Risk Roundup for March and April 2020
This month’s Risk Roundup focuses on the spring fallout from COVID-19 that has impacted every business, industry, country, and individual on the planet. The pandemic pushed several risk disciplines into the spotlight, including business continuity, third party risk, cybersecurity, and data privacy. We’ll explore each one and deliver advice and guidance.
Re-examine business continuity plans
If there is one clear takeaway from the pandemic, it’s that business wasn’t ready for it. This article from Enterprise Talk in late April calls for a “deep hard relook at business continuity plans.” Organizations with business continuity (BC) plans that were prepared for a pandemic were the exception, not the majority.
On your next BC program review, pay extra attention to scenario planning and business impact analysis. For each scenario, conduct a business impact analysis. What business processes will be disrupted? If X occurs, what will it mean for Y? Plan for recovery by listing the order of requirements to restart operations, to eventually becoming fully operational.
Rethink third-party risk
Many companies have spent decades making supply chains more efficient. COVID-19 is causing organizations to rethink that strategy and focus instead on the resiliency of their supply chain network.
More than 20 meatpacking plants in the Midwest closed due to the coronavirus, only to be deemed essential and ordered to reopen by an executive order, as reported by Market Watch. Any company with supply chains or third parties critical to business is at risk. Many companies are considering diversifying suppliers and upgrading the assessment process. It’s also an opportune time to step up communications with third parties, as they are businesses too, with many of the same challenges as your organization.
Make cybersecurity more secure
Shelter in place this spring has meant working from home—by the millions. Cybercriminals have taken notice. Phishing, malicious spam and ransomware have all spiked with attackers using COVID-19 to entice opens and leveraging brand names to hook victims.
Work from home isn’t likely to go away in the short term or the long term. Company IT departments face a distributed workforce and must ensure security. HR will need to update policies and train employees on cybersecurity while remote working. The best way to prevent an incident is to identify and address risk.
Take privacy seriously
Along with a greater risk of cybercriminal activity, shelter in place has also given rise to new data privacy concerns. The poster child for this is the Zoom videoconferencing app that is the most popular option for meetings and events online. Users have experienced “Zoom bombings” where hackers enter chat rooms without permission and cause trouble.
Maybe your business isn’t a hot startup like Zoom, but you may still have privacy concerns. It could be compliance with GDPR, or on July 1, CCPA, California’s data privacy regulation, begins its enforcement. In the U.S., Europe, and Asia, privacy regulations are on the books, and compliance is mandatory. If you’re new to privacy regulations and compliance, start with common privacy frameworks like ISO 27701, NIST 800-53 V5, and CIS Top 20.
That’s our roundup of major risks that occurred in March and April of 2020. It’s been a spring of COVID-19 impacts on every aspect of everyday life and business. We’ll be back in July with a roundup of risks from May and June.
For resources on business continuity planning, download our Business Continuity Tool Kit.
For more on managing third parties, watch our webinar, Managing Third Party Risk Before (& After) a Pandemic.
Compliance departments are seriously challenged these days. As business swirls in response to COVID-19, compliance has taken a back seat. That can lead to trouble—violations, fines or both—due to missing deadlines. Management, in a questionable move, may ask compliance to do something taboo. Instead of reading a half empty glass post designed to help compliance deal with these challenges, they instead get a half full glass post that is brimming with optimism for compliance’s role during COVID-19.
In many ways, global supply chains are in the crosshairs of the global pandemic. We share three strategies you can pursue now to be ready for when business starts to recover.
While the coronavirus has dominated news cycles, other notable events occurred around a number of new rules, regulations and guidance, from California’s data privacy regulation to NIST data privacy framework and SEC guidance on cybersecurity for financial service firms.