Preparing for Coronavirus (COVID-19) Business Continuity Plans and Home Working. How we’ve prepared and what we suggest you do

March 5th, 2020
Preparing for Coronavirus (COVID-19) Business Continuity Plans and Home Working. How we’ve prepared and what we suggest you do

As The World Health Organisation are saying that the world is in  "uncharted territory" with regards to the coronavirus outbreak and with Boris Johnson announcing that up to a fifth of UK workers 'could be off sick at same time' (https://www.bbc.co.uk/news/uk-51718917). We have looked at the impact it will have on us as an organisation and our preparations for the possibility of staff not being able to get to the office, or further due to sickness. Though this may never happen it’s good to know you’re ready. Through our preparations hopefully you can look at your own business preparations too.

As an organisation we have developed and helped many organisations with their business continuity plans (BCP).  BCPs are a plan of action for what happens if there are any disruption to the business, this can include, fire, flood, theft, a cyber attack or in this instance a major health outbreak.

In our other blog we have looked at how to develop a BCP and have provided a template to get you started. 

In this article we are going to cover office-based activities, if you are a manufacturing business you will also need to consider precautions to cover production and admin activities.

Overview of Preparations

For our preparations we’re going to look at the following, with a focus on security and continuity throughout:

  • Systems: Does everyone who needs access, have it if they are not in the office?
  • Connectivity & VPN: Do you have the required connectivity with the right bandwidth?
  • Devices & People: Has everyone got a secure computer they can work from?
  • Phones: Can you connect to your phone system from anywhere, or divert calls?
  • Communication Plans: Do you know who to contact and how?
  • Supply Chain: Are your 3rd party providers and suppliers ready?

Systems

Firstly for us to understand how we will continue to work; we needed to look at what systems we need to do so.

How we’ve prepared

We’ve looked at everything we use on a day to day basis including the following:

  • Email
  • Ticketing System – For Customer Support
  • Customer Management Systems (CRM)
  • Remote Management Tools
  • File Storage
  • Vendors Systems
  • Documentation Systems
  • Finance and Accountancy Systems.

For cyber security reasons we won’t go into detail of these systems.

The next thing we did was to look at how we access those services, thankfully for us these are mostly all cloud based so that we can access them from any location. However, some services are locked down to only be accessible from our IP address, we look at that below in the VPN or Remote Access and Connectivity Section.

How we suggest you prepare

In your business we suggest that you look at all the departments, get each department head to think about the systems they use every day, collate a list and then look at how you access those systems and where the data is hosted. For example:

System How do we access?
Email Office 365 – Online
Finance Sage – Accounts PC & Server
Files Some in OneDrive but mainly on Server
Customer Management System Salesforce – Online

Once you have done this, you will need to consider what would be available if you didn’t have access to your offices. In the example above we’re ok with Email and the CRM as they are both cloud based but some discussion is required around the finance and file systems.

File Systems

The next step here would be to look at what are the most important files for you to have access to, e.g.  client information, marketing images, templates etc. Think about what each department needs.

Once you have this, you’ll be able to ensure that these files are available to all those that need them.

There are many ways to do this, in the example above we can see that they are using Office 365, one of the additional benefits of this service is Microsoft Teams, within Teams you can create a Team for each department, and then upload the files they will need. You can ensure that only the right users can access the files they are meant to access so its secure and safe.

The good thing is Microsoft include this at no extra cost if you have an Office 365 subscription, if you have a lot of data you may need to increase your storage licences but you do have a generous data allocation out of the box, with all Office 365 licences as follows:

File Backup

A consideration for storing data is how will it be backed up? You may think that by moving everything to Office 365, or GSuite, that it is backed up but that’s not the case. While Microsoft or Google, certainly has you covered when it comes to any outages on their part, they don’t cover loss of data due to accidental, or malicious, deletion.

Microsoft Cloud Services operate on ‘The Shared Responsibility Model’.

To summarise this:

  • Microsoft protects the infrastructure of their cloud.
  • End clients protect data within Microsoft’s cloud

This is an extract taken from Microsoft’s SLA:

"We strive to keep the services up and running; however, all online services suffer occasional disruptions and outages, and Microsoft is not liable for any disruption or loss you may suffer as result. In the event of an outage, you may not be able to retrieve Your Content or Data that you have stored"

So just like you would always have a backup of your office servers, you should be backing up your cloud services data too, we can help you with this if you would like us to.

What about USB drives?

