The current global health crisis has ushered in unprecedented changes to the work practices for all of us. Overnight, millions of employees throughout the United States and the world transitioned from going to work to working remotely, often from home. This is stressing companies, customers, and employees as many companies were ill prepared with out-of-date business continuity plans or plans that were never exercised or tested. In fact, of 500 US companies surveyed by AvidXchange, only 37% of respondents even possessed a business continuity plan. One of the company departments hardest hit by this lack of preparation was IT departments.

Cyberattacks are a growing threat facing every aspect of the U.S. economy, increasing by 67% since 2014 according to Accenture. And, according to market research firm Canalys, the sudden and dramatic switch to remote work forced companies worldwide to spend 34% more on IT services from January to March this year than they did during the same period last year. While it is important to invest in cybersecurity, many of these purchases were not financially efficient. Paul McKay, a senior analyst at Forrester Research Inc., argues “There are a lot of security tools in organizations that are shiny nice objects but aren’t really doing much for the business.” While most resources in a cybersecurity budget are allocated towards an advanced technological solution comprised of physically secured hardware and advanced cryptographic protection of data, a complete cybersecurity solution extends beyond the realm of hardware and software and into policy.

As companies contend with what the future of work will be in the coming months and even into next year, it is important business continuity plans are not simply filed away electronically or tucked into a desk drawer.  Rather, these plans should be living and breathing, evolving as business evolves and exercised. The best business continuity plans allow and encourage users to be intimately familiar with the processes and tools necessary to maintain continuity during unexpected situations.

From a security perspective, an effective cybersecurity continuity policy involves education, standardized procedures, and consistency.  Users are the weakest link in cybersecurity, unfortunately falling victim to sophisticated phishing schemes or not performing good technological hygiene including keeping Wi-Fi routers and personal computers up to date. Companies should invest time into educating employees on good internet practices and stress the importance of keeping devices up to date. This can be accomplished through simple training videos, easy to understand classes, and PSA announcements through email.

Companies should develop procedures designed to facilitate mass transitions to working from home and that will not expose them and the enterprise to major security breaches. The implementation of company-wide technology, processes and procedures, management, employees, and contractors will be able to transition together, ensuring minimal downtime of systems and dramatically reduce slowdowns in productivity. Consistency is key to implementing a plan successfully. Plans should be reviewed and updated every year to adapt to evolving threats and employees should remain constantly aware of their role in a transition. Without consistency, a good plan will not be implemented well. Finally, the plan must include the use of the technology, processes and procedures throughout the year. Familiarity and practice are essential. Minimizing the user’s needs to change his or her cadence minimizes the threat landscape.

The current crisis will not be the last one we face and will certainly have lasting effects on how we operate.  However, we can take lessons learned and prepare.  Effective planning and policies that keep users prepared are key to an organization’s successful response. We have experts on hand to help you improve your security continuity plan.