One of the most important lessons that a CIO or CISO can learn is to never let a crisis go to waste. If you are like me, the “Pandemic” entry in your risk assessment and business continuity plan was considered, but perhaps overlooked a bit in favor of fires, floods, and power loss. How’d that work out for you?
In all seriousness… We’re a couple weeks in, how is it working out? There is never a better test than the real thing. It’s likely that you will find a few things that didn’t work very well and a new solution had to be rapidly implemented. If you want to maximize the value on all those overtime hours IT put in, now is the time to perform a lessons learned analysis and update your BCP!
When you get back in the office (whenever that is!) you will not remember the sleep-deprived changes that were made to complete a remote workforce transformation in 48 hours.
For example, imagine the CFO is working from her kitchen table and her team suddenly discovers that they can’t access payroll software while working remote. That’s a problem! She calls IT in a slight panic and tells them that nobody will get a paycheck unless they get it working. IT calls back in 15 minutes and says, “You should be good!” She thanks them for their heroics and moves on with her day.
What do you think IT did to get it working, and do you think they documented everything they did?
It’s not out of the realm of possibility that they jumped into the firewall and started opening everything until it worked, and the first time the CIO will hear about the details of the change is from the forensic breach investigation in March of 2021.
While it is still fresh in everyone’s minds, get everyone in the room and talk through what worked and what didn’t. It doesn’t have to be overly complicated as long as you collect the following:
- What were the issues?
- Were the issues addressed in the BCP?
- What were the changes made to address the issues?
- What would you do next time?
After this is done, you’ll have everything you need to go back and validate the efficacy of the changes made, as well as update your BCP to make sure you are ready for the next incident.
Click here for more information on how we set up a continuity plan to ensure we are able to support our clients through remote operations.