Initial Report: Tracking COVID-19 Response Trends Across Industries
To help security professionals benchmark and learn from one another, the ASIS Foundation launched a new project to track and share case studies illustrating security’s response to the worldwide COVID-19 pandemic. It identified a group of security executives across the globe representing different industries and organizations and interviewed them. The foundation will continue to check in with them regularly to learn how they are responding to this crisis and planning for recovery.
New updates related to the coronavirus response will be released several times each month, detailing the specific challenges each professional is facing in his or her country and industry, how those challenges are being handled, and what lessons have been learned. The case studies can be used as a hands-on guide for security departments and organizations as they grapple with these novel, fast changing issues.
Once the crisis has passed, a final report will be created to highlight the insights gained and evaluate how business resiliency changed as a result of the pandemic.
General Takeaways from the Pandemic and Economic Downturn through April 2020
Several dominant security themes have emerged from the coronavirus pandemic and the ensuing lockdown and economic freefall. All of the individuals participating in this research project emphasized that staff, customer, client, and contractor safety is paramount for their organizations. In every case, the interviewees said their organizations activated crisis management teams pursuant to existing business continuity plans. Regional teams are responsible for decisions in their areas, but they take strategic direction and policy dictates from corporate-based teams.
The security practitioners said their organizations closely watched and prepared as the virus crossed China's borders. They quickly stood up new policies, practices, and enforcement relating to on-site social distancing, hygiene, deep cleaning, illness detection, and illness self-reporting. All but critical staff are working from home and were required to undergo refresher training on phishing, malware, social engineering, and other cyberthreats.
At the same time, IT departments shored up their network infrastructure on the fly to ensure remote staff have access to network resources without overburdening the system. Organizations with staff working in underdeveloped areas are struggling with poor Internet access coverage and weak Internet infrastructure.
As the virus began to spread, organizations scrambled amid a logistical thicket to recall traveling staff, expats, and their families. Travel has been cut to virtually zero, except for critical trips on corporate jets.
Virtual meetings now substitute for in-person conferences. This has created a need to create new protocols for virtual work and guidelines for propriety, even as management strives to be mindful of staff members’ home situations.
Many security professionals say that their organizations have pledged to be responsible and caring corporate citizens and practice corporate social responsibility. Not only will these efforts help retain staff, but they will insulate the companies from bad publicity. Security professionals mentioned that companies’ actions during the pandemic will be judged after it is over.
How to determine whether staff is infected is another common concern, considering that many people with COVID-19 display no symptoms. Companies are heavily relying on self-reporting, but that does not capture people who are symptom-free. Many organizations use thermometers or other thermal devices to detect whether someone has a fever, but regulations vary on who may oversee this process. In addition, some companies have moved this process outside so that ill staff members do not infect interior spaces.
All security professionals participating in this research said their organizations have policies for quarantining staff, closing and cleaning facilities, and returning workers from isolation. The responses to an infected area range from closure to continued full-time operations combined with constant cleaning.
Masks and other personal protective are becoming available after initial shortages. Some manufacturers are fashioning their own masks and/or sanitizer for staff. Large manufacturers have been able to pivot production to items in demand and away from less critical consumer items.
Staff absenteeism—for fear of getting sick at work—is a growing issue, but it has not been disruptive yet, research participants said. Likewise, plans for sheltering in place at critical facilities are in place but largely haven’t been necessary, except for staff who rely on public transportation and fear being exposed on a subway or bus. But in those cases, management might make free parking available or cover rideshare costs.
As more staff get sick, participants said their companies fear a strain on the supply chain. They are working hard to obtain alternative sourcing, part-time staff, and backup modes of shipping.
Now that offices and other facilities full of expensive equipment are sitting idle, security departments are stationing officers to guard these sites 24/7.
Hard-hit industries, such as retail, hospitality, and travel, have had to furlough tens of thousands of workers. Some have won staff loyalty by promising their jobs back, paying a few weeks of salary, and maintaining benefits. None of the security practitioners surveyed said their organizations have faced significant insider issues such as theft, fraud, or violence.
The following security executives from various industries have agreed to provide interviews at regular intervals. Click through for regularly updated case studies about these organizations.
Organization: An NGO providing services for the wellbeing of children around the world, with emphasis on rural parts of Africa.
• Inability to travel to serve vulnerable populations
• Poor Internet hampering community access to online services
• Growing regional violence
Organization: A Latin American microfinance institution servicing economically deprived communities.
• Need to physically meet with clients/maintaining social distance
• Likelihood of widespread defaults by clients
Organization: A U.S.-based food and agriculture firm that mainly services restaurants, with production plants around the world.
• Maintaining production of food supplies
• Keeping production workers and facilities safe
• Reputational and corporate social responsibility issues
Organization: A university in southeast Asia with 15,000 students on a 75-acre campus.
• Staff and student safety
• Campus shutdown
• Cybersecurity for remote education
Organization: A Canada-based multinational financial institution with global assets and facilities.
• Traveling staff
• Staff communications
Organization: A Europe-based chemical conglomerate with global plants and operations.
• Cybersecurity and robustness of technical infrastructure
• Social distancing for truck drivers
• Managing regional crisis management teams
• Protecting closed facilities full of valuable equipment
Organization: The Asia division of a global furniture retailer, with about 60 of 450 global stores located in Asia.
• Store closures while maintaining staff pay
• Corporate social responsibility
• Reconfiguring stores for social distancing when they reopen
Organization: A Europe-based polymer manufacturer with global operations.
• Maintaining production of essential polymers
• Maintaining staff health and identifying infected workers
• Maintaining sufficient staff levels
Organization: A U.S.-based clothing retailer with 1,000 corporate-owned brick-and-mortar locations in North America, with franchises in other parts of the world.
• Corporate social responsibility
• Safely processing item returns
• Mass furloughs of staff
• Constant cleaning of distribution facilities
Michael Gips, JD, CPP, CSyP, CAE, is the principal of Global Insights in Professional Security, LLC, a firm that helps security providers and executives develop cutting-edge content, assert thought leadership, and heighten brand awareness. Gips was previously chief global knowledge officer at ASIS International, with responsibility for Editorial Services, Learning, Certification, Standards & Guidelines, and the CSO Center for Leadership & Development. Before that, as an editor for ASIS’s Security Management magazine, he wrote close to 1,000 articles and columns on virtually every topic in security. In his early career he was an attorney who worked on death-penalty cases.