10th March 2020 As we patiently observe our governments and our national press lavishing their attention on the potential impending doom of the pandemic, we as business people go from day to day in the hope we can continue to operate and that all will be well in the long run. Some of us may think that all we can do is sit, watch, wait and then react but that isn’t the case. We can do any and all of the following too; 1) Debate the power of the global press 2) Create conspiracy theories 3) Question the authenticity of our news 4) Allow ourselves to imagine the possible bringing down of the global economy 5) Do nothing, OR 6) Consider the reality that there is a wealth of scenarios that could bring our businesses down at any moment. Whilst we watch the news with interest, my job is to retain my focus on the latter. That is the responsibility of a business leader whose core business activity is to provide its customers with the telecommunications and IT infrastructure to keep it up and running. So, whether you believe a pandemic status is imminent or not let’s play out the need to anticipate and prepare for the impact Corona-virus may have on our business. Let’s start right at the beginning with rule number one – we at Bamboo Technology Group must be resilient ourselves to ensure we continue to provide our customers with the critical operational service they have come to expect from us. How do Bamboo do it? The Operational Board has carried out the latest Business Impact Analysis (BIA) to identify and test our critical activities and suppliers. It is a frequent exercise we undertake as the challenges of cyber-attacks, adverse weather and public health issues can affect our business at any time. For Covid-19, it’s simple, we’ve pulled forward the review. Anticipate – what should we expect? We always do our best to anticipate the challenge and for the current situation we are considering closed offices, extensive parental leave, remote work-forces, enforced isolation, general ill-health and increased cyber activity. The team have been running threat-based exercises to see how we will continue to operate with a reduced workforce and potential disruption in our supply chain. This has involved both testing and adapting of our business continuity plans. Prepare – what else is important and what action should we take? We do our utmost to prepare properly so we know we can ‘flick the switch’ when we need to. Here’s how we have been preparing since the news broke. 1) Communicating frequently with our suppliers to anticipate any disruption in our supply chain is vital. Reactive service is okay but when the impacts become severe in limited time frames it is harder to react so preparing fail-over, tightening internal controls and customer messaging that is ‘ready to go’ is key. 2) Evaluating our home working and lone worker policies and processes is also essential. We have carried out a threat and vulnerability assessment on our home-working telecommunications and IT Infrastructure – stress testing our Cyber security plans and exercising our (remote working) incident management team (using the NCSC exercise in a box). 3) Ensuring compliance protocols don’t slip is important in all business continuity plans as the regulations don’t go away just because home/remote working is enforced. Data access is essential but shouldn’t be a vulnerability,. We’ve been keeping our compliance team busy by completing a Data Protection Impact Assessment (DPIA) to ensure we continue to be GDPR compliant and that our customers data remains secure in this potential period of disruption. 4) Ensuring our workers have the access, hardware and communications tools they need to make it happen is a ‘no-brainer’, so we checked our resilience structure and hardware provision to be sure. Respond – what do we know that the press hasn’t told us and how do we act? In addition to the current situation we have also considered other potential threats. We have great cyber threat intelligence tools and using these we are seeing an increase in activity from organised cyber criminals who are using the Covid-19 virus as an opportunity to commit more crime. Our response – we have upped our Cyber security and testing of our IT continuity plans. Spear phishing is on the increase too as cyber criminals use Covid-19 as an opportunity to deliver their malware. So, awareness training with our staff and stakeholders has been critical in increasing our Cyber security. Again, we are using the free guidance and resources provided by the NCSC. We understand the threat will increase as more of people work from home. Adapt – how are we changing to deal with the heightened threats to our business? Taking a proactive cyber security stance is wise if we want to be able to respond to the increase threat level. As a technology focused provider, we are always making sure we are on the front foot. Thus, we have the capability through our partners and platforms to monitor all our IT systems for unusual activity and immediately identify failed attempts to access our network from anywhere in the world. We are using AI technology to detect attempts on our network which allows us to respond immediately to any threat and patch any vulnerabilities – this is known as the block and tackle approach. What next? If the threat level changes, we will be increasing our penetration testing on our networks with a platform that internally searches for our vulnerabilities. This platform uses similar software and tactics that any cyber-criminal would use to find a network’s vulnerabilities. Internal Communications What are we doing for our staff to keep them appraised and in the real world? We are communicating with our teams to ensure that they know their well-being is paramount to us and what to expect from Bamboo. Fourteen days of isolation and uncertainty is a possibility, so connectivity and communication are going to be critical in supporting each other through this disruption. By testing our business continuity plans, communicating with all our stakeholders and identifying the risks that the Covid-19 potentially brings we have been able to adapt our risk management plan and put new controls in place as we look to absorb the impact of any disruption this pandemic might bring. But most importantly, we ensure we can continue to service our customer needs through these uncertain times. If you would like to know more, I am discussing how to increase your business resilience on 25th March at the C2S Leaders workshop.