Processing Your Payment

Please do not leave this page until complete. This can take a few moments.

Updated: April 13, 2020 10 Things

10 Things I know about...Setting up a crisis response plan

10) Start with a plan. Companies of all shapes and sizes should draft a distinct crisis response plan. Existing disaster recovery plans or business continuity plans might not suffice.

Michelle Drolet

9) Lead with leadership. Pick a small team responsible for your plan. Get buy-in from the top, pull in human resources, finance, IT. Develop policies minimizing disruption but ensuring data security is maintained and regulatory requirements are observed. Appoint a virtual CEO in case leadership falls ill.

8) Plan for every eventuality. Consider how to keep company functions going. Consider how employees will get paid, where they will work, and how they will complete their tasks.

7) Test your plan. No plan is trustworthy unless you test it. Create tabletop exercises and mock incidents to root out and identify problem areas needing patching.

6) Communicate. Set up systems to disseminate the latest information like a messaging app/chat room to convey news and a list of contacts. Get the CEO to issue regular status updates, remain transparent, avoid leaving staff in the dark. Pay special attention to young families and those living with seniors. Use social media & your website to keep customers informed.

5) Train and assess employees. Allow employees to train for substitute roles should the worst happen. Providing step-by-step instructions they can refer to should unexpected situations rise up should help reduce stress. Try to foster a sense of solidarity and community.

4) Work remotely. Employees working from home need to be set up with virtual private networks, SSL and dual-factor authentication. Test your endpoint security. Plan for increased bandwidth demand and beware of staff using personal devices to log-in into the company.

3) Test for stress. Do you have enough capacity? Stress test your network applications for load. Identify which critical applications (hardware & servers) will need additional expansion for handling sudden surges in traffic.

2) Continuous training. Conduct regular cybersecurity user awareness and training to ensure staff can identify and avoid phishing scams, especially during times of crisis when bogus emails, social media memes and cybercrime proliferates. Beware of disinformation campaigns and doctored, so called deepfake, videos.

1) Do fun things! Working remotely from home can be lonely. Pull in human resources to devise fun ways to keep teams socially engaged, such as staging photo contests for best home office, or running a daily lunch hour via online conference.

Michelle Drolet is CEO of Towerwall, a woman-owned independent data security services provider in Framingham. Reach her at

Sign up for Enews

WBJ Web Partners


Order a PDF