After participating in a business continuity session around the pandemic flu scenario (a la Avian Flu), it became clear that many organizations will be left wondering what happened to their careful planning.
At the root of most failed plans are the wrong assumptions that were never challenged. Let’s explore one of those elements.
Most companies will conclude that one way to address a flu pandemic is to deploy their workforce at home. This means they’ll have VPN (virtual private network) access. What are the wrong assumptions here?
- Assuming the Internet won’t fail in some way. After all, the Internet is made up of circuits and switches and routers maintained by people. If the pandemic sidelines large portions of workforce around the world, there will be failures at various points leading to congestion. There could even be localized outages if the pandemic affects your area more heavily than another area.
- Assuming that your VPN solution will work unattended. This is pretty common. Most people assume something is simple, but it turns out quite complicated. Who will fix your VPN in your moment of crisis if your own technical staff has been adversely affected?
- Assuming someone else is responsible. Whose job is it to test the VPN? Did your IT staff assume the employee tested it? Did the employee assume it would work? Did management assume that everything that needs to be done can be done over VPN?
Those are just a few examples. What are the lessons learned?
- Have someone external to your company review your business continuity plan
- Test your plan
- Document the responsibilities
- Have a playbook that outlines your response