As COVID-19 continues to spread worldwide, not only disrupting health and life but also business continuity up and down the supply chain, economic and cyber risk have taken on pandemic proportions, as well.
Many enterprises are struggling just to keep essential services functioning as they send employees home to work with new, hastily procured technologies. At the same time, they’re battling a surge in cybercrime by threat actors seeking to take advantage of the chaos.
Risk management right now can feel, to these organizations, like a frantic game of whack-a-mole: mitigate one risk, and another pops up.
Add in the wild fluctuations in financial markets the pandemic has caused, and organizations in almost every sector—healthcare, banking, education, and more—find themselves managing risk at an unprecedented scale and scope, and not sure what to do next.
Even those with an enterprise risk management (ERM) or integrated risk management program in place may feel at a loss.
Whose ERM plan predicted an outbreak of one of the most contagious and deadly infectious diseases in history?
Which program foresaw a crisis that touches every aspect of business and society, from pandemic preparedness to a shift to a work-from-home (WFH) business model to crippling financial losses after a decade-long period of economic growth?
Some enterprises did respond quickly to pandemic risk warnings from the World Health Organization (WHO) or the U.S. Centers for Disease Control and Prevention (CDC), taking action before the novel coronavirus even touched U.S. shores.
Other organizations delayed responding, indicating a weakness in their ERM program or a failure to activate it as they should. Either way, these organizations will need to prepare themselves for the next crisis: Because of world travel, Bill Gates has said, we can now expect a new viral outbreak every 20 years. (Gates predicted a soon-to-strike pandemic in a 2015 TED Talk.)
Before turning your attention to the long-term, though, every enterprise must take quick action to mitigate the risks it faces now. We recommend the following steps:
- Appoint an emergency response team. The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) recommends that every organization begin its COVID-19 response by designating a response coordinator and assigning team members with specific responsibilities. This team’s primary act will be to activate the enterprise’s emergency response or resiliency plan or, if none exists, to create one, starting with a risk assessment that includes production, procurement, supply/ logistics, worker safety, and financial capital.
- Backup your supply chain. What will your organization do if the production of a needed raw material or component halts because of COVID-19? Do you have a backup source of those materials or components? How will you maintain inventory and cash flow during the pandemic? These and other questions should be on your business continuity checklist.
- Tighten your security. Threat actors are busier than ever right now, working hard to infiltrate systems and networks and access your data while your attention is elsewhere. Stay vigilant. Enlist your CISO to strengthen your cybersecurity with tools such as virtual private networks (VPN), Firewall-as-a-Service software, enhanced cloud security tools, employee security awareness training, identity and access management, and other cybersecurity solutions.
- Communicate, communicate, communicate. Everyone—suppliers, vendors, board members, partners, employees, clients, customers—needs to hear from you now. They need to know what you’re doing to keep your workplace safe; how you’re protecting your business operations and finances during this crisis; what services and products you have available to them; and what you’re doing to help the community. Your public relations and communications efforts have never been more critical.
- Help your employees. This is a stressful time for many juggling home and work life, parenting children who are out of school, dealing with social isolation, worrying about the health and well-being of friends and family, struggling with reduced pay, and much more. Reaching out to assist those who work for you, including offering confidential health monitoring, will demonstrate your commitment to them and increase their loyalty to you. We are all in this together.
- Consult your attorneys and risk managers. As remote work, business facility lockdowns, and supply-chain interruptions affect your business, how are you honoring your contracts and staying compliant with regulatory and industry standards? What are your rights and responsibilities right now?
- Modernize your risk management program. The best risk management programs today use digital solutions to help with risk assessments, test controls, find gaps and issue alerts in real-time, provide detailed risk mitigation checklists, and manage workflows—all automatically, freeing you to focus on keeping your business, personnel, and customers safe and healthy during the COVID-19 pandemic.
ZenGRC performs all these tasks and more, including unlimited self-audits, audit trail documentation, and integration with all of your business applications. Contact us today for a free consultation, and embark on the path to the worry-free, comprehensive risk and compliance management.