Article written by Philippa Chappell (Manager: Advisory Services, ContinuitySA)
The role of the IT department in a disaster is typically focused on the recovery of failed IT infrastructure, system, applications or data. However, COVID-19 clearly demonstrated that the role of IT can be so much broader than this.
So, what role did IT play in supporting operations during COVID-19?
Moving staff to an alternate location to support social distancing required support from IT in ensuring the correct images were loaded on recovery machines and that individuals had access to the correct applications and other supporting requirements, such as printers and scanners, to perform their day-to-day functions. Where staff were required to work remotely, IT not only had to establish the capability but support it as well. This included procuring hardware and managing / tracking the large number of company assets going offsite for an extended period; ensuring the same versions of software were being run across individual users’ machines, making it easier to load required applications or deploy necessary security controls; rolling out soft phones and virtual meeting platforms; investigating digital signing solutions and so forth. Plus, IT had the onerous task of training staff to effectively use the new technology they were being exposed to and efficiently support a workforce operating from disparate remote locations.
How the changing business landscape affects IT?
IT also has to adapt to evolving business needs – fluctuating demand patterns can be easily observed, with increased demand for products or services through digital channels ranging from online shopping, internet banking or digital conferences. These changing demand patterns increase the pressure on online platforms and place a greater reliance on digital communication. For many organisations, it also increased the volume of calls coming into contact centres in order to support online operations, as other points of contact may not be as easily accessible. As all of these things are dependent on the ICT backbone, again IT has been heavily involved in supporting these changing operational requirements.
Risks are changing, so how has that impacted IT?
IT is also largely responsible for securing the environment and the information of an organisation, which not only remains a requirement during a disaster but often needs increased vigilance. With staff working remotely there is an increased risk to the physical security of IT equipment at homes, as well as corporate information being shared over less secure networks. Coupled with the surge in cyber-crime targeted at individuals and organisations, the need to manage the security of an organisation’s data has increased.
So, how do organisations manage these new challenges beyond the immediate practical solutions that they have put in place?
IT departments have to now look at stabilizing remote solutions, considering the reliability of network connections and contingencies for power disruptions. If not already addressed, they need to supplement the remote work arrangements with tools and processes to enhance efficiency of typically office-based activities, which may include critical meetings, physical signoff of documents, and the filing thereof to meet compliance requirements.
Organisations who have seen an increased demand for the use of digital channels need to invest the resources required to adapt to changing demands and adequately support them over the longer term.
In addition, organisations must continue to secure their IT environment and information in light of emerging threats. Investing in adequate preventative measures and providing constant training and awareness to staff to ensure they remain vigilant to the cyber-risks they face. However, even the best control measures cannot guarantee that a breach will not occur. As such, while managing the various facets of a disruption, the IT department and the organisation broadly needs to remain ready to respond. This would include having a formalized response structure, identifying key-role players with clearly defined responsibilities to respond to cyber-incidents which may further disrupt operations, over and above the current pandemic. Having mechanisms in place which allow for the timely detection, notification and escalation when a breach does occur. As well as having the appropriate response procedures established which should at minimum include procedures on: the assessment and containment of incidents, the collection of evidence for forensic investigations, notification to regulators and communication with key stakeholders, details on the backup and recovery strategies in place to enable recovery of affected information and access to affected systems.
IT Managers are no longer just responsible for the recovery of IT systems in a crisis but have a much broader role to play in adapting to the new and changing needs of the business as we have so clearly seen with this latest pandemic.