How to Maintain Business Continuity During High-Impact Global Situations

Mar 31, 2020 Blog Article

Changes to the global business environment can affect customers wherever they are located. Blancco provides these strategies to improve your enterprise business continuity.

Farah Mithani A tech-focused writer and editor, Farah covered topics related to cloud security, software, and hardware while working at a Fortune 500 company. She then joined Blancco as content marketing specialist. In that role, she authored data management, data erasure, and IT asset lifecycle content while supporting Blancco’s social media and email channels.

5 Considerations When Managing Business Continuity & Data Sanitization During a Global Crisis

Cutting the need for face-to-face interactions and lessening travel can be important
during uncertain times. Yet, in that situation, carrying out standard data erasure processes can become challenging, as can other aspects of normal business operations.

Here, we outline the benefits of being named an essential business, provide ideas on supporting changes in staff numbers and locations, and explain the benefits of remote erasure when you can’t access sites or assets as you normally would.

1. Qualifying as an essential business

Global crises may require quarantining of personnel and citizens to ensure the minimization of effects. This restriction can make it difficult to perform onsite processes that are required for day-to-day operations. For an organization to continue to operate, it may be vital to be classed as an essential business.

Here are some resources to find out your organization’s classification:

  1. Contact your U.S. state/regional commerce department and request clarification on your business classification.
  2. Contact your industry associations and societies to find out their recommendation for your company.
  3. Review published guidelines by the U.S. state/regional government.

The classification of a business impacts its revenue and provides a pathway through a global catastrophe. If an organization is classed as an essential business, most regions will require each employee to be provided with a letter from the company stating the “essential business” qualification and a window sticker for the employee’s car. 

2. Managing staff reductions

A major global event could cause drastic drops in revenue and require businesses to reorganize their human resources. A reorganization and accompanying layoffs would need to be in compliance with government employment laws and the internal data security policy.

The assets of an outgoing employee must be sanitized of all sensitive company data and a report generated of that erasure. In the event of remote employees, the IT assets should be accessed remotely, and the data securely sanitized with data erasure software. The employee’s mobile devices (phones and tablets) should be included with these IT assets.

The proper removal of data will protect your company from future accidental and malicious data breaches.

3. Navigating access restrictions

Data centers and warehouses should restrict all access during global crises. This action ensures the protection of data and IT assets in global facilities. This measure can also negatively impact third-party service providers and delay the conclusion of projects. It is important for service providers to work closely with their clients to discover their timeline for reactivation of such projects. Corporations may work with service providers to train internal personnel to perform and complete the projects by the agreed upon deadline.

4. Managing fallback and disaster recovery sites

As locations are impacted by global events, it is the duty of the chief data officer (CDO) to keep records of every system that contains data within the organization. This becomes troublesome when day-to-day operations must be moved to a fallback location or multiple fallback locations due to global events. 

The CDO is responsible for tracking each system in each location and ensuring each system is addressed promptly to meet the data security policy. In some events, immediate erasure may not be possible during the incident, but the secure sanitization of IT assets should be planned for. The locations should be kept secure until further access is possible.

When moving from site to site, it is recommended that systems in-transit be erased prior to transfer in case they are lost or stolen. These systems can be reimaged when they arrive at the fallback or disaster recovery site.

5. Sanitizing home office data

When employees move to a home office environment, it creates multiple data security issues. Employees should ensure that systems with access to corporate data at home are locked with passwords, VPNs, and the office doors secured by locks. We recommend the following additional security measures:

  1. Print copies should be shredded or collected and then processed at the corporation’s document shredding facility.
  2. All company communication should occur when connected to the corporation’s VPN to ensure data protection.
  3. USB drives and other devices that store corporate data or processed corporate data at home should be addressed to meet the corporate data security policy.

After the global event, employees should report to management all the devices that accessed, stored, or processed corporate data and provide an audit report of the device’s erasure and access removal. IT managers are responsible for ensuring all access to data from remote home offices is eliminated.

When it comes to business continuity and data sanitization, these steps will ensure your data is protected and minimize operational risk during a crisis.

Reinforce data protection in times of disaster. 

Download our guide, “Business Continuity & Data Erasure” for tips on how to minimize data risk during uncertain times.