It's still unclear whether COVID-19 will become a full-blown global pandemic, but there are few instances in which a business gets a significant amount of advanced warning to prepare for a potential disaster. And even if novel coronavirus doesn't cause massive illness and widespread quarantines, preparing and planning for the worst case scenario won't be a waste of time.
Protect Your People
The prospect of a pandemic, as unsettling as it is, can serve as a forcing issue that ensures your IT operation be ready to deal with almost anything, from a natural disaster to severe weather or a local outbreak of flu or norovirus.
Your first priority must be to protect your people. Talk with HR and work to give as much flexibility as you can with paid sick days and allowing people to work from home. You don't want anyone feeling like they must come in to work even if they feel ill. In the long run, your people and your business will be better off if employees don't spread the virus to one another.
Next, make sure everyone understands who to contact if they can't come into work. People need to know who to speak to when they have questions. Also, promote proper hygiene — frequent handwashing, no handshakes — and insist that anyone who starts showing symptoms must go home immediately.
Protect Your Business
Once you've taken measures to protect employees, it's time to think about protecting the business. Begin by considering how a pandemic will affect operations. For instance, if your IT group supports a healthcare organization, you'll need to prep for a surge. On the other hand, if you support brick-and-mortar retail, you can probably assume there will be a decline.
Talk with business managers to make sure you understand exactly which IT services are most critical for day-to-day operations. Can you provide these services remotely and do you have sufficient capacity to cover everyone who might need to work at home? If there are gaps, prioritize filling them.
Then look at your IT operations. Determine which skills are most critical to keeping the IT shop running, and make sure you have multiple people cross-trained on vital functions. That way, as long as some of your people are healthy and able to come into work, you'll most likely be covered. However, if we have a pandemic that goes on for an extended period of time, you'll need to know which assets are most at risk if no one can come in to maintain them. If some of these vital services can be run from the cloud, it's a good idea to at least prepare to do so.
Look into third-party services such as remote network monitoring centers (NOC) and help desks that could fill in if necessary. And, if you do rely on an outside provider, make sure to do your due diligence. Ask them how they plan to continue providing services if the worst case scenario comes to pass. If you're depending on another organization to fill in the gaps, make sure they are well prepared.
Finally, review your backup and disaster recovery (DR) plan. Can you restore services remotely? After all, a backup tape in a closet isn't going to do you much good if everyone is stuck at home. Ideally, you can replicate vital systems and applications to the cloud so if you need to fail over, it will be ready to go, enabling your people to access the services they need from essentially anywhere. Make sure you build in time to test the DR and backup systems thoroughly so you'll know they will work as expected when needed.
This was a brief overview of how to plan for COVID-19, but if you want a more detailed checklist, here's a useful document from the Centers for Disease Control (CDC).
Remember, as you undergo preparations, don't get too hung up on COVID-19. Preparations are by no means a waste if a pandemic doesn't emerge. Because, while the threat of a pandemic may be the issue that finally convinces executives to give IT the green light to prepare for a worst-case scenario, having a plan to deal with disasters will serve you well long after this crisis has passed. Every organization should have a disaster plan in place. After all, an earthquake or a tornado won't give you several weeks notice to prepare.