The problem with USB drives is they can get lost, and if you have any more than a single person requiring access to the data, it is impossible, as others won’t both have access to the data. If the data is just for you, always ensure you are encrypting the USB drive and keep it secure. Windows 10 allows you to do this using Bitlocker To Go, BitLocker, drives that are encrypted using BitLocker To Go can be opened with a password or smart card on another computer by using BitLocker Drive Encryption in Control Panel.

On Premise Systems

When we say “On Premise” we mean that the system is hosted and run from a device within the organisation, usually your server but in smaller businesses your Sage install may be installed on the accounts persons PC. These are not usually accessible outside of the office network. We’ll cover what you can do in this situation in the Connectivity and VPN section below.

Connectivity and VPN

If you are unable to access your services in the cloud you will need to consider remote tools and VPNs.

Remote access tools such LogMeIn and TeamViewer will allow a user to access their office PC or laptop from another device, even their iPad securely.

A VPN creates a secure link between your connection (for instance your home) and your office. It is as if you are connected to your office network when you are not.

How we’ve prepared

All of our services are accessible in the cloud, but for security we do lock down access to some tools so that they are only available from our office IP address (an IP address is a unique identifier of an internet connection) rather than compromise security adding additional IP addresses to the allowed list, we will use the functionality of a VPN. (See Below)

How we suggest you prepare

To create a secure VPN, you will usually use your Firewall, not all firewalls have this functionality so check with your IT provider, team or we can help with this.

Considerations

There are 2 key considerations, A VPN will often need licences from your firewall vendor to be made available to enable you to use this feature. Usually a few, maybe 5 are included by default and this may be enough as not all staff will require VPN access. However, if you require all staff to have access, you’ll need to review the licencing.

Secondly, VPN traffic will be carried over your internet connection, internet connections have 2 important stats, upload and download, VPN traffic will require a considerable bandwidth both ways, but importantly upload, which if you are running over a basic connection, may be lacking.

Leased lines guarantee bandwidth, this is not the case with FTTC (e.g. BT Superfast) or ADSL connections, check with your provider that you have sufficient bandwidth available. Also consider if all staff need access to the VPN, it could just be key staff. Refer to your services to see which.

In our fictional example below if we have moved all the key files to Teams, meaning only Steph and Phil would need VPN access. This can be configured on their laptops (more on devices below)

System How do we access? Who needs access Actions
Email Online Office 365 – Online Everyone Check Security
Finance Sage – Accounts PC & Server Steph and Phil Setup VPN
Files Some in OneDrive but mainly on Server Everyone Move all key files to Teams
Customer Management System Salesforce – Online Sales and Management Teams All ok

People & Devices

The next thing to consider, if people are going to work out of the office, is what device are they going to use? Some users may be able to work from their phone or iPad but will this be good enough? With others they’ll be able to use their company laptop. But what about users who don’t have a laptop and use a desktop PC usually?

How we’ve prepared

The majority of key staff use laptops, however a few users in our support team do use desktop machines. For continuity we have a variety of spare laptops that are configured with all our security software for use. These will be available to be used by our teams to continue providing support with them working from home.

Useful Resources

Here's 2 posters we've used with our staff to inform them on the best way to prevent the virus. Click to download full resolution PDFs

 

 

 

 

 

 

 

 

Cover of Staff

In the unlikely event that all our staff are unable to support our clients due to illness, self-isolation or for any other reason, we have a backup through an external 3rd party help-desk provider that we have already engaged with for continuity of service, if required. This provider will be able to continue supporting our clients with the knowledge and documentation required, having access to our systems as if they were our own staff.

How we suggest you prepare

Refer to your list of staff and create a list of devices that they will use in a continuity situation.

User Device Access Required Actions
Phil Spare Laptop instead of PC VPN for Sage, Email, Salesforce, Teams
(Sales, Finance, Management)
Set up VPN and test
Steph Company Laptop VPN for Sage, Email, Salesforce,
Teams (Sales, Finance)
Set up VPN and test
Dave PC in office, Company iPad Email, Teams
(Management)
Happy to use iPad for email and docs
Paula Company Laptop Email, Salesforce

Teams (Sales)

No action
Andrew Company Laptop Email, Teams
(Marketing)
No Action
James PC and Surface Pro Email, Teams
(Management)
Will use Surface
Justin Only Office PC Email, Salesforce Teams

(Sales, Finance, Management)

Order additional spare laptop to use and configure
Emma PC in office, Company iPad Just email Setup iPad and test.

 

Make a list of actions that are needed to ensure all key staff will be able to continue working and that they have the right equipment to do so.

The problem with allowing users to use any device to connect to company systems (for instance their home PC), is that you have no control over those devices. A home PC could have been used by any one to access illegal streaming sites, and have dormant malware embedded on the device, such that when a user connects to company resources, this malware may cause potential issues, either through usernames and passwords being stolen, or viruses transmitted.

