Russian and Ukraine escalation
Preparing for civil unrest & incursions is a reality for resilience professionals. Community agitation incidents are now the norm, whether from COVID-related protests, civil disobedience, or politically motivated riots. Tensions are escalating on the Russian-Ukrainian border this month. Many expect that an invasion of Russian forces into Ukrainian territory is imminent.
Sadly, being ready for situations like this are necessary for today’s Resilience professionals. When thinking about preparedness for these types of events, you want to look at four critical areas: employees, operations, third-party vendors, and technology impacts. Your organization needs to be ready for external discord. Programs must be adaptable to outside forces to achieve organizational plasticity.
Employee safety first
In situations like these, it’s your role to advise leadership on actions regarding employee safety and wellbeing. The security of employees is a top priority. You should analyze if any of the company’s workforce resides in the identified risk area. Don’t forget to consider any evacuation or shelter-in-place needs, including family members or housemates. Many companies take a Duty to Care approach to guide you in these situations.
Next, leverage your crisis communications team to review existing templates aligned with the situation and be ready to update them for distribution. It’s helpful to assess the status of any ex-pats with your global mobility team. Identify any travelers scheduled to be in the area of concern; provide them an exit strategy and logistical support. In my opinion, it is prudent to assist employees and contractors to leave unsafe areas rather than risk lives.
When forewarned of a potential event, you should engage the security and employee safety teams. Now is the time to examine existing planning for evacuation, relocation, and rescue procedures. Human resources and talent teams provide benefits insight, along with any aligned resources available or policy updates.
Operational risk considerations
Business continuity plans and risk mitigation resources provide a wealth of exposure and recovery strategies. Preparing for civil unrest & incursions includes meeting with your security and facility teams to prepare for employee and assets damage. Reviewing protective measures and controls helps to understand any planning gaps. As you review your continuity plan, consider potential impacts to the response. For example, with the current situation, Russia supplies over one-third of Europe’s power in natural gas. Ask your team if perils like this threaten the company’s resilience.
Evaluate plans for damage to assets, offices, and supply chains. Companies are already anticipating European power outages due to the escalating conflict. From a risk and resilience perspective, it’s wise to consider all potential outcomes as part of your preparations. As practitioners, we can no longer afford to only think of location loss or office damage. Instead, we need to take a 360 view of any interruptions that could threaten organizational resilience.
Another way to prepare for civil unrest & incursions is to identify any risk aligned with vendors. The first step is identifying the risk to operations posed by third parties’ outsourcing of critical activities. The expansion off-shoring of processes by many companies increases exposure. Any vendors operating in areas prone to disasters, unrest, or other upheavals need viable recovery strategies. If no workarounds exist, think of opportunities to take critical work back in-house or transfer to a third party outside the hot zone.
An escalating risk is from the third-party technology vendors downstream from primary processes, but whose continuity of is vital to maintain operations. This risk could be a system, network, or software-related. In a world where digital is just as crucial as brick-and-mortar services, the scope of threats to business interruption is growing.
IT risks and controls
I covered some aspects in my discussion of vendor risk. However, many businesses are aware of the threat posed by countries attacking each other virtually. Another tactic is for a nation to attack companies to distract them from aggressive maneuvers like invading another country. So far, I have only heard that Russia has attacked Ukraine’s infrastructure. Still, they can attempt large-scale attacks on companies of other nations to distract them from an imminent invasion.
Next, beyond cyberattacks, it makes sense to consider both internal and external threats to data centers. Although many businesses rely on cloud services–those servers exist somewhere. Now is an excellent time to refresh and determine if any vulnerabilities in this area exist. Saas is just one service example. Examining your network vulnerabilities and security risks is always a good practice, especially when preparing for unpredictable incidents. I’m sure many of you can think of additional scenarios.
Prepare for the worst, hope for the best
Finally, this is not an exhaustive list of considerations. However, thinking about potential exposures to these big buckets will help you prepare for hazards of this type. For, it is better to be crisis ready than underprepared. Although COVID proved that 100% preparedness is unrealistic, we can up our mitigation game.
Embracing a resilience approach supports this effort. By aligning to this organizational method, companies assume a holistic attempt to survive events and prosper. Sustainability is a worldwide mantra and applies to building harmony and alignment across business functions. Check out my next blog, where I will discuss what response actions to take when external disruptive events occur.