How The Corona Virus Will Change Our Perception of Business Continuity Planning

Business Continuity Planning after Corona Virus / Covid-19
COVID-19 (Corona Virus)

When we look back at the year 2020, it will likely be remembered as the year the world stopped.  Countries all over the world have demanded citizens to stay home and only go outdoors if it is absolutely necessary.  Cities are implementing curfews and mandates that public gatherings should be limited to 10 to 25 people and violators are being ticketed for insubordination.  Businesses of all sizes are being impacted equally.

The entertainment industry has made some difficult decisions to push back highly anticipated movies like Marvel’s Black Widow and the newest installment of The Fast and The Furious, Fast 9, back from theater release more than 6 months.  Restaurants have struggled to keep the doors open and have had to resort to using Delivery Services such as DoorDash and Uber Eats to continue to stay open and there are mass layoffs everywhere.

Yes, 2020 will likely be remembered as the year the world stopped, but it may also be the year that the Pandemic that has stricken the entire world, will force us to realize having a Business Continuity Plan (BCP) is a necessity to ensure maximum preparedness.

What is a Business Continuity Plan?

In my 20+ years as an IT Consultant, the number one thing I urge my customers to implement is a Business Continuity Plan.  It is a working document that addresses single points of failure that can adversely impact the operations of a business. Businesses that have a BCP are 3x more likely to stay in business after a disaster than those without.

When speaking with business owners, I suggest to them that they should treat the document as a Plan B and a Plan C in the event a catastrophic event impacts the business.  Knowing what to do at the time of the event, could be the difference between keeping the lights on or filing for bankruptcy and closing your doors forever.

What elements are within a Business Continuity Plan?

BCP should be designed to address the most critical events that can impact the operation of a business including environmental events like hurricanes and tornadoes, power infrastructure like Universal Power Supplies (UPS) or Generators and the IT Network Infrastructure including data backup, connectivity to resources.  Although not exhaustive, these are essential and what I consider to be the foundation or starting points since most businesses have these elements in common.    

Now it goes without saying that each business or industry is different in their needs so it is important to have the feedback of the Business Owner to tailor this working document from here. When developing for a client, I like to start with asking them the question: what are the top 5 things that you are most worried about that could close the doors tomorrow.  I follow up with: what type of responses do you have in place that will address or at the very least slow down this event from impacting you.

With this information, it is easier to start a Business Impact Analysis to rank and quantify the concerns. Lastly, it is important to document who to contact in the event of something going wrong.

If a sound response cannot be provided or the business owner tells me, it will likely never happen, I typically rate that as Critical and will provide them with some recommendations on how to reduce that risk. 

Here are some other elements to consider:

  • Employees and Essential Personnel
  • Facility 
  • Pandemics and City Ordinance (more on that later)
  • Theft
  • Data Breach
  • Suppliers 
  • Distributions
  • Communications
  • Hardware or Specialized Equipment

How often should I update a Business Continuity Plan?

Keep in mind this should always be treated as a working document.  It is highly recommended that the document be revisited at a minimum once a year but also when a major event or change has occurred such as purchasing critical equipment, business expansion, change in ownership and/or opening a new facility.

Should I test my Business Continuity Plan?

In elementary school, I used to think it was so much fun to participate in fire drills.  Got to see my brother and friends for 10 minutes in other class lines and we used to get into trouble because we couldn’t stay quiet or stop making funny faces at each other.  As I grew older into High School, I thought that the drills were unnecessary and foolish. I mean, we were damn near adults and still doing what I perceived to be childish.

Much to my surprise nearly 20 years later, fire drills are still a thing and for good reason.  As an employee, the value is that it saves lives. As a business owner, it is proof of the effectiveness of the plan.  It also allows the business owner to make modifications to the plan as needed especially if it is realized that things were less than perfect.

Testing is essential, it cannot be stressed enough.  You don’t want your only experience of a network failure to be during a peak or critical period of your business.  Choose a day out of the month where your customers are least likely to feel impacted by the test. If you have another facility that can shoulder the burden while you are testing, make sure that they are both part of the plan as well as in the know when testing will occur, so that they can be prepared for the influx.

Business Continuity Planning after COVID-19 and other Pandemics?

Not to seem melodramatic, but the world seems like a scarier place after the recent COVID-19 Pandemic.  I cannot say that I have seen anything remotely close to this large scale event since 9/11, when the World Trade Center was attacked.  It’s nerve wracking to see businesses and schools go on hiatus for more than 2-months or people standing in line two miles away from the store to get toilet paper and hand sanitizer.  With more than 7000 fatalities worldwide as of the middle of March, it’s like we are living in an episode of The Walking Dead. My only hope is that when this passes, we have a better and more serious approach to contingency planning at all levels.  

