Cookie theft, real-time phishing and MFA fatigue attacks threaten multi-factor authentication, which has long been considered unassailable.
Previously, permission to work from the home office was a high measure of trust and representative of new work attitude, today it has become a preventative measure just like regular hand washing. COVID-19, commonly referred to as corona virus, has led to unprecedented hustle and bustle in many companies. Some companies would prefer to send all employees in home isolation for two weeks so that they can continue to work without the risk of infecting others. There is no need to panic but there is cause for concern. It is, in fact, a good idea where it is possible to dispense with too much contact with others, if not in the interest of your own health, to protect more vulnerable people like the elderly. Employees who can work from home are already at an advantage. They can avoid public transport and shared spaces in the company significantly reducing their risk of infection.
Many companies are currently trying to significantly upgrade their home office infrastructure. But it's not that easy to provide an unpredictable number of connections. Increasing the number of connections usually means adding more hardware for the VPN gateways, and provisioning two-factor authentication is a significant challenge for thousands of users. But quite apart from scaling up VPN connections, companies can take a whole range of measures to prepare for the potential impact of COVID-19. For example, Microsoft suggests using its collaboration solution teams and describes how best to do this here.
It's easy enough to know your own core processes, products and employees and to concentrate all measures there. These key resources must be documented and included in all business continuity documents. Usually BCM (Business Continuity Management) processes deal with staying operational when physical resources are not available. However, in the case of COVID-19, the infrastructure is present but the employees are not. Even if they are not ill, they can either be in isolation or quarantine. In more drastic scenarios, public transport and long-distance transport are already expected to be cancelled. In this case, too, employees may be unable to travel to the workplace.
However, the reasons for the lack of staff are not decisive. It is important to prepare for this case. The following best practices help:
- Employee roles and capabilities must be known and covered by deputies. In general, there should be no vulnerabilities in the form of exclusive knowledge and skills in the company; people also become ill or leave the company independently of Corona. Maintaining a list of key people and their deputies should therefore be standard practice.
- Now is the time to take a critical look at working practices. In addition to obvious measures such as home office, face-to-face meetings should also be converted into online conferences and the number of employees in the office should be reduced via shift plans.
- Although no one likes to think about it, in some areas much less demand is expected in the coming weeks. Production planning and supply chain management should be prepared for this.
- Meanwhile, the importance of thorough hand washing should be a given. But few know HOW to wash their hands properly. An awareness program can provide basic information about personal hygiene and prevent infections.
- Companies should also plan for the worst case: How to respond to actual COVID-19 employee infections In this case, hardship regimes and support measures for the affected persons and their families should be planned and prepared.
- It is also necessary, however, to know who was in the vicinity of the infected person or otherwise in closer contact with them. Rules of conduct should clearly specify what is allowed and what is not allowed in the office. And of course - actually of course – there must also be sufficient hand washing and disinfecting agents in the office.
Whether long-term planning is necessary is currently dividing opinion. Looking at the DAX and Dow markets, it doesn't look like a situation that's going to last very long. However, it cannot hurt to take a look at ISO/TS 22318:2015 in the context of COVID-19, to consider how to deal with different scenarios in the medium and long term with regard to own production capacity and supply chain disruptions. If you want to see how this works in practice at a global corporation like Microsoft, you can read about the Microsoft Cloud Enterprise Business Continuity Management (EBCM) Program here.