Due to the current global situation, business continuity management and ensuring overall security is timelier than ever. While such plans are ideally never needed, every business should still have them. If the risks materialise, all the preparations made help secure and restore business operations and key processes.
New operational environment requires critical assessment of existing plans
A company’s comprehensive security, including continuity management, is a combination of digital and physical security. Secure digitalization is based on the principle that information systems are built with cyber security in mind from the get-go. That is the only way for meeting the desired goals through digitalization.
In addition to technical issues, however, this also entails everyday security. A company must ensure that its physical facilities are secure and that its personnel have good basic readiness regarding security issues. It boils down to such simple and yet crucial things like password management and physical access control, for example.
If these aspects are taken care of, the foundation is solid. Even so, the company cannot ignore changes in the prevailing security environment: the current situation may raise new risks that you have to prepare for. It requires critical consideration and updates to existing plans, risk assessments and actions.
Identify and prioritize key processes, define responsibilities
The first step is to link the current global situation with the company’s operations. Companies must identify the threats and potential disruptions that are relevant for the company right now. At the same time, companies should map all critical business processes and tasks, and define how these should be prioritized in terms of security. For example, the management of monetary transactions is critical to many businesses and even short disruptions could lead to major problems. When you have no time to lose, you must have your action plan ready.
The identified tasks and actions should then be divided into sub-tasks with a specific person responsible for each sub-task. It is also good to designate backups to avoid absences, vacations, or business trips from slowing down reaction readiness. It often pays off to practise the actions in advance.
Communication adds to a sense of security
In this day and age, companies are expected to excel at their communications, as continuity management cannot be done in a bubble. Even though a disruption may not be serious for a specific customer or some other stakeholder, refraining from open communication could be interpreted as if the company is hiding something. This may affect the company’s reputation and therefore cannot be ignored. In many cases, it would be good to provide a helpdesk or at least a list of frequently asked questions for all stakeholders.
Information operations introduce a new aspect to continuity management. It is likely that there will be an increasing number of information operations against companies where real and distorted information is being mixed and blended. In such cases, identifying false information can be difficult, and when exposed to the general public, it could take credibility from the entire organization. Eventually, this could paralyze its operations altogether. The best defence against information operations is to tell the truth. There are also technical ways to disrupt communication, however. So, it is not enough to define who writes the press release – you also have to define who you want to inform, how to contact your stakeholders and how to manage internal communications.
Communications is also important for implementing continuity management plans. It is up to the communications to justify the importance of the plans, as this helps keep the personnel committed and motivated. In the current security environment, communications also build security: it underlines the fact that the company has the means to deal with challenges and also prevail after them.
Continuity management cannot be outsourced, but help is available
The new security environment is here and now, and companies should react as soon as possible. If your own resources are insufficient, you can contact partners for help. While you cannot outsource decision-making, you can call on external experts to identify risks, map out your options and plan the actions.
Insta has specialized expertise in comprehensive security management, digital security and continuity management. We are a trusted partner for many organizations playing a critical role in security of supply, and a strategic partner for the Finnish Defence Forces. We help our customers act as required by the new global situation.