Skip to content

Responding to COVID-19 A Client Success Story

  • 5 minutes
Starting in January, companies around the world were faced with a mysterious disease that quickly morphed into the Covid-19 pandemic. This research report highlights some thoughtful, timely, creative, and well-executed steps that one of our healthcare clients has taken that we believe will be helpful in guiding your own ongoing response:

Customers

It goes without saying that your customers are the most vital part of your business. Here’re some ideas about how they can be creatively engaged in these uncertain times:

– Communicate across new channels

  • Besides the usual channels of emails, websites, mailers, where carefully crafted messages were delivered periodically, inhouse experts in medicine and patient management were utilized to create concise and informative Video messages, which were then distributed widely
  • Spearheading a social media challenge, our client leveraged a custom hashtag and TikTok to engage young people all over the world resulting in more than 2.5 billion views - one of the largest brand campaigns the platform has seen to date
– Collaborate with new partners
  • Our client already had a popular mental health application suitable for most digital platforms. During the current crisis, they decided to make it free for all members.

– Call and reach out

  • Our client made sure to understand their members and proactively reach out to the most vulnerable to provide support services for those that might have been struggling to pay for necessities such as food
– Think outside the box when it comes to approaching and engaging new entities
  • The company cold-called dozens of the largest retail and apparel companies to coordinate and facilitate the delivery of PPE and other life-saving equipment around the country.

– Go big when possible: Facing long waits for outsourced COVID-19 test results, our client leveraged existing capabilities to build and staff its own state-of-the-art lab capable of performing 10,000 tests a day

– Built and deployed a “Volunteer Portal” to help coordinate projects and organizations needing volunteers with individuals with the needed skills and availability.

– Made tools available that allowed for a COVID-19 “self-assessment”

– Implemented a chat feature to provide for and enhance e-visits.

Your employees are also dealing with a new work-from-home paradigm. Some key considerations for the new work and employee-employer relationship:

– Validate and vet the set of tools to be used, when to be used, how to be used; and anticipate the volume. Host training sessions around tools.

– Clarify tools to be used and to be avoided.

– Ensure that data in transit is protected and encrypted when necessary using encryption in transit tools (e.g. VPNs, SSL, HTTPS, et. al.)

– Don’t forget the impact to speed and connectivity issues for communications now that ISPs are being stretched due to additional traffic (should you consider easing timeout or retry restrictions?)

– Put in changes to maintain security, and integrity of the network, all while ensuring the stability of the environment. For example, our client:

Staff

The company’s staff were the front-line of response and adaptation, and innovation with them was critical.

– The organization helped socialize how many unplanned expenses there would be. It may be too late during a crisis, but preparing for such an eventuality is what Governance and Risk Management is about

– Proactive hiring: While putting new hiring on pause may be the first reaction, understand that this is also the time to find talent for that hard to fill post, or for the business opportunities that are going to arise after the worst is over

– Care for the current employees. Our client launched two new programs consisting of:

Technical

Securing your IT is now more critical than ever. Even without the rise in risks due to Covid19 related hacking attempts, now is the time to ensure your system reliability and security. Here are some points to consider:

– Should you consider a Change Freeze? Stopping all non-critical development allows you to focus on mission-critical items and push out less important changes to a future date

  • Define what a Change Freeze implies
  • What is the approval/ denial process and ownership structure?
  • What is exempt?
  • Develop a new timeline

– Conversely, can resources that have been made idle due to change freezes, the shutdown of non-critical functions, etc. be tasked with addressing technical debt and refactoring activities that may be impractical while systems are running at or near capacity?

– Start monitoring types of attacks (phishing, malware, imposters, for example)

– If possible, obtain the business continuity plans of your vendor partners to find ways to work together and ensure the security and stability of your supply chain.

– Keep your environments stable: Are you prepared for the extra bandwidth and security required for staff working from home?

– Plan for quick lifting of the change freeze to prevent future business impacts

– Proactively test applications and infrastructure to ensure they can handle the surge that will be happening when businesses, members, clients, and others start coming back online.

– Review and modify applications and workflows to improve efficiency and delivery in the new “work from home” paradigm.

Your employees are also dealing with a new work-from-home paradigm. Some key considerations for the new work and employee-employer relationship:

  • Validate and vet the set of tools to be used, when to be used, how to be used; and anticipate the volume. Host training sessions around tools.
  • Clarify tools to be used and to be avoided.
  • Ensure that data in transit is protected and encrypted when necessary using encryption in transit tools (e.g. VPNs, SSL, HTTPS, et. al.)
  • Don’t forget the impact to speed and connectivity issues for communications now that ISPs are being stretched due to additional traffic (should you consider easing timeout or retry restrictions?)
  • Put in changes to maintain the security and integrity of the network, all while ensuring the stability of the environment. For example, our client:
    • Added firewall blocking to block selected sites (AV, Games, etc)
    • Increased security classification policies to segment devices
    • Identified managed vs unmanaged devices to understand who is coming online remotely
    • Enabled Global Protect Split tunneling for Office 365 network traffic, in order to offload traffic from corporate networks
    • Made network engineering upgrades that allows for Teams video to be carried separately on the network, while preserving bandwidth for critical business needs

– Increase capacity in various areas for the remote workforce:

  • Increase reserve capacity for critical applications and infrastructure
  • Enhance email infrastructure for secure file transfer in mail transport agents for capacity
  • Revisit and simplify access process and access for remote user onboarding requests
  • Closely monitor VPN utilization

Author

Kunal Nagpal

Kunal Nagpal

Releated Posts

April 2, 2024 / Biljana Cern

Cybersecurity Risk is a Board-Level Issue

Elevating Cybersecurity: A Strategic Imperative for Boards This presentation addresses the imperative of understanding and managing cybersecurity risk at the board level. Despite the growing threat landscape, only
Biljana CernBy Biljana Cern
March 25, 2024 / infoedge

Taking the Temperature on AI’s Impact on Cybersecurity in 2024

A cornucopia of infosec insights to chew on these Holidays. In this episode, we carve up concerns around increased specialization and silos forming between red, SecOps, and compliance
infoedgeBy infoedge
March 15, 2024 / Biljana Cern

NIST CSF 2.0: Making CISO’s Lives Easier with the New Govern Function

The National Institute of Standards and Technology (NIST) has recently unveiled Cybersecurity Framework 2.0 (CSF 2.0), marking a significant advancement in cybersecurity risk governance practices. This updated framework,
Biljana CernBy Biljana Cern