important to have someone involved from each department across the organization so everyone can be represented.
If the BCP is being implemented because of a crisis even, it is possible the people implementing it are also in crisis mode.
Understanding how to manage people during a crisis by maintaining a sensitivity around what people may be going through was key for her team.
"Thinking about COVID-19, we had to ask ourselves, 'How do we run the business at the same time we protect our employees?'"
Provation Medical's Human Resources President chairs the business continuity task force, helping to ensure the staff is engaged and keeping a pulse on how they are doing.
The company also holds regular virtual meetings and get-togethers to check in with each other.
BCP planning: key concepts
According to Rambel Stone, their BCP changed significantly following the onset of COVID-19 because they had to add in the Full Business Impact Analysis, and more importantly, gain cadence to working on business continuity.
She also reminds us that it's not just security's responsibility to own business continuity. She explains it is important to have the company understand "What happens if we can't run our business? Having that story, having that conversation, in a non-scary security way is key."
"You just don't realize how significant it's going to be until you are actually in the event. I worked at Target during and after the breach, and I learned so many things that I'm grateful for.… That particular event pales in comparison to what we are going through now.
I just think it’s so important that we, as a security community, share information and work with each other to get us through this COVID-19, because there will be other things like this, and it would be wonderful if we collectively come together."
Web conference: Business Continuity Planning During the Coronavirus Pandemic
Whether your organization already has a BCP or is planning one now, we highly suggest you take a few minutes to watch the SecureWorld Remote Sessions episode where Milinda Rambel Stone shares much more of her experience with a BCP amid the Covid-19 outbreak.
WATCH: Fireside Chat: Business Continuity Planning During the Coronavirus Pandemic
Thank you, Milinda, for helping your peers and sharing in SecureWorld's mission of connecting, informing, and developing leaders in cybersecurity.