Who are the key people in your business? What would you do without them? You may be able to survive without one of the sales guys but what about fee earners, customer services, admin or technical staff? Should you engage with a temp agency, or locum service, now so that you know who’s best to speak to when you need cover at short notice?

Phones

How we’ve prepared

We use a cloud-based phone system; therefore, we have a few options, we can access our desk phones at a different location, but more than likely our staff will log in to the softphone applications via their mobiles, or laptops, meaning there will be no difference to inbound or outbound support calls or enquiries coming into the business.

How we suggest you prepare

Speak with your communications provider, if you’re a small business you may be able to continue simply by diverting your local number to your mobile. However, if you’re using on an on-premise phone system it will need to be a bigger discussion.

Will you be able to divert extensions to mobile numbers? What impact does this have to your phone bills? Often when calls are diverted the phone system will take the call and forward on with an outgoing call that will last as long as the call before disconnecting. This could be costly if you have a lot of extensions requiring divert.

Your comms provider may be able to install an add-on to give you soft phone functionality, or divert your DDI numbers at source, there are many options available.

If you’re looking for a modern phone system that is flexible and affordable give us a call and we can recommend a suitable solution.

Communication Plans

A great tool in any business continuity plan is a communication plan. What do you need to do to tell everyone not to come to the office? Are phone lists on everyone’s desk, but what about if the office is unaccesible? In the days of WhatsApp and iMessage it’s pretty easy to inform all staff of situations in smaller businesses, but if you’re a larger company can you definitely contact everyone, all at once?

You should also have a list of key contacts both in the business and out, this should include your insurance company, IT providers, HR consultants, external payroll and possibly others.

Supply Chain

How we’ve prepared

One way our business will definitely be impacted is through our supply chain. China is the world’s largest manufacturer of mobile phones, computers, and televisions. Wuhan where the outbreak originated, is home to factories that build everything from optic-fibre cables to flash memory. Though our vendors products may not be made in China, components which go into them certainly are.

This has happened previously during events such as the Tsunamis that hit in 2012 or the SARS virus of 2002-2004. The factories that were affected not only caused a shortage in the channel, but also price increases.

We have already started to see some shortages in the supply chain and increased prices which we are currently managing through relationships with vendors and our distribution partners.

We’ll continue to monitor the situation and ensure we’re delivering projects as quickly as we can.

Away from hardware we have been in discussions with all our external 3rd party service providers to ensure their business continuity plans are in place to cover any potential issues coming from this outbreak. We will continue to assess and discuss this with these partners.

How we suggest you prepare

Do you have projects that you are considering that may require hardware? A new server? Roll out of laptops rather than PCs? Do you have Windows 7 machines that need to upgraded to Windows 10? Major networking refresh?

You should discuss with your provider to ensure that any planned project, dependent on hardware is going to be able to be delivered on time. You may wish to bring some projects forward.

Secondly speak with your external providers, for example an external payroll provider. What would happen if they were unavailable? Do they have plans in the event their staff aren’t available? Your staff may be fine, but they’ll get very annoyed if they’re not paid because your payroll can’t run! Ensuring you have your ducks in a row will really help

Finally

Hopefully you’ll never have to use your Business Continuity Plans, but whether its Coronavirus or any other disruption to your business, having considered what you will do in a situation means that you are ready, you won’t lose productivity and most importantly customer trust.

As a reminder

  • Systems: Does everyone who needs access, have it if they are not in the office?
  • Connectivity & VPN: Do you have the required connectivity with the right bandwidth?
  • Devices & People: Has everyone got access to a secure computer they can work with anywhere?
  • Phones: Can you connect to your phone system from anywhere, or divert calls?
  • Communication Plans: Do you know who to contact and how?
  • Supply Chain: Are your 3rd party providers and suppliers ready?

We hope you’ve found this article helpful, if you’d like to discuss any part of it, please contact one of our team directly, or our director Steve McGowan who has been working on our plans at ATG and is happy to discuss how you can ensure you won’t have any issues, or share any part of our plan with you.

Remember we have a simple business continuity plan available to download.

ATG Risk

We have considered the risk to ATG to currently be Low with the following considerations:

  • The number of Covid-19 UK cases are currently low
  • No local cases
  • No staff have travelled or plan to travel to affected areas
  • No staff have concerns surrounding health
  • Installation of additional hand washing facilities
  • Staff education on best way to prevent infection

We will however monitor the situation ongoing and make decisions as the situation develops.