Preparing for the unexpected with crisis planning

It’s common knowledge that no organisation is ever safe from disruption, and that a company’s data centre strategy is paramount in keeping operations running and businesses open.

Therefore, it goes without saying that data centre providers and managers are committed to continuously monitoring and evaluating risks around the world that may impact operations, employees, supply chains and customers.

Last year, Vertiv put together an emergency preparedness checklist that reflects some crisis planning and data centre services recommendations, in an effort to help companies protect their networks and ensure business continuity in the event of an emergency.

But just a year on from devising these plans, it’s striking how much the world has moved on. So, let’s look at the current pressing risks to business, and how companies can prepare for what lies ahead.

The threat of civil unrest tops the list of business challenges

Whilst a year ago, the ongoing pandemic and increasingly common extreme weather events dominated our planning exercises, today we spend more time on civil unrest than any other single threat. In addition to the devastating destruction and health and safety concerns for those in the country and in nearby regions, the war in Ukraine has dramatic implications globally, putting further strain on supply chains, severely restricting commerce in Ukraine and Russia, and limiting communications with employees, suppliers and customers in those countries.

The war is taxing the systems in place and creating an environment that attracts bad actors, including cyber criminals. It’s an ongoing and increasingly volatile situation, and sadly will be for the foreseeable future. Accordingly, businesses should work to develop business continuity and disaster recovery plans for employee communication, transportation, supply chain, and workflow, while ramping up cybersecurity training at all levels.

Sadly, civil unrest isn’t limited to Ukraine and surrounding countries – we’ve seen truckers in Canada grind over-land supply chains in North America to a crawl and various demonstrations limit or cut off access to worksites and important transportation routes.

Dealing with mass hybrid working strategies

Even though businesses are getting back to normal post-Covid, the knock-on effects of the pandemic haven’t gone away totally – and the widespread shift away from fixed-location workplaces to remote or hybrid models continues to cause challenges, not least tracking and communicating with employees in an emergency. Organisations should invest in platforms that can enable critical communications even when traditional channels are down and update crisis management training so employees know how to react independently.

What’s more, a distributed workforce means a significant increase in network endpoints, and each endpoint represents a cybersecurity risk. If your business is shifting to remote or hybrid work models, you must increase attention on network security and ramp up employee training on IT and operational security.

An important note to remember in this distributed world: a remote workforce does not absolve the employer of responsibility for employee safety. Crisis management and training must continue, but you must tailor it to the person and their location to ensure their safety and the security and continuity of their work product.

Putting plans into action

So, there’s plenty to consider in the world of business continuity, and the good news is that we can also provide a guide to the components of successful crisis preparation:

1. Risk assessment and the Business Impact Analysis (BIA): The critical first steps for a comprehensive recovery strategy. Perform the BIA to determine critical business functions and a risk assessment to identify potential mitigations or controls that could be applied. If there is an inherent risk present, could the site or some work be moved to alleviate that risk?
2. Evacuation plan: With more employees working remotely, businesses should introduce training to help them know how to react to a crisis independently. This could include guidance on shelter locations, Red Cross resources, and who to contact if the employee needs help at home. Take advantage of weather and emergency phone apps, these apps keep employees aware of potential weather and civil unrest concerns so they can prepare.
3. Weatherproof the data centre:  Employees working remotely should be trained on how to prepare for or respond to extreme weather conditions, which are becoming more common across the globe. Certain critical roles may require uninterruptible power supply (UPS) backup power or redundant internet service providers – and a data centre services provider can help harden data centre and edge facilities against such threats.
4. Backup data: Again, the process changes as employees shift offsite. Automatic backups on-site may need to be initiated manually, and the mechanics — including backing up data to the cloud — should be hardened against cyber threats.
5. Preparation for communication breakdowns: A remote workforce introduces challenges related to emergency communications. Develop lists with all available means of communication for all employees and reach out early with instructions in the event of communication interruptions.
6. Emergency staffing: The preference for many companies today is to shift work virtually, but staff on site may still be required – and needed immediately.
7. Contact vendors: As supply chains continue to lag, businesses should consider adding vendors and suppliers to their mass notification systems to ensure critical communications are not interrupted.
8. Move away from a single vendor approach: Critical business functions should have more than one vendor in place in the event that vendor has a supply chain issue. Don’t single source vendors, instead have two to three vendors in your recovery plan to provide products and services.
9. Build redundancy across your team: At Vertiv we talk a lot about trusting your teams and that’s still important — but it’s also critical today to build redundancies into these teams. If one person is working remotely and can’t contribute, make sure there is a backup.
10. Inform first responders: Many insurance providers are asking for floorplans to be shared with first responders. It’s a good idea, and one any organisation should insist upon even if the insurance provider isn’t.
11. Consider the opportunists: Chaos provides cover for cyber criminals. Training employees on cybersecurity best practices is more critical than ever with the shift to remote work.
12. Test your plans: Vertiv has increased testing of plans twofold this year and is expanding on the types of tests we perform, for example, we are adding more shelter in place and speed drills to crisis response. Testing does not need to be complicated but is the best means to get recovery plans communicated.

Ultimately, business continuity and disaster recovery plans are collaborative efforts requiring regular updates to keep pace with changes to critical equipment and personnel.

What is becoming increasingly clear, however, is that our world is changing just as rapidly, triggering corresponding changes in how we work or in how our security is compromised. And planning and strategising for an uncertain future is now more important than ever.