Business Continuity Planning - How Technology Helps You Cope With Unexpected Key Staff Absence

A series of events over recent months has highlighted how businesses could find themselves suddenly and unexpectedly without the services of key staff, possibly for extended periods of time. For example, publicity during 2009 for the anticipated swine flu pandemic showed that government response to such an escalating situation would be to close schools. This would leave large numbers of parents unable to attend their normal place of work.
It is vital that businesses prepare for these events, by evaluating the risks to their operations if key staff cannot get to their normal place of duty. However, once the risks are understood, it is wholly feasible to select and deploy a range of technical solutions to mitigate those risks.

1. Equip your key staff to work off the premises -- many of your key workers may already be equipped with laptops and smart phones, to fulfil their day-to-day responsibilities. Do they need to be given additional equipment? 3G dongles or modems? Would it be wise to provide more key staff with laptops and smart phones?
2. Make sure your key staff are set up to work from home -- As well as providing the necessary equipment, you need to be sure that home workers have adequate facilities. The UK's offers Chartered Institute of Personnel and Development offers advice on how to help staff set up to work from home and how to manage their remote contributions.
3. Make sure your key staff have access to audio/video conferencing and online meeting facilities -- Providing access to an audio conference bridge is easy to set up. You can relay the bridge details by mobile phone or email as needed. Where staff need to use this facility with customers or partners, they'll need their own bridge account with your supplier. There are a range of online meeting systems, such as Microsoft LiveMeeting, Citrix GoToMeeting or Cisco Webex. Many organisations ban the use of Skype on corporate networks, but in an emergency, it's simple to use and many people already have access from their home PCs.
4. Rethink your admission control for personal devices -- Organisations are understandably reluctant to let staff use personal devices (PCs, smart phones) to access the corporate network. But, in an emergency, this could be the only way to reconnect key workers, who can't make it into the office. Consider whether you can pre-approve home PCs for some key staff (Do they have up-to-date anti-virus/spyware? Is Windows Update turned on?) and relax network admission controls to allow their use in an emergency
5. Decide how you'll cope with the additional connections through your VPN gateways and firewalls -- The likelihood is that your contingency plans will mean a large increase in the number of staff access the corporate network from outside. It's wise to hold discussions with the vendors of your perimeter security solutions beforehand, to decide how any short term licence "overdraft" can be handled.
6. Make sure that deputies can access all the data they need in the absence of key staff -- This is a procedural issue, to provide elevated access privileges to those staff who will deputise for missing key workers. The procedures for requesting and approving elevated privilege, and for "break glass" access in a fast-developing emergency can be built into your identity and access management systems.
7. Consider how you can arrange for collaboration on key project information -- You can organise information in Microsoft OneNote and synchronise it between an office PC and a laptop, using cheap (or free) cloud based services. More recent developments allow synchronisation of the notebooks to an iPhone or iPad, using either cloud based or wi-fi based services. In the corporate environment, collaboration using OneNote notebooks can be managed through the (increasingly ubiquitous) Sharepoint Portal. Using a combination like this, the key information needed for critical activities is shared between all the members of your team and can be accessed almost wherever they are. For now, the solution for iPhone is limited to read-only, but that editing of notebooks via iPhone is about to enter public beta testing.

One final thought -- like all contingency plans, you need to test your arrangements. There are bound to be things you've forgotten and you'll only find out what they are when you do it. The well-known online tech news website Silicon.Com organises periodic "work from home" days, where all the editorial staff stay out of the office and they try to run the business day as normal. It's an excellent way to find out what works and what needs tweaking.

Tom Mellor is owner and Principal Consultant of Portsmouth, UK based enterprise security consultancy Identigrate UK. Tom's career in IT spans more than 30 years, covering infrastructure management and service management as well as enterpise security. For more than 10 years, Tom has led global programmes in Identity and Access Management, Security Event Management and Cyber Security.