Preparing for another shutdown
Surely you've heard of Severe Acute Respiratory Syndrome Coronavirus 2? What about SARS-CoV-2 or novel coronavirus-2019? COVID-19? Regardless of what you call it, we were all affected by it in March of 2020 when the US was shut down to prevent the spread and contain the outbreak of this previously unknown virus. The situation quickly became a political hot button, and everyone wanted to weigh-in. Ticker boards were implemented on every news site detailing the number of people affected by the virus. Regardless of your political leanings, you were likely impacted by the outbreak. Businesses were caught off guard, and even companies with robust infrastructure and well-prepared Business Continuity Plans were blindsided. Now, months after the initial outbreak and shutdown, talks of yet another shutdown are starting to gain more attention. What does that mean for the country? Who knows, everyone is speculating. I’m not a political strategist or economist; I’ve spent my entire career in IT happily avoiding such topics, and luckily, my chosen profession in cybersecurity still allows me to do so. With that being said, the COVID outbreak forced all of us to confront our response to another shutdown. This article attempts to avoid the political and ideological pitfalls and address, from a technical perspective, what you can do from a business and personal perspective IF another shutdown happens.
Preparing your business for the second time around
The first shutdown forced a lot of companies to consider what they would do if workers could not go into the office, visit clients, or in some cases, even go outside. Unfortunately, a lot of companies learned "on the fly", which may not be the best method. That’s not to say that businesses were completely unprepared, most businesses have some sort of business continuity plan. Planning for a fire or other natural disaster is common for organizations, but a pandemic? Most had simply not considered a pandemic at all, let alone a pandemic that forces you to shut your doors even if you’re not providing a service to the public. Below are some technical and business items that you can implement to help you keep your operations moving even if another shutdown is put in place.
1. Review your business continuity plan (BCP).
- Does your BCP include a pandemic?
- What went well during the first shutdown?
- What should you do differently or better?
- Do you have a communication plan in place?
- Are you communicating with your customers so that they understand what your company is doing in response to a shutdown?
- Is it necessary to communicate with your customers at all?
- Review and disseminate your leave and telework policies with all employees.
- Do your business partners understand your response?
- Do your business partners need to understand your response?
- The Risk Assessment should identify any gaps in IT or Security that may need to be addressed before allowing your workforce to work remotely.
- This assessment should ask high-level questions as well as delve into the “how” of the problem you’re solving. For example, are your employees able to work remotely? If yes, how do they do that? VPN, Citrix, etc.? How are you securing that access? MFA, Encryption, etc.?
- If your IT manager must go on extended leave, do you have anyone to replace him or her?
- If your office closes, can your office manager be trained to perform other roles?
- Institute a communications plan with regular check-ins and updates. This ensures all employees understand the current situation and are updated and engaged regularly. Most people are creatures of habit, so making sure your people are updated and engaged will go along way to their morale and mental health.
- Understand the legal and reputational impact of business decisions. Just because it makes good business sense in the short term does not mean that it will pay off in the long term.
- If your business remains open, ensure that you have ample supplies on hand to keep employees and customers safe and healthy.
- Encourage employees to stay home if they're not feeling well. Discourage your employees from “playing through the pain”. We all need some time to recover, so ensure that your employees are comfortable staying home if they need to.
Using the BCP model in your personal life
While not all aspects of business apply to your personal life, the BCP methodology can be a good guideline to help you prepare for a potential disaster. Take an analytical look at your personal life and assess the risk of being stuck at home. As the economy reopened in the summer of 2020, it did not take long for most of us to get back into the swing of things, and with that comes a bit of complacency. As a disclaimer, I would like to mention that I’m hoping another shutdown is not enforced or necessary, but I do believe that being personally prepared is crucial. While I do not pretend to be an expert in personal preparation, there are some general steps that I’m intending to follow to prepare for another shutdown, should one be implemented.
- Stay in the loop.
- The best way to make decisions is with information. The Center for Disease Control (CDC) and World Health Organization (WHO) provide updates on their website regarding the COVID-19 situation. These are good sources of information and should be considered when making decisions about how you’re going to address another shutdown. I would also encourage you to visit the National Institute of Health (NIH) website for more information. Additionally, most state and local governments have posted COVID-19 updates on their websites. These are a good source of information for what is going on in your local area.
- Stay in contact.
- Make sure you can contact the necessary services and loved ones in the event of another shutdown.
- Structure your communication plan. It may be helpful to maintain a sense of normalcy by scheduling your communication plan or to schedule a check-in with loved ones every other day.
- Video chat is a great way to stay in contact. Facetime and Google Meet are good options for staying in contact with loved ones and they’re free.
- Take care of yourself
- Get fresh air.
- Stay active if possible
- Stay productive. Whatever it is, paint your bedroom, quit smoking, clean out your sock drawer, whatever you can do to stay and feel productive.
- Stock up on the essentials
- I’m not saying go to Sam’s and buy nine cases of toilet paper or a jumbo bottle of ketchup, but make sure you have a few masks on hand. IF another shutdown occurs, you will still have to leave the house eventually, so make sure that you have a mask in case you have to go to the grocery store, or in even worse, urgent care.
- Make sure you do not let your medication supplies get too low. Again, do not go buy twenty-five bottles of Tylenol or the jumbo pack of TUMS. Just make sure that if you must stay home that you have plenty of required medication on hand. If you need Albuterol to treat your asthma, then make sure you keep a supply on hand.
- Depending on what you read, you may be worried about food shortages. According to WebMD, there does not appear to be a real risk of the US food supply chain being too affected by the shutdown. https://www.webmd.com/lung/news/20200618/how-covid-is-affecting-us-food-supply-chain.
Regardless of your opinion about the pandemic, you will be affected if another shutdown is implemented. If you run your own business or have a regular nine to five, you will have to make changes both personally and professionally. The best approach is to remove as much emotion as you can from the situation and make decisions based on what you KNOW, not what you THINK. The advice provided is general and may not apply to you personally or professionally, take what you need and leave the rest. As security professionals, we tend to see businesses, especially smaller businesses, caught off guard when it comes to business continuity. It is our job to bring these questions to our leadership and think critically about the “what ifs”.
Written by Nathan Rice
Nate has fifteen years of IT experience spanning a variety of domains with a focus in defensive security. Nate currently holds the following certifications: CEH, CompTia Security+ and CompTia A+. Prior to TechGuard Security, Nate was a Senior IT Security Engineer at a Fortune 100 organization. As a Security Engineer, Nate focused on new technology integration and implementation. Along with a variety of application administration roles in security operations, his past project work includes, Implementation of a DLP Program, Single Sign On Program and Multifactor Authentication. At TechGuard Security, Nate conducts audit control assessments, penetration tests, vulnerability assessments and social engineering exercises. Nate’s focus is on customer service and support, as well as providing customer solutions to complex IT security challenges. When not working or studying Nate enjoys being outdoors and spending time with his wife and kids.