What IT leaders can do to ensure business continuity

While the situation in Ukraine unfolds and sanctions against Russia are implemented, organizations around the world will be looking at what impact this will have on their operations. As IT is a critical component of the day to day functioning of all organizations, CIOs and IT leaders will be tasked with ensuring that it is business as ‘almost usual’, while taking account of some exceptional circumstances.

The impact on IT systems will vary depending on the size, geographic reach and nature of the organization. A US chain of barber shops is less likely to be impacted than a multi-national bank or retailer with operations across Europe. But the warning of an increase in cyber threats, means all organizations are potentially at risk.

SoftwareOne’s CIO Rene Nulsch believes that organizations who are likely to be impacted by this will typically have solid security controls and emergency plans in place and should focus on their standard operating procedures, like running security checks, and backup and recovery tests. But he shared these steps as a checklist for fellow IT decision makers to ensure business continuity.

Step 1: understand your position and create an impact assessment

If your organization has users or subsidiaries in the affected territories, ensure you understand the scope of the operations in those regions, the number of users involved, data centers in region and the impact all of this might have on your customer service, manufacturing, supply chains and operations.

Step 2: contact your suppliers and vendors

Contact your global service providers and integrate them into your remediation planning. Big cloud vendors and other software providers will support your crisis planning and will be able to advise on any potential issues regarding their service.

Step 3: monitor the global sanction lists with your legal team

As sanctions take effect, the flow of goods and services will need to cease. This may have an impact on your IT service delivery and digital supply chains.

Step 4: check your security measures

With a heightened risk of cyber-attack, organizations should double check that there are no gaps in their security protocols. High risk or valuable data, like ERP systems or those linked to finance or government sites, should be given priority. If any out of service software is running, identify it and ensure relevant patching is done. In addition, remind your employees to follow the basic security hygiene standards:

• watch out for phishing attacks,
• do not open unwanted attachments or downloads,
• keep credentials safe,
• do not approve unwanted MFA requests

Step 5: ensure you have a thorough backup and disaster recovery plan in place

Should your systems be attacked or go down, being able to restore and recover data is critical. Even if you have a backup solution in place, it would be prudent to check that those backup and recovery tests are being done regularly. Make sure that your backups are available in multiple geo-regions to prevent incidents driven by national firewalls or other network outages.