Are you ready to work from home during the coronavirus? Is your firm prepared to operate despite the risks posed by COVID-19? As the United States braces for a potential outbreak, ask yourself these three questions to assess if you have the necessary preparations for ongoing productivity.
Is your staff equipped to work remotely?
All employees must have familiarity with your work-from-home policy, up-to-date training on systems that allow them to work remotely, and the equipment to do so. Ensure that IT has enough licenses for each user to access all systems, remotely and concurrently. Each department must evaluate their capacity to continue performing their duties when short-staffed or off-site, and address challenges while the threat remains minimal.
“Given that large numbers of employees may be absent from the workplace in the event of a. . .disease outbreak, employers should implement plans for new employee training, cross-training of existing employees and developing a pre-planned communications strategy for contacting large numbers of employees located outside of the work site.” (Source: American Bar Association)
Has your business continuity / disaster recovery plan been reviewed in the past 12 months?
It is strongly recommended firms revisit their business continuity/disaster recovery plans every 12 months. Ensure your BC/DR policies include plans not only for extreme weather, but pandemics as well.
“When drafting a pandemic preparation plan, employers should include procedures for employees traveling outside of the United States, handling employees who are sick in the workplace and the implementation of health and hygiene measures, such as remote work strategies and crisis management procedures…” (Source: American Bar Association)
“Law firms’ ability to demonstrate preparedness may be considered a competitive advantage, if not a standard part of doing business. . . According to Washington Lawyer (July/August 2006): “For some clients, how a law firm handles disaster recovery and business continuity may be a factor in their selection.” “It is something every business should have in place,” but some law firms don’t, says Brad Miller, claim and risk manager for JBL&K Risk Services in Portland.” (Source: Oregon State Bar)
“An institution’s business continuity plan should include:
1. A preventive program to reduce the likelihood an institution’s operation will be significantly affected by a pandemic event;
2. A documented strategy that provides for scaling pandemic efforts commensurate with the particular stages of a pandemic outbreak;
3. A comprehensive framework of facilities, systems, or procedures to continue critical operations if large numbers of staff members are unavailable for prolonged periods;
4. A testing program to ensure the institution’s pandemic planning practices and capabilities are effective and will allow critical operations to continue; and
5. An oversight program to ensure ongoing review and updates to the pandemic plan.”
(Source: Federal Financial Institutions Examination Council)
Can your mission-critical IT systems be managed remotely?
Verify that your IT team is fully capable of managing all mission-critical systems remotely and securely. Don’t let a pending update take your systems down when no one is on-site for remediation; check that your environment is fully patched. Additionally, ensure that no systems demanding supervision are tied to a single point of failure, e.g. having only one member of the IT team with access to a given system, especially if access relies on using their personal device for multi-factor authentication (MFA).
If your IT Support team has pending requests for equipment repairs or replacements that could potentially prohibit staff members from working effectively outside the office, resolving those tickets must be a priority.
Next steps
Kraft Kennedy recommends immediate proactive planning with a trusted technology partner to minimize the impact of an outbreak. To assess the readiness of your business, please reach out for a priority review of your IT environment. Ask your IT questions before, not during, an emergency situation.