There has been an increased awareness of the Coronavirus here in the United States since the virus first impacted China in late 2019. This has caused concern for individuals and organizations and, in some instances, led to the temporary suspension of travel for employees of several well-known international corporations. As the virus continues to grow worldwide, businesses face a series of questions regarding the impact the virus could have on their operations. Fortunately, businesses do not have to wait until disaster strikes before putting a plan of action in place and are wise to take data security measures well in advance.
What areas are top of mind as businesses of all sizes continue to monitor and prepare for the Coronavirus? Below are some considerations:
1. Review Your Business Continuity Plan: This is a very timely opportunity for organizations to review their current business practices and policies, including the Business Continuity Plan (BCP). Whether it is the Coronavirus, Influenza, or something else the BCP is top of mind for many and it is a good time to evaluate the “what if” scenario. A BCP details how an organization will recover interrupted critical business functions after a disaster or disruption has occurred. Armed with a BCP, executives can respond in an orderly, rational way. A BCP allows decisions to be made along predetermined guidelines and will answer potential questions such as:
a. How many absences can we handle before business operations are interrupted?
b. How do we keep operations running during an interruption?
c. What changes can we make to keep the business operating effectively?
2. Pay Attention to the Pandemic Section: Companies should confirm that the BCPs in place are adequate to address business needs in the event of a pandemic. Often a BCP will have a section that specifically addresses a Pandemic, including such topics as:
a. Workplace safety precautions.
b. Employee travel restrictions.
c. Provisions for stranded travelers unable to return home.
d. Mandatory medical check-ups, vaccinations or medication.
e. Mandatory reporting of exposure, such as employees reporting to employers and employers reporting to public health authorities.
f. Employee quarantine or isolation.
g. Faculty Shutdowns.
3. Review Existing Employee Policies: Now is a great time to review your workplace management policies with a particular focus on the data security provisions you have in place that address such areas as telecommuting, IT use policies, and paid time off. Are you equipped to permit employees to work remotely from home without compromising the data security of your infrastructure or confidential information? Are the appropriate technical and administrative controls in places? Adopting some of these work from home and/or remote options may make sense but could lead to operational challenges and unforeseen data security risks to a business. Some other areas that may need to be addressed include the procedure for sending symptomatic employees home, implementing quarantines for employees returning from high-risk areas, limiting face-to-face meetings, and temporarily shutting down operations.
a. Special Labor Relations Consideration: Be aware of existing agreements and any labor relations issues that may come in to play. For example, businesses operating in a union environment may be impacted by collective bargaining agreements that have special provisions regarding paid time off to union workers in the event of an emergency when employees are prohibited from reporting to work. Always check with counsel before unilaterally implementing any changes to existing policies.
4. Consider the Impact on IT Service Providers: Review your contracts and keep in mind that an outbreak or epidemic can not only affect normal business operations, but also service providers and suppliers. Be familiar with key provisions that could impact your business operation. Review Service Level Agreements and understand how data can be accessed remotely if needed.
5. Remind Employees on Data Security Best Practices & Remote Data Access: With increased concern of the Coronavirus we continue to see scammers utilizing email phishing attempts to target victims. Remind employees to be vigilant when receiving emails, for example not clicking on links or attachments within emails from senders they do not recognize. These attachments and links can contain malicious content, such as ransomware, that can infect your device and steal personal information.
6. Stay Up to Date on CDC Recommendations: Businesses are wise to regularly monitor the CDC website for current recommendations regarding travel restrictions and other precautions that affect business decisions. Regularly communicate updates and changes to your workforce.
7. Educate Your Workforce: Create a culture that understands the potential IT implications when working from home and how their corporate IT and other technical policies apply to home work conditions.
Octillo is working with global clients and brands on low cost, high impact changes to policies and rolling out policies to address IT and remote working conditions. As a leader in this space, we assist companies in proactively preparing for unforeseen circumstances and business scenarios such as those caused by the Coronavirus. It is much better to be over prepared for these unpredictable circumstances than under prepared.
*Attorney Advertising. Prior Results Do Not Guarantee A Similar Outcome.