As a global organization, Vertiv must constantly monitor and evaluate risks around the world that may impact our operations, our employees, our supply chain, or our customers. Last year, we put together an emergency preparedness checklist that reflects some crisis planning and data center services recommendations, in an effort to help companies protect their networks and ensure business continuity in the event of an emergency. As we examine the global landscape today and update those plans, it is striking just how much has changed in the past year.
Crisis Management in a World of Increasing Risk
Unfortunately, that does not mean the list of risks is shrinking. The reality is quite the opposite, with new threats emerging and adding complexity to the task of protecting our businesses, networks, and network facilities, even as those networks themselves become more distributed and complex.
A year ago, the ongoing pandemic and increasingly common extreme weather events dominated our planning exercises. Those challenges remain, but today we spend more time on civil unrest than any other single threat. In addition to the devastating destruction and health and safety concerns for those in the country and in nearby regions, the war in Ukraine has dramatic implications globally, further straining supply chains, severely restricting commerce in Ukraine and Russia, and limiting communications with employees, suppliers, and customers in those countries.
Surrounding countries are managing the influx of six million refugees fleeing the war while weighing the threat of an escalation spilling beyond Ukrainian borders. The war is taxing the systems in place and creating an environment that attracts bad actors, including cyber criminals. We have even had associates in Eastern Europe seek our input on what to do in the event of a nuclear strike in the region. As sobering as that thought may be, it illustrates just how volatile the situation is and will be for the foreseeable future. Accordingly, businesses should work to develop business continuity and disaster recovery plans for employee communication, transportation, supply chain, and workflow, while ramping up cybersecurity training at all levels.
Civil unrest isn’t limited to Ukraine and surrounding countries. We’ve seen truckers in Canada grind over-land supply chains in North America to a crawl and various demonstrations limit or cut off access to worksites and important transportation routes. The threat of mass shootings, including in the workplace, is real and must be considered, especially in the U.S.
Hybrid Work Models Challenge Traditional Crisis Management Strategies
All of this is happening in the midst of a pandemic-driven shift away from fixed-location workplaces to remote or hybrid models. That move presents opportunities and challenges in equal measure, but it unquestionably changes crisis management strategies. Tracking and communicating with employees in an emergency can be challenging. Organizations should invest in platforms that can enable critical communications even when traditional channels are down and update crisis management training so employees know how to react independently. Also, a distributed workforce means a significant increase in network endpoints, and each endpoint represents a cybersecurity risk. If your business is shifting to remote or hybrid work models, you must increase attention on network security and ramp up employee training on IT and operational security.
With proper planning, however, that distributed workforce can be an asset to business crisis management. Traditionally, a fixed site must be protected and secured, which can mean evacuations, delays, and shutdowns. This still may be the case in manufacturing environments or others where large numbers of employees are required on-site. But in majority-remote models, organizations can shift work virtually to avoid lengthy disruptions — provided they prepared ahead of time and cross-trained employees appropriately. Many businesses have been building the digital infrastructure to support work virtualization for the past two years, since the first lockdowns started. Now it can be an effective crisis mitigation strategy.
Emergency Preparedness Plan for 2022
An important note to remember in this distributed world: A remote workforce does not absolve the employer of responsibility for employee safety. Crisis management and training must continue, but you must tailor it to the person and their location to ensure their safety and the security and continuity of their work product.
Let’s look at the list we shared last year and updates we would recommend today. Visibility remains critical and collaboration with a data center services partner is an important component of successful crisis prep.
Risk assessment: This remains a critical first step, but we would add a piece to the initial assessment to identify potential mitigations or controls that could be applied. If there is an inherent risk present, could the site or some work be moved to alleviate that risk?
Evacuation plan: With more employees working remotely, businesses should introduce training to help them know how to react to a crisis independently. This could include guidance on shelter locations, Red Cross resources, and who to contact if the employee needs help at home.
Weatherproof the data center: The trend holds true here, as well. Employees working remotely should be trained on how to prepare for or respond to wildfires, floods, tornadoes, and other extreme weather events. Certain critical roles may require uninterruptible power supply (UPS) backup power or redundant internet service providers. A data center services provider can help harden data center and edge facilities against such threats.
Backup data: Again, the process changes as employees shift offsite. Automatic backups on-site may need to be initiated manually, and the mechanics — including backing up data to the cloud — should be hardened against cyber threats.
Prep for communication breakdowns: A remote workforce introduces challenges related to emergency communications. Develop lists with all available means of communication for all employees and reach out early with instructions in the event of communication interruptions. Employees should add useful apps to their phones — FEMA for emergency management, reliable weather apps and alerts — so they are informed and can act, absent instructions from work.
Emergency staffing: As we mentioned earlier, the preference today is to shift work virtually, but that still can create staffing issues for those in the organization receiving the extra work. Emergency staffing today may be tied to workload more than location.
Contact vendors: As supply chains continue to lag, businesses should consider adding vendors and suppliers to their mass notification systems to ensure critical communications are not interrupted.
Build redundancy across your team: We talked about trusting your team last year — and that’s still important — but it’s critical today to build redundancies into these teams. If one person is working remotely and can’t contribute, make sure there is a backup.
Inform first responders: Many insurance providers are asking for floorplans to be shared with first responders. It’s a good idea, and one any organization should insist upon even if the insurance provider isn’t.
Consider the opportunists: Chaos provides cover for cyber criminals. Training employees on cybersecurity best practices is more critical than ever with the shift to remote work.
As we stated in our post last year, business continuity and disaster recovery plans are collaborative efforts requiring regular updates to keep pace with changes to critical equipment and personnel. What is becoming increasingly clear, however, is that our world is changing just as rapidly, triggering corresponding changes in how we work or in how our security is compromised. Reach out to your critical digital infrastructure partners to develop relevant and holistic crisis management plans that will keep your company safe and ensure timely recovery from any incidents.