Lessons Learned: CEO Challenges during One Month in Emergency Mode

The financial crisis and pandemics have been putting severe impact on the world before, but not as critical as COVID-19 is doing at the moment. Small companies are bankrupting and closing, while larger organizations are striving to withstand the crisis.

The pandemic requires most of the company leaders to reconsider their priorities and may even require the global change in usual approaches to business. By taking proactive steps now, you can put your business in a more secure position to stay strong and recover faster once the crisis decreases.

Challenges for Companies to Live with and Remember for the Future

Many companies have faced significant challenges when dealing with force majeure caused by the coronavirus pandemic. Some started to act only after the quarantine was announced, which is truly not the right time to begin implementing an ISMS and BCM plan. Better start late than never.

The most significant task here, however, goes far beyond of implementation of classical security, environmental or quality management models. In many organizations, this means a change in the perspective and attitude of the management. And the current situation shows very clearly how necessary this paradigm shift is because many companies have:

• no or poor quality business continuity plans;
• fragmented/distributed data;
• lack of structured threats information to proceed with risk mitigation.

Responding to the COVID-19 Crisis: CEO Pain Points

Economists project a hard hit to the economy, the recovery time from which remains unknown. COVID-19 will continue to affect the markets, so the main task here for businesses is to be ready to change, transform, and survive in this period of social anxiety.

This crisis has demonstrated which priorities we will face in information security today and in the future:

• Transforming the security approach due to the changing working environment;
• Secure communication over insecure connections;
• Strengthening security by using trusted cloud solutions.

Organizations are now implementing a lot of this hectically and with high personnel and financial expenditure. Such quick decisions often involve even more risks.

Steps CEO Should Undertake Today to Leverage the Effect of Pandemics on Their Business

Amid the chaos and all the incoming advice, it’s hard to know what exactly leaders should do today. To adapt the business to the new environment driven by crisis, the company’s leaders have not only to take cautionary actions but become more flexible regarding business strategies and be able to navigate through uncertain conditions quickly.

When it comes to planning and compliance, fragmented information is one of the burning pain points for company leaders, as they prevent them from seeing the whole picture of what is going on in the organization.

Usually, different units in the company collect and present data in different ways that make data unification more complicated. Gathering information is only one side of the problem. Another issue is that all data should be correct and relevant.

Primary Tasks of CEO

1. Information monitoring.

It is critical to access information during an emergency, preserving the essential principles of security: Integrity, availability, confidentiality. Information and programs should be changed only in a specified and authorized manner, only authorized users should have access to information and resources, and there should be strict control of who gets to read data.

2. Prompt reports analysis.

With the help of weekly reports, CEO quickly gets a holistic overview of the situation in the company and a clear understanding of which threats were “applied” to the specific business. CEO gets immediate access all daily reports displaying the current state of the ongoing tasks on the different levels (departments, projects, etc.).

3. Management/supervising of Risk Management and Business Continuity Plans.

Defining the list of threats is critical at this point for creating and following the risk management plans. Business impact analysis allows company management to minimize damage and head to fast recovery after the disrupting incidents occur. Supervising of execution of BCPs is important part for these activities.

4. Objectives Management.

Effective task management in the company (tasks done/not done) allows the CEO to set tasks clearly and further link them with the relevant activities. With the task management, you will see what was done and what is left before the due date comes. Tasks can be gathered from different systems and collaboration tools and summed up in one report.

Working in the Coronavirus-related Emergency Mode Plan Presented by the CISO 

Our security managers at Infopulse have followed a clear step-by-step plan to ensure that the business stays safe and compliant. Here is a real-life sample of how our security specialists have presented their plan to the CEO and successfully implemented it. It can apply to any company of any size while facing an emergency challenge:

Team

• Created BCP work group.
• Included representatives of IT, HR, Travel Desk, Office Services, PR, Marketing.
• Made a list of emergency contacts of the BCP team.

Plans

• Updated BCP to work with consequences of the Coronavirus Pandemic.
• Developed an action plan in case of confirmed COVID-19 in the company.
• Prepared offices for the possible introduction of emergency, considered all relevant risks, and took all necessary preparatory measures.
• Interaction with BCP Teams of other organizations to share knowledge and experience.
• Access to the office is blocked for all employees except for attendants and employees performing urgent or business critical activities.
• Introduced Office Policy ensuring quick unlock access for business critical employees.

Customers

• Sent communique for clients and partners.

Equipment

• Arranged monitoring of replacement equipment stock.
• Arranged corporate taxi service to transport equipment for employees.

IT

• Tested the load on the remote access channel to ensure continuous operation of company subdivisions in remote mode.
• Migrated to MS Teams, a tool for effective interoperability and collaboration.
• Organized of remote work for projects that initially could work only from the office. Including Site-2Site VPN Configuration.

People

• Provided substantial assistance for returning people home from abroad.
• Established Travel Desk monitoring of business trips.
• Ensured that employees are appropriately informed about the situation and the implemented measures.
• Ensured psychological support for all employees.
• All possible educational activities were transformed into online mode.

Management

• Organized regular meetings with managers at all levels.
• Regular online meetings of team leaders and team meetings of each delivery for quick and accurate responding to workflow questions and monitoring employees’ health.
• Ensured operation of all company services and made corresponding work schedules.

Premises

• Provided regular sanitation of the used premises.
• Enhanced security and access mode for the quarantine period. Closed walkways and floors.

Security

• Updated the status of physical security systems for office. Make sure that the office without employees is adequately secured.
• Establish additional control over suspicious events in office premises using Access Control and Video Surveillance Systems.
• Provided access to the video surveillance system for regional managers (from laptops and smartphones).
• Organized inspection and shutdown of unused equipment in empty office rooms.
• Prepared security announcements about the non-usage of open social networks for the exchange of confidential information, identification of phishing emails, etc.
• Compliance monitoring for remote devices.

The tasks were effectively assigned to subordinates, their control and fulfillment were reported to the CEO according to the existing security, business continuity, and quality policies. The company has implemented them based on international standards, e.g., ISO 27001, ISO 22301, BSI IT Grundschutz.

Using Infopulse SCM as a Solution to Meet CEO Expectations

These days we pay great attention to all possible and reliable tools to support the activities of each company member. Daily communications moved to MS Teams, Skype for Business, etc. Getting the right solution at the right time will eliminate human errors, save time, and help people concentrate on the urgent task performance and streamline operations.

Implementation of the right standards now is one of the top priorities as it provides a set of actions the company should follow to get a green light, especially in the COVID-19 outbreak.

How SCM Can Help CEO in Addressing Challenges:

• Monitor the consolidated and structured information in one place (uploading information or via SCM integration with different CMDBs and other enterprise management systems);
• Holistically manage all the available assets in the company at various levels;
• Understand how the most critical threats are managed and who is responsible for the task fulfillment (threat catalog in the system is linked with the corresponding requirement and a safeguard);
• Avoid silos and get updated information from security officers at any preferable time;
• Receive critical information about the company in the form of reports and data sets;
• Get lists of fulfilled tasks and prioritize future activities.

When navigating your business in emergencies, it becomes clear that win those who are prepared and able to adapt to new market environments quickly. So, the question arises: what can we learn from this crisis today? Company management should reconsider the work in the emergency mode, draw conclusions, and take it as the basis for the future “work in regular mode.” The transformation businesses are going through today will be relevant for a long time even after the Corona crisis.