You need to strengthen your disaster recovery plan in the wake of COVID-19, including provisions for remote work.
Credit unions’ response to the pandemic has showcased their overwhelming dedication to serving their members and communities, providing support and compassion during times of need. However, it also exposed limitations in a significant number of institutions’ disaster recovery and business continuity plans. While most were ready to confidently face such crises as severe weather or prolonged power outages, not enough had proper, comprehensive plans in place for a pandemic and the implications of physical isolation.
Despite hopes that the virus would die down in the summer, COVID-19 cases have started spiking again in certain parts of the country, and many states are doubling down on restrictions and beginning to shut back down. Savvy credit unions are taking action now to strengthen their disaster recovery and business continuity plans, incorporating lessons learned from the pandemic’s onset and establishing protocols and best practices for a smoother transition to efficient, secure remote working conditions.
A strong first step for enhancing disaster recovery plans is to broaden the scope of situations accounted for. As COVID-19 dramatically demonstrated, crises are not limited to natural disasters and weather events. Conducting tabletop exercises to brainstorm and discuss a wider range of potential scenarios helps credit unions better anticipate and prepare for a greater variety of future situations. These conversations shouldn’t just include executives or a certain group of employees; such exercises are most effective when there is representation and perspective from teams across the institution, including HR, legal, lending, the C-suite and beyond.
Strategic credit unions are also exploring takeaways from the pandemic, including an analysis of their successes and where they might be able to improve or streamline processes in a similar future scenario. Such challenges as physical quarantine, network limitations, spikes in fraud, call center volumes and hardware shortages can all be explored, ideally with a consensus around how these areas should be managed and approached next time.
When it comes to business continuity plans, technology partners can’t be left out of the conversation. It’s ultimately the credit union’s responsibility to ensure that all technology providers and vendors they interact with have strong pandemic preparedness plans in place as well. This is especially important for those partners that manage institutions’ critical IT infrastructure.
Credit unions must evaluate their existing partners’ preparedness and response to COVID-19, evaluating whether they were able to maintain operations even during social distancing without any negative security, service or end-user implications or disruptions. This information might prove especially useful when considering re-signing partner contracts or extending relationships.
One of the most significant disruptions caused by the recent crisis (and a variable that many acknowledged must be accounted for in updated disaster recovery plans) was the sharp shift from on-premise to remote work. Credit unions typically had very little notice from “business as usual” to the necessity for employees across nearly all departments to work from home. Organizations encountered common roadblocks, including not enough access to laptops, limited network bandwidth and an increase in cyberattacks. Because credit unions are resilient, dedicated organizations, most figured it out and had operations running smoothly in a minimum amount of time. However, now that things are starting to settle down, many are recognizing the need to have better, more thorough work-from-home protocols in place so that there is less stress and frustration next time remote work is needed.
Credit unions around the country uncovered their own best practices for working from home that prioritized enterprise and member data security. Jamie Franz, IT manager for $93 million Community Alliance Credit Union, Livonia, Michigan, shares a few ways her institution safeguarded sensitive information during the pandemic:
“Employees that worked from home participated in comprehensive training around how to decipher phishing emails and other fraudulent activity, as well as how to secure devices that connect to our network. We also made sure that security policies established in the office were extended and active in remote locations. Finally, we confirmed all devices were updated, encrypted and had anti-virus software, and we implemented strict time-out sessions for our network and core systems for extra protection.”
While COVID-19 served as a wakeup call to many organizations, including credit unions, additional focus is needed on disaster recovery and business continuity planning. The current environment is full of unknowns, and simply accounting for severe weather will no longer cut it. Credit unions that take this opportunity to broaden and boost their preparations—including implementing measures that enable smart, secure remote work conditions—will be better positioned to maintain operations and strong member service during any scenario.
Scott Johnston is EVP/COO of Member Driven Technologies, Farmington Hills, Michigan.