Service Continuity Planning

Conclusion:

Employee empowerment is the basic principle behind activity-based working (ABW). In order to make ABW work, a company’s culture needs to shift from command and control to trust, responsibility, and empowerment. As organisations plan their return-to-office strategy, an opportunity exists to decide if workplace defaults will continue, or the lessons learned from working through a pandemic will be incorporated to accommodate a more holistic approach to getting work done.

Conclusion:

As detailed in IBRS’s 2021 Trends report, the vaccine shot will not end sporadic lockdowns. Organisations should routinely review workplace safety plans and update them based on current public health guidelines. Protective measures should still be in place.

If not already established, organisations should set up a workplace COVID-19 working group, which should include ICT representation. The working group should ensure the company’s compliance with public health recommendations, plan education, and determine how digital services will support the plan.

The Australian context for workplace vaccination policies are complicated by different privacy, duty of care and other workplace and safety regulations. This paper provides an overview of the policies that may impact management decisions as of June 2021.

The Latest

18 March 2021: Veeam released a report which suggests that 58% of backups fail. After validating these claims, and from the direct experiences of our advisors who have been CIOs or infrastructure managers in previous years, IBRS accepts there is merit in Veeam’s claim.

The real question is, what to do about it, other than buying into Veeam’s sales pitch that its backups give greater reliability?

Why it’s Important

Sophisticated ransomware attacks are on the rise. So much so that IBRS issued a special alert on the increasing risks in late March 2021. Such ransomware attacks specifically target backup repositories. This means creating disconnected, or highly-protected backups is more important than ever. The only guarantee for recovery from ransomware is a combination of well-structured backups, coupled with a well-rehearsed cyber incident response plan. 

However, protecting the backups is only useful if those backups can be recovered. IBRS estimates around 10-12% of backups fail to fully recover, which is measuring a slightly different, but more important situation than touted by Veeam. Even so, this failure rate is still far too high, given heightened risk from financially-motivated ransomware attacks.

Who’s impacted

  • CIO
  • Risk Officers reporting to the board
  • CISCO
  • Infrastructure leads

What’s Next?

IBRS has identified the ‘better-practice’ from backup must include regular and unannounced, practice runs to recover critical systems from backups. These tests should be run to simulate as closely as possible to events that could lead to a recovery situation: critical system failures, malicious insider and ransomware. Just as organisations need to rehearse cyber incident responses, they also need to thoroughly test their recovery regime. 

Related IBRS Advisory

  1. Maintaining disaster recovery plans
  2. Ransomware: Don’t just defend, plan to recover
  3. Running IT-as-a-Service Part 59: Recovery from ransomware attacks
  4. Ransomware, to pay or not to pay?
  5. ICT disaster recovery plan challenges
  6. Testing your business continuity plan

Conclusion

The COVID-19 pandemic has, in many cases, forced the workforce environment to shrink to the walls of worker’s houses for at least nine months. While some services such as shopping, online learning and telemedicine proved to be useful when made available remotely, many other services were not suitable to run effectively outside the traditional work environment (e. g. those with inadequate network capacity). Organisations should study the feasibility and cost-effectiveness of deploying additional remote services that are critical to improve business performance, increase service efficiency and reduce the cost of doing business.