Institutions with the ability to transition employees or staff to a work-at-home environment is now a must.  Promoting your clients to utilize your website for transactions and considering waiving shipping and handling costs to accommodate their demand should be considered.

Pro Tip: The additional reliance on technology will come at a cost in bandwidth.  Don’t wait until the last minute to test the network capacity. Nothing is worse than adding additional load only for it to fail. 

It’s time for us to stop making excuses on why we don’t have a BCP in place for our businesses.  These methods can seriously reduce employee anxiety and business impact without sacrificing the reputation of the company.


Drawing on over two decades of experience in the Information Technology industry, I have acquired a diverse range of roles that have shaped my distinctive outlook. Through this journey, I have developed into an accomplished authority in risk management, catering to Fortune 500 companies and small businesses on a global scale. Over the past 12 years, my primary focus has centered on empowering small business owners and insurance professionals to comprehend the ramifications of cyber incidents and effectively mitigate the risks associated with potential data breaches. My passion for cybersecurity has inspired me to create the Sage Knows IT blog. Through this platform, I aim to help small business owners and aspiring IT professionals understand the roadmap of the IT industry based on my experiences. Information Technology and Information Security are crucial for our future, and I hope my blog will motivate those who are interested in joining this ever-evolving field.

Related Posts

Title Image: AI Security Realities: Rethinking PII as the Sole Indicator

AI Security Realities: Rethinking PII as the Sole Risk Indicator

During a client meeting, I addressed misconceptions about cybersecurity, especially the notion that absence of PII equates to no risk. I discussed how cyber threats extend beyond data theft to include system vulnerabilities that could disrupt operations and impact users, citing the SolarWinds and New York Times attacks as examples. I explained that comprehensive assessments are crucial for understanding broader cybersecurity risks, not just those involving PII. Additionally, I highlighted the importance of protecting AI models from poisoning, underscoring the need for robust security measures in AI development.

10 Ways to Improve Your Math Skills for Cybersecurity

10 Ways to Improve Your Math Skills for Cybersecurity

As highlighted in our earlier discussion, The Intersection of Math and Cybersecurity, a solid grasp of mathematics is indispensable within the realm of cybersecurity. The specific demands…

The Intersection of Math and Cybersecurity - Does Cybersecurity Require Math?

The Intersection of Math and Cybersecurity

During my weekend exploration of a renowned Q&A platform, I unexpectedly encountered a question that left me intrigued. I couldn’t help but wonder if the original poster (OP) was playfully jesting or sincerely seeking knowledge. This curious moment brought forth a reminiscent smile as I recalled the age-old adage we all encountered during our early school years: “Math is fundamental to all endeavors.” However, an interesting twist emerged: Does this axiom extend its influence into the intricate realm of Cybersecurity?

Client Confidence Crisis: How Neglecting Security Practices Can Drive Customers Away

In today’s digital landscape, establishing an Information Systems Security Program (ISSP) is no longer optional but a crucial necessity for organizations. This blog post explores the vital importance of implementing an ISSP early on and understanding the factors that influence its establishment and modification. Senior management’s role in championing ISSPs is emphasized, as their buy-in and recognition of its significance set the tone for organizational security practices.

However, misconceptions and flawed reasoning often hinder the adoption of robust security measures. From the belief that “it will never happen to us” to relying solely on insurance coverage, these notions can prove detrimental to an organization’s security posture. Furthermore, assumptions that clients don’t care about security or that the cloud provides ultimate protection are debunked, shedding light on the evolving expectations and regulations surrounding data protection.

The ugly truth emerges as we delve into the constant threat of internet vulnerability scans and the risks organizations face when vulnerabilities are discovered. This post aims to dismantle these flawed mindsets, highlighting the need for a comprehensive security approach beyond insurance coverage and the importance of addressing vulnerabilities proactively.

Stay tuned for the upcoming parts of this conversation, where we will explore additional influential factors and provide insights into developing effective ISSPs. Together, let’s navigate the complex world of system security and ensure the protection of your organization’s invaluable assets.

Maximizing Email Security: Understanding the Importance of DKIM, SPF, and DMARC

Email is a crucial part of our daily lives, but unfortunately, it’s also a popular target for cybercriminals who use various tactics like spam, phishing, and spoofing to scam people. The FTC recently issued a warning to users of MetaMask and PayPal about phishing scams that are currently circulating through fake emails. The scam claims that the user’s cryptocurrency wallet has been blocked and encourages them to click a link and update their wallet to prevent the loss of their crypto. To protect email users from these threats, authentication protocols like DKIM, SPF, and DMARC are strongly recommended.

Top 10 Cybersecurity Job Sites

Top 10 Job Sites for Cybersecurity Professionals

As the world continues to rely heavily on technology, the demand for cybersecurity professionals continues to grow. Cybersecurity jobs offer high salaries, job security, and a wide range of career options. However, finding the right job can be challenging.