Enterprise decision makers know to “expect the unexpected” when it comes to business continuity (BC) planning. But the increasingly complex threat environment is challenging organizations as never before to prepare for an expanding range of incidents. Yes, traditional threats such as severe weather and active shooters are still top of mind, but BC professionals must now plan for sophisticated cybersecurity attacks, social media misinformation campaigns, event disruptions and other scenarios that demand reliable two-way notification for groups from one to many thousands.
Business continuity, IT and disaster recovery professionals are looking ahead to the most formidable BC challenges they expect to face in 2019 - and how they can rapidly notify workforces when incidents occur to minimize business and operational risk. OnSolve recently surveyed more than 300 of these enterprise decision makers on these challenges, and five in particular emerged that organizations should consider working into their 2019 BC strategy and planning efforts.
Notifying Workforces During a Cyber Breach
A global law firm made news during the June 2017 Petya ransomware attack when a photo circulated of a whiteboard message in the lobby instructing employees not to turn on their computers. The old school warning reflects the challenge organizations face to rapidly notify employees of a cyber breach.
Cyberattacks aren’t new, but the sophistication of these attacks demand that organizations have an effective way to alert employees in the early stages of a cyberattack – because after the fact is, in fact, too late. Gartner estimates that each minute of unplanned downtime costs organizations $5,600 per minute. If a network is down and computers and email are not accessible to employees, even seconds matter so that further damage isn't done (preventing employees from any action that further exposes the business).
When asked which cybersecurity threats are most likely to interrupt their ability to send rapid employee alerts, 63% of business decision-makers in the OnSolve survey said malware, 63% said ransomware, 59% indicated phishing, 54% pointed to business email being compromised, 33% said rogue software. The data affirms that organizations are concerned with attacks that can become exponentially more damaging if employees are not made quickly and fully aware of the situation. It is why 15% of those surveyed said that cybersecurity attacks are their leading concern when it comes to emergency communications and response.
Reaching Employees with Outdated Contact Information
Business continuity depends on the ability to rapidly reach the right people with the right message at the right time during an emergency or other business interruption. But employees come and go, and phone numbers change – as do the human resources and business process systems that organizations use to manage contact information.
Twenty-five percent of those surveyed said that having up-to-date employee contact information was their primary concern with emergency workforce notifications, and only 27% said they were “very confident” the contact information they did have was up-to-date. Creating an effective strategy to capture all key forms of contact information – from the time a new hire joins the company to periodic update periods – is an important first step. Among organizations using mass notification systems, 85% use email, 59% use text messaging, 52% use phone calls, 17% use a mobile app, and 13% use desktop alerts. In other words, employees receive notifications through multiple channels, and they all must be kept up to date.
Finally, notification systems that enable two-way communication offer a further check that your workforce contact information is up-to-date. With two-way notification capability, IT and security administrators can collect responses of employees to ensure they are safe or to deepen event context. They can then report the results to the emergency response team and keep a running tally of who still needs to be contacted. This is critical during severe weather events so that employees scattered in multiple locations can account for their safety.
Accounting for a Geographically Dispersed Workforce
Nearly one-quarter (24%) of businesses said their primary challenge with workforce notifications is reaching geographically-dispersed employees spread across multiple locations in the U.S. and abroad. It’s not just about having a system in place with the appropriate scale and reach, but also the ability to geo-target emergency notifications based on which regions, offices and employees are impacted. The most effective systems can geographically target only those in the path of the weather event for example, and can automatically plot contact addresses on a map – allowing administrators to choose specific areas they want to be included or excluded from an alert.
A key part of geo-targeting is ensuring that mass notification systems integrate with HR and business systems. You need to know which employees are traveling and where they are going because reaching workers isn’t just about notifying specific office locations, but also individuals on business travel.
Staying Ahead of Social Media Disinformation
A Gartner report claims that by 2022, most people in advanced economies will be exposed to more false information than true information, and that trend will likely continue as artificial intelligence grows more sophisticated in mimicking authentic video and audio news sources. CXOs and business continuity professionals must now account for the spread of disinformation – whether deliberate or unintentional – to protect people and property, as well as to ensure other stakeholders like partners and customers have real-time, accurate information. If or when disinformation threatens to impact your organization, you need to have a plan to combat it.
Social media can be an effective tool for BC professionals to not only communicate information to employees through authorized corporate and individual accounts but also to an extended group of stakeholders that can include customers and partners. The downside of social media is that the first information to hit is often what individuals will follow, which can complicate emergency response to emergency events. Countering social media misinformation is greatly aided with a designated individual monitoring accounts and posting factual updates in real-time.
Severe and Extreme Weather is the New Normal
Forty-four percent of business decision-makers said severe and extreme weather events are their leading concern when it comes to emergency communications and response - outpacing other events such as active shooters (22%), cybersecurity attacks (15%), IT outages (12%) and workplace violence (8%).
As of early October (before another round of wildfires devastated California), there have been 11 weather and climate disaster events across the U.S. with losses exceeding $1 billion each. Severe storms, droughts, tropical cyclones, winter storms and yes, wildfires demonstrate that these weather events are not confined to one region and can occur at any time of the year. As we adjust to this new pattern of extreme weather, businesses must also adjust their preparation tactics in order to mitigate risk; It’s no longer a matter of if a disaster could strike, it’s when.
Training key employees in advance on technology to mobilize crisis response teams, alert staff and suppliers, and account for personnel safety enables team members to move quickly when a crisis strikes rather than fumbling with new tools during the actual process of managing an event.
Also, implementing HR policies for employee notification, remote-work policies and information accessibility in advance of an emergency can be the difference between extreme confusion and a much smoother communication process when disaster strikes. And finally, build and maintain off-site support for business continuity so information channels remain open and functioning at all times. A cloud-based solution that isn’t tied to specific hardware or a physical location that could be impacted in this case is ideal.
While businesses can’t control unanticipated disasters, by instituting proper communication channels, planning with key business leaders, and properly preparing your organization as a whole for the top risks in 2019, businesses can greatly lower overall business continuity risks and mitigate losses.