Category: Business Continuity Planning

Posted on

Business Continuity Planning

– or how to get the scoop of ice back in the cone and still be able to enjoy it

I have had the privilege to attend several roundtable discussions on Cyber Security and Business Continuity Planning (BCP) at the U.S. Embassy in Copenhagen in connection with Cyber Security specialists from around the world visiting the Department of Commerce.

Although I am well versed in Cyber Security I do not consider myself a Cyber Security specialist. But having established and run the global Major Incident Management department for a very large corporation, I do consider myself a Business Continuity Planning specialist and it is in that capacity I have primarily been adding value to these roundtable discussions.

Not taking the protection of your IT infrastructure adequately seriously and not taking appropriate measures to fence it off technologically and culturally (please, do not click that attachment link …) is considered an open invitation to perpetrators around the globe. They will find the cracks in your firewall and a raft to cross that moat that was supposed to keep trespassers out of your hair.

Your first priority is therefore to establish both a cultural and technological perimeter around your infrastructure – and maybe get someone externally to give a quick test before your declare yourself safe?

Having established that perimeter is critical. But companies seem to consider having purchased a Cyber Security license of sorts an all encompassing insurance policy that keeps them safe at night and their IP under lock and key. It really is not an insurance policy against productivity loss. Bad things can and will still happen. Cyber Security specialists evangelize that too.

A lot fewer companies have documented clear Standard Operating Procedures in the area of BCP – that is, the process and planning required to kick in, in the unfortunate event that your ability to run or reestablish your business functions is impaired. What processes kick in when some dormant virus breaches your security, or your offices are under three feet of water, or have no power for days, or your CEO is abducted by aliens?

BCP is AS IMPORTANT as fencing off your company technologically. The shorter it takes to return to a state of normality, the less productivity loss you will experience. If teams and individuals know how to react, and with what measures relative to the situation, you are sure to keep your board at ease and your shareholders happy.

Who is going to coordinate reestablishing normality?

Who steps in when leaders responsible for critical business areas cannot be reached or are unable to work?

What needs to be reestablished first?

My advice is to:

  • Analyse in what order you resurrect or reestablish your business functions and services – and how!
  • Make sure it also includes who is responsible for what business function, and who’s going to be the back-up – and the back-up’s back-up
  • Build playbooks and keep them current through a three to six-month revision cycle

Want to know more?

Contact:
Soren Madsen, info@leadwithpropriety.dk

Posted on

Remote management: Establishing a picture of normality

remote work

Since early 2020 permanent remote management has become a reality for managers and leaders who have never been exposed to exercising leadership without the privilege of being face to face with the employee. Remote working has become a necessity.

I have managed and led internationally, remotely, permanently, and successfully since 1996. In the late 1990s there were no real video options available and having a team conference call was a novelty that, albeit, very soon became the norm. Today, video conferencing is available through almost any device type and is used heavily in the workplace.

Remote management will challenge your EQ as a leader. If you are faced with remote management responsibilities for the very first time it is important that you start by establishing a picture of “new” normality. Consider you are now leading people who must mix and match their private life with their work life to an extent they never expected at all. You can no longer rely on your understanding of normality in a physical office setting.

To establish a picture of normality you will have to start off with a relatively high meeting frequency e.g. short daily stand-up meetings Scaled Agile style (scroll and look for DSU), and in addition make sure that you schedule individual 1:1 conversations with the staff reporting to you. If you are logistically unable to perform this communicative exercise every day from the get go, then every other day is a good starting point too.

As you progress and assess your ability to execute under the circumstances you will clearly identify whom of your employees will require more interaction to reach the desired level of productivity and who is operating more independently. Again, bear in mind that individuals performing well in an office setting may not thrive at home. This is not to say that people who require more interaction are less valuable. More interaction could be required simply due to the complexity of their current responsibilities. They might require more interaction because they need more direction and confirmation that they are moving down the right path.

Within a relatively short timeframe you should have established a picture of what can be considered “normal” in a remotely managed environment – and when you have established that you will, with an adequate quantum of EQ applied, be able to identify the anomalies you must address. To make an analogy it’s comparable to the approach the cyber threat system provided by Darktrace takes (check them out). Very coarsely explained, Darktrace is using AI to establish a picture of infrastructure normality i.e. instead of matching infrastructure events against e.g. a list of known viruses they will monitor your infrastructure against the “normality” picture and thus react to anomalies very quickly.

This is largely the same approach that you want to take with remote management. If you have been Covid-19 expelled from the office then get going now on establishing your understanding of normality, and your ability to lead through the “anomalies” will be so much greater.

My basic advice is:

  • Interaction is essential. Begin with high frequency DSUs and 1:1 conversations, and adjust as you learn what the individual requirements are
  • Listen well
  • Introduce regular team meetings with more social and culture related content to signal that you are truly interested in the well being of your staff and are ready to invest in it
  • Introduce team gamification on both business goals and cultural items. Gamification will invariably increase x-team social communication

Want to know more?

Contact:
Soren Madsen, info@leadwithpropriety.dk