Women putting on face mask while at work.

Critical Security Risk Guidelines for COVID-19 Recovery and Reopening

/in /by

Government officials, professional sports organizations and business owners alike are under increasing public and economic pressure to reopen their literal and figurative doors. Whether they elect to do so this week or months from now, they need to be prepared for a new normal.

As a security professional, how do you contribute to a reopening strategy that’s complicated by health concerns, the ongoing risk of contagion and a public that ranges from overly eager to apprehensive? You have a duty to help your organization re-establish operations in a manner that instills confidence among employees and customers, as well as steels their organization against the ongoing risks of COVID-19.

To help you set the foundation for a reopening strategy, our security risk and threat experts have developed recommendations organized into the following categories:

1) Workforce Wellness
2) Business Continuity and Emergency Management
3) Post-COVID-19 – Business Is Anything but Usual

Workforce Wellness

#1: Prepare your employees for what the ‘new normal’ may look like.

Your employees need to feel confident that they’re returning to a workplace that is safe and prepared, but they may not be as ready to transition into the new normal as they think. Consider the impact social distancing requirements – that some experts estimate may need to be maintained until 2022 – will have on everything from floor plans to workstations and common areas.

Tactics and devices that two months ago would have seemed invasive will need to be normalized. Bluetooth-enabled wristbands that alert workers if they get too close to each other, thermal heat sensors that detect if someone is running a fever, and mandatory restrictions on coming to work while ill can all have an effect on workforce morale. Even when following best practices, employers can run the risk of hindering productivity and creating resentment in the workplace.

To overcome these challenges, your organization should have a clear, transparent Pandemic Recovery Plan that outlines key protocols and procedures for returning to work – and what to do when someone becomes ill afterward. Tell your employees about it. Start preparing them as early as possible for the changes they will see when they return to work. This should also help you return to expected levels of productivity sooner.

Person holding sign that says "avoid contact with sick people" Covid-19

#2: Don’t ignore the ‘silent pandemic.’ Publicize mental health resources as part of your recovery efforts.

Post-traumatic stress disorder (PTSD) is commonly seen following crises. The negative impact COVID-19 can have on mental health has been coined the “silent pandemic.” A recent poll by the Kaiser Family Foundation found that 45 percent of U.S. adults reported increased worry and stress over the virus. Past studies show that similar pandemics, like Ebola and SARS, resulted in long-term trauma, including depression, anxiety and post-traumatic stress disorder (PTSD). Take advantage of May as the Mental Health Awareness Month to open a dialogue with your workforce about mental health or substance abuse issues and how they may have been exacerbated or even caused by COVID-19.

Make sure your employees are aware of the resources they have to help individuals struggling with trauma and stress, including employee assistance programs (EAPs), tele-therapy services that may be covered by insurance and mental health awareness training. In some extreme cases, mental health issues can increase the risk of workplace violence.

Training is an excellent way to empower your entire workforce to identify and assist someone who may be on a path toward hurting themselves or others. We offer our clients mental health awareness training that give employees the knowledge they need to recognize if someone is struggling – and outlines the protocols they can follow to get that person help.

#3: Revisit your workplace violence prevention programs in light of new stressors.

Another unfortunate result of the stress brought on by a global pandemic is a heightened risk for workplace violence. The pathway to violence is the result of a complex ecosystem of internal factors and external stressors all of which could have been intensified by COVID-19. Even when employees are working remotely, the warning signs of violence can be readily apparent to employees who are trained to recognize them.

As teams report back to their respective workplaces, it’s even more important to reinforce the reporting process for behaviors of concern. It’s also a good idea to conduct training to refresh employees before they transition back into the workplace. Online workplace violence prevention training is an excellent way to prepare employees ahead of their return to work.

#4: Assess whether you and your family are ready to tackle the next year. After all, prevention begins at home.

If coronavirus has taught us anything, it’s that the public can work together to save lives and flatten the curve. You have the power to protect others, yourself and your family, and we want to make sure that you can continue to do so with best practices on your side.

When working with private clients or executive protection engagements, we help families gain assurance that they are prepared for the future. A family emergency management plan is a great place to start and can include guidance on family relocation, communications and supply stockpiling. We also suggest fortifying household cybersecurity, especially as hackers and other cybercriminals step up their attacks in light of COVID-19.

Ensuring you have critical supplies at home is a key focus of family emergency planning. We also help clients ensure their safety while traveling, something that’s taken on an entirely new meaning since the pandemic began. Whether we are talking six months, a year or beyond, the risk of illness or disease outbreak adds another layer of complexity to travel safety. Having a safe-travel plan that details potential hazards and critical support resources will be a necessity for international and domestic travel moving forward.

We also help clients ensure their safety while traveling, something that’s taken on an entirely new meaning since the pandemic began. Whether we are talking six months, a year or beyond, the risk of illness or disease outbreak adds another layer of complexity to travel safety. Having a safe-travel plan that details potential hazards and critical support resources will be a necessity for international and domestic travel moving forward.

