Covid19

Access Controls Blog

Guardian Eagle’s Response to COVID-19

In an effort to help our colleagues and fellow businesses who may need some guidance, we would like to share some direction that may help with a few things like:

  1. Keeping your business functional during an unplanned crisissteps you can take now. 
  2. Having a plan in place that allows all or most of your staff to efficiently work from home, and 
  3. Implementing SOPs for a solid business continuity plan that will your critical systems for unplanned crisis.  

What companies can do to facilitate:

Keeping your business functional during an unplanned crisis:

– steps you can take now.

  1. Keeping your business functional during an unplanned crisis – steps you can take now.   
    • a. KEEP IN MIND, we don’t know where this crisis is going, so its not too late to plan for the unknown.  Prepare as though something worse will come.  
    • b. Make a list of the critical systems your business needswho uses them and how they interact with those systems, and the impact on your business if you were to not have them.  Ask yourself the following for each: 
      • i. Are they running on servers in your office?  A data center?  Hosted in the cloud?  On someone’s desktop or laptop.
      • ii.Do they rely on connections to other systems?  If so, where are those systems and how do they communicate with each other
      • iii. What would happen if you were to lose access to those systems?
            • 1. Temporarily losing access?
              • a. Impact to your customers
              • b. Financial Implications (Regulatory Fines, lost revenue, legal costs, damages to other parties)
              • c. Operational Ramifications and Impact to your employees (falling back to paper, not being able to do something, etc.)
              • d. Reputation Damage
            • For weeks or longer?
              • a. Impact to your customers
              • b. Financial Implications (Regulatory Fines, lost revenue, legal costs, damages to other parties
              • c. Operational Ramifications and Impact to your employees (falling back to paper, not being able to do something, etc.)
              • d. Reputation Damage
    • iv. How often are those systems currently backed up? Where are the backups Stored? Are the backups being tested? What would it take to restore from a backup (time and money)? How much data would you have lost between the time of the last backup and the system failure?
    • v. Are the data and/or applications being replicated? If so to where, and how? Are those systems available to failure? If so, how long will that take and what data loss might be expected?
    • vi. What types of security do you have in place to protect those systems from malicious attack?
  • c. This should give you a good idea on the gaps you might have between how your critical systems are currently protected and how you want them to be.  Prioritize by Risk and Business Impact. Don’t treat everything the same.
  • d. When you have a clear picture of the gaps you want to close you can start to evaluate solutions.

Answering just some of those questions regarding your most important systems, can quickly point you in the right direction.  You can do this in steps.  We can help.

2. Working from home.  Here are some of the basics that organizations need to facilitate working remotely:

    • a. Shared Document Storage online.  This means electronic files your employees create, save, and share need to be in a location other than their own computers, and they need to be accessible from anywhere.  Some examples of how do this are:
      • I. MS Sharepoint, DropBox, File Store in a data center, etc.
        1. Evaluate what you are currently doing for sharing files.  Is it working?  Can you access it from anywhere?
        2. Think about the number of employees you have, if you have different permission levels that apply to different files, how many files, if you have sensitive data, etc.
        3. Do you need to have PC access, Mac, phone app, tablet?
        4. Do you need to organize internally by departments?
        5. Do you already own one or more of these solutions?
        6. Make sure you understand how it is backed up and that you are comfortable with it.
        7. What level of administration do you need internally to support the solution
        8. After you understand this better, you can evaluate if you have a gap between what you are currently doing and what you want to be doing.
        9. Once that is clear you can evaluate your options.
    • Shared Collaboration Tools. These are tools that let you communicate real time with video, voice, instant message, screen sharing, real-time file sharing, scheduling and conducting virtual meetings, etc.  Some examples of this are.
      • i. MS Teams and Zoom
        1. Evaluate what you are currently doing.  Is it working?
        2. Do you need to have PC access, Mac, phone app, tablet?
        3. The level of file sharing, security, real time collaboration, Instant Messaging, etc.
        4. Do you need to organize internally by departments?
        5. Do you already own one or more of these solutions?
        6. What level of administration do you need internally to support the solution
        7. After you understand this better you can evaluate if you have a gap between what you are currently doing and what you want to be doing.
        8. Once that is clear you can evaluate your options.

c. Critical Business Applications need to be available from outside of the office:

  • i. Defining them and understanding some of the same items identified in section
    • 1.  (Keeping your business functional during an unplanned crisis)
  • ii. Critical Paper Based Processes
    • Defining them and replacing them if possible with solutions that don’t require being in the office.
    • If they can’t be augmented with virtual solutions, then planning who, how, when, and where these process will be conducted if the office is no longer a viable location should be established.

3. Preparing your critical systems for unplanned crisis:

  • a. Define what is critical and implement solutions according to the priorities defined in section 1 (Keeping your business functional during an unplanned crisis)
    • I. What would crush you if you lost it
    • ii. Protect the DATA of that system more than the system itself\
    • iii. Understand the difference between and importance of backups and data replication.
  • b. Have a written plan in place for a disaster
    • I. Each system that you consider critical should have a plan.

  • c. Test the plan annually

 

For more information please call or email: 727.535.3592 | consulting@theguardianeagle.com