March 13, 2020 BUSINESS PREPAREDNESS, CYBER SECURITY

COVID-19 & Business Preparedness

In the last week, I’ve been following news from Italy with worried trepidation.  It is my country and I’ve family and friends there directly affected by what’s going on with COVID-19.  Many of them live in areas that were declared red zones and are now closed to travel in/out.

I also assess what’s happening in the US and can’t help considering our state of denial won’t last.  I do see our habits starting to change; there’s less traffic around, less people in crowded areas. Yesterday at the grocery, I couldn’t find Clorox in any form.  So, little by little we are indeed starting to make adjustments.  One of our employees had to go to the ER for what appeared to be a severe case of flu, but the hospital, in a good excess of precaution, ordered her in quarantine for 2 weeks.  Things are changing; our lives and our lifestyle are starting to be affected.  And because of the work I do, all this started me thinking, how many of us have a disaster recovery plan that includes a situation like this?

Perhaps at some point in the past, an auditor may have asked you to prepare a pandemic response plan.  If that happened, I guarantee you must have laughed in his face, pasted together something you found on Google, and moved on, shrugging your shoulders thinking “this guy …“.

Before 9/11, most companies didn’t even have a Disaster Recovery plan (DRP)

Before 9/11, many of us were running computer rooms (full of servers) in one of the rooms in our office. Before 9/11, the world was naive and crazy.  That attack changed everything.  We realized things we never thought could happen, indeed happened, and we had to make plans for survival in circumstances that we never imagined would occur in our lifetime.

But one mistake all of us made, and we continue to make until today, is to focus on physical losses. Data redundancy.  Copies. Backups.  Adoption of data center style computer rooms, or moving the entire computer room into an actual data center.  The DC business has ballooned since 9/11, and for good reasons.

However, none of us ever thought to plan for a situation wherein computers are fine but we aren’t.  In fact, computers may be the only thing left standing if this pandemic escalates and becomes more serious than it already is.  But who has a plan for a situation where the computers are running, the data’s where it’s supposed to be, nothing’s endangering our infrastructure, but we simply don’t have people to run it?  No one to run our operations.  No one to show up at work.

How do you even prepare for that?

To be sure, the virtual world we live in (comprised of apps and remote purchases) is already helping. A lot.  Amazon Prime couldn’t have been invented in a more timely manner.  I personally haven’t stepped into a bank in years, and I’ve no need to since I can open a line of credit via phone.  I don’t even need to go to the grocery anymore, to be honest, as there’s this thing called “home delivery” – I made sure to keep a fair distance between us and sprayed all the bags with Lysol once he left (yes, paranoia to the extreme).  I can’t think of anything I need to do in the next 3 weeks that’ll require me to be somewhere crowded.  I don’t even need to go to the gym, for as much as I love going there.  The weather’s slowly getting warmer and I can go run outside, avoiding any contact with anyone else.

Does this mean I’m completely safe?  No.  I still come into contact with my children, who go to school because schools aren’t closed (yet) except for Spring break.  So there’s a chance I might get infected but I’m certainly not going to facilitate that by walking into a crowded mall, as an example.

So, back to the business, how many of you have plans where most of your employees can actually, and productively, work from home for an extended period of time?  When I say extended, schools in Italy are currently closed, with no indication of when they’ll reopen. Stores in Wuhan operate with their blinds half down, people place orders from outside, and an anonymous hand passes them their purchases from under said blind, without ever even making eye contact. Numerous neighborhoods are surrounded by barbwire –  yes, it’s reached that extent – the point where we don’t know when it’ll end. Schools are closed, you can’t leave your children anywhere and you can’t go to work.

Is there even an answer to this situation that can be easily worked out?

I really don’t know.

I do know many businesses can likely allow much of their workforce to work from home.  But there are things you just can’t do remotely.  We can’t stop policing the neighborhood; we’d have chaos.  We can’t close hospitals; we need them now more than ever.  Essential services are called essential for that very reason – we can’t do without them.  But for the rest of us, what should we do?  Close our offices and work from home?  Can a bank close its doors completely?  Actually, the answer is yes.

It’s likely possible to send everybody home and still remain in business.  Maybe it’s time also for those old folks, who continue obstinately to write checks and show up at the teller line at least once a week, to learn that “there’s an app for that“.  Maybe the real DRP for situations like this is a proper education plan for your clients and customers.  Teach them that you’re able to serve them also if they stay home, and that you’ll be happy to shake their hand again when all the madness has passed.

Maybe that’s the only possible plan, because if things go the same route as everywhere else where COVID-19 is concerned, it’s not if, it’s when.  We _will_ get to the point where we won’t be allowed out of our homes, yet life must still continue in a manner we never thought we’d see.

What about Network Box USA?

Less than a year ago, we moved our entire infrastructure to the public cloud so there are no servers in-house anymore; not even one. All our personnel, support, marketing, accounting, you name it, can all work remotely, as we’re a truly mobile company, flexible in how we can provide our services and from where.  We made this move in response to the hurricane season Houston appears to be subject to every single year. But as it turns out, it’s also a good place to be should a pandemic strike, like now.

Our employees can stay home, be safe, order online, work online, and take care of their own health and that of their families.  The public cloud is turning out to be the best investment we’ve ever made in our almost 20 years in business. The fact that we don’t have to worry about running our computers is another demonstration of how the public cloud investment is paying off.  When running a cost analysis for such a solution, one would hardly think to add a line to say “savings in case of pandemic“, right?

Yet here we are

I truly feel many more companies should closely evaluate the public cloud as a great solution. Given that I deal primarily with banks, talking to auditors and other external examiners, it’s high time these individuals loosen up where the idea of public cloud is concerned, and consider that the benefits far outweigh the possible (minuscule) risks.

While I want to wish all of you a safe journey through these difficult times, I also invite you to take this as an opportunity to make business considerations that you might, in other circumstances, have passed over.

For regular updates on COVID-19, please see WHO and CDC.