Business Continuity and Emergency Management

#5: Make – and keep – pandemic preparedness a team effort.

As part of COVID-19 response initiatives, some organizations convened committees or teams to track and implement responses to this crisis. These teams were likely made up of heads of security, human resources leaders, communications and other key departments. Even as the nation transitions into a recovery phase and outbreaks subside, these teams need to remain diligent. Team members also need to return their attention to their “day jobs.” What many firms will find is that identifying a permanent team member to handle this function, typically within the security or emergency response team, is necessary to manage the ongoing demands of disease outbreaks.

Until a vaccine is readily available, COVID-19 will remain a health risk and it’s not likely to be the last one. Two of the many lessons COVID-19 is teaching the world are:
(1) how to prepare for a global pandemic, and
(2) that being ill-prepared can have devastating consequences.

To that end, organizations should have experienced emergency and pandemic response teams – either in- house or as external consultants – readily available to help them mitigate the future impact of potential outbreaks.

For example, employers need to know how to reintegrate the “certified recovered” (i.e., the people who are immune to the disease) before those employees who may be more vulnerable. Employers may need to reevaluate the physical layout of their offices as well.

Office showing phsyical layout that spreads people out.

#6: Prepare for a natural disaster in the context of a pandemic with an emergency management plan.

Forecasters predict that at least 23 states will experience severe flooding this year. Federal forecasters are warning of major flooding, a particularly rough hurricane season and a longer fire season – all of which is due to occur during COVID-19 response and recovery. With an event like Hurricane Katrina as our guide, we can learn how a lack of coordination and profiteering can contribute to a response that leaves the most vulnerable behind.

But industry leaders have an opportunity to prepare for these extreme weather events now – and potentially leverage their existing COVID-19 protocols in the process. There are many factors to consider –for example, how do you tell people to evacuate if they have been sheltering in place to avoid the virus – but an emergency preparedness plan can account for all those variables.

For example, employers can:

  • Update emergency response plans to account for anticipated COVID-19 resource losses
  • Leverage technology to develop a virtual emergency response team
  • Host virtual emergency response meetings while employees are sheltering at home

Post-COVID-19 – Business Is Anything but Usual

#7: Mitigate disruptions to your business with stronger supply chain due diligence.

The COVID-19 pandemic has disrupted established supply chains and vendor relationships. As state and local governments, healthcare systems and private companies try to navigate what has been described as “the wild west” of purchasing, organizations are dealing with “people we would never normally do business with,” as one client stated.

As people go back out into the world, the need for personal protective equipment (PPE) will continue to expand beyond the typical users. The average business will need ready access to face masks, disposable gloves and cleaning supplies in quantities that may not be available from their usual vendors.

We are now working with clients to conduct expedited, targeted vendor due diligence investigations that go beyond a “check-the-box” watchlist screening. Companies need meaningful information about vendors, often within hours of a request. These vendor due diligence investigations provide our clients with a much-needed level of assurance when they are under pressure to secure supplies. These investigations also signal when it’s time to look for a new source.

#8: Re-evaluate the effectiveness of physical and technical security measures.

Cybersecurity professionals across the globe have banded together to combat unrelenting phishing attacks. With many workspaces still cleared out because of COVID-19, some of our clients are taking this opportunity to conduct in-depth re-evaluations of their physical and technical security capabilities.

An empty or near-empty facility provides a clean slate for our security experts to conduct technical counter-surveillance measures (TCSM) sweeps, perform penetration tests to identify vulnerable access points, assess the effectiveness of video recording equipment and examine other security and safety measures, especially those that relate to a pandemic preparedness plan. It’s also much safer for our team and our clients as we’re able to do all this without coming in close contact with employees.

This is also an opportunity to train, or retrain, your workforce on security protocols. It could be as simple as an emailed update reminding people to stay diligent about access points or, if your facility is more accessible or higher risk, a short security awareness training course that reinforces your security measures and how employees should respond to a potential breach.

#9: Ensure cybersecurity strategies are adaptive to the lockdown-relaxation cycle.

Until a vaccine is readily available, outbreaks in various hotspots could trigger more lockdowns after social distancing is relaxed more broadly. This means that, at any given time, employees may need to start working from home at a moment’s notice. Make sure your cybersecurity training reinforces the importance of diligence no matter where an employee is located. As people shift back into on-location working environments, now is the time to work with your cybersecurity vendor to increase bandwidth, expand data centers or implement virtual private network (VPN) protocols to help keep your firm’s data and intellectual property secure.

Conclusion
The world we will all emerge into is dramatically different from the one we knew weeks ago, possibly even a few hours ago. Organizations need to respond to and evolve with an environment that may appear out of their control, which is why it’s so important to focus on the things we can control. These recommendations highlight critical areas of safety, security and prevention that can set you up for a successful recovery strategy – no matter what the future holds.

For help developing and implementing your recovery strategy, contact us.