The ongoing worldwide outbreak of coronavirus disease (COVID-19), which originated in Wuhan, China, in December 2019, continues to grab headlines. As of mid-February 2020, more than 70,000 cases had been confirmed. The World Health Organization (WHO) has declared the outbreak a public health emergency of international concern, and health authorities continue to work to contain the spread of the disease.As with other health crises, organizations need to evaluate the potential impact on their operations and prepare for dealing with a pandemic. \u201cWhen looking at the threat posed by COVID-19, there are still many uncertainties,\u201d says Mark Womble, a principal in the Crisis & Security Consulting practice at Control Risks, an international business risk consultancy. \u201cWhat is certain, however, is that the world has changed in a number of key ways since previous outbreaks, most notably SARS back in 2003.\u201dIDG Special Report: Navigating the PandemicBusiness continuity: Coronavirus crisis puts CIOs\u2019 plans to the testCoronavirus challenges remote networkingA security guide for pandemic planning: 7 key steps10 tips to set up your home office for videoconferencingHow to survive and thrive while working from homeWTH? OSS knows how to WFH IRLFor one thing, \u201cWe\u2019ve become significantly more interconnected,\u201d Womble says. \u201cGlobal supply chains are the norm, with China playing a key role. Tremendous population migration and urbanization, and the resultant megacities those trends have induced, have placed a higher percentage of the world\u2019s population in closer proximity to one another.\u201dThis increased interconnectedness heightens the risk of a pandemic, Womble says, and increases the potential for serious business disruption if supply chains and travel must be curtailed.In addition, the rise of social media has had a tremendous impact, not just on how people communicate with one another but on how and where individuals get their news. \u201cThis can have both positive and negative effects, as social media can rightfully be credited with spreading awareness but can also easily tip over at times into rumor and hysteria,\u201d Womble says.Whereas business leaders in 2003 would likely have expressed frustration at a lack of information, \u201cToday\u2019s leaders are charged with distilling what can at times feel like an overwhelming \u2018fire hose\u2019 of information,\u201d Womble says. \u201cToday\u2019s information challenge is thus more acutely about sourcing, vetting and confirming factual information to baseline the challenge, make decisions and then communicate with employees, vendors, supply chains and the public.\u201dWith that in mind, consider these suggested best practices for corporate pandemic planning from a security standpoint.1. Start preparing for a pandemic earlyOrganizations early on should review their existing business continuity, emergency management and risk communications plans, says Nitin Natarajan, principal at Cadmus, a domestic preparedness advisory firm. That includes evaluating the impacts from a temporary reduction in workforce or a higher-than-average number of employees working remotely.\u201cAssess risks and vulnerabilities to physical and cyber systems from a reduction in staff, both internally and among key organizational interdependences,\u201d such as supply chain partners or service providers, Natarajan says. \u201cCommunicate early and regularly, internally and externally, since information voids will often be filled with incorrect information.\u201dSecurity and IT executives need to brief senior leadership regularly and ensure there is a clear understanding of leadership\u2019s expectations and their true level of risk acceptance, Natarajan says.2. Establish an \u201cintelligence baseline\u201dGoing on a quest for perfect information about a widespread health concern is unreasonable, Womble says, and will exacerbate the level of frustration security executives might already feel. \u201cInstead, determine which trusted sources of information you\u2019re going to rely on,\u201d he says. Good examples include WHO, the Centers for Disease Control, or a contracted medical response provider.Leveraging these sources, companies can gain an understanding as soon as possible. \u201cFocus your awareness campaign on those sources, unless gaps emerge that must be addressed,\u201d Womble says. \u201cSticking with select sources allows you to conduct trend analysis on how the situation is evolving.\u201d3. Identify potential triggers, risk tolerances and responses\u00a0All crises are fluid, but emergent medical issues tend to be even more so, Womble says. \u201cA trigger-based escalation matrix can be an incredibly powerful tool to help you respond more confidently,\u201d he says.When new information comes in, it\u2019s important to validate it as soon as possible and discern which escalation plans or other pre-vetted decision trees might need to be recalibrated. \u201cAccept that the \u2018facts\u2019 as you know them are likely to change,\u201d Womble says. \u201cBe prepared to re-evaluate your assumptions vis-\u00e0-vis those so-called facts and then adjust your action plans based on new information or emerging trends.\u201d4. Ensure a coordinated responseOrganizations must ensure a strong, coordinated response that integrates cybersecurity, emergency management and risk communications staff, Natarajan says. \u201cUtilize your organization\u2019s emergency operations center, if you have one established,\u201d he says. \u201cEnsure consistent and frequent communications to your staff and external stakeholders.\u201d In addition, companies should collaborate with state and local public health organizations.5. Think globallyThe term pandemic refers to a disease that has spread across a large region such as multiple continents. When evaluating security risks or preparing business continuity plans, companies need to be prepared for potential impacts on a worldwide scale.\u201cEnsure all plans have factored in worldwide aspects of your business, including supply chain, customers and service providers,\u201d says Pete Lindstrom, vice president of security strategies at research firm International Data Corp. (IDC). \u201cSomething like a coronavirus is not like a natural disaster that may be geographically isolated.\u201dKeep in mind that many suppliers and business partners are in different parts of the world. \u201cContact business partners\u2014especially supply chain\u2014to confirm instructions for requests, orders, shipments, receipts, payment, etc.,\u201d about any possible security issues, Lindstrom says.6. Stress test all facets of the remote work capabilityEstimates of the peak impact of COVID-19 vary widely and likely will continue to vary for some time, Womble says. What\u2019s clear is that the business impacts are not going away anytime soon and may well increase before they begin to dissipate, he says.\u201cRemote work\u2014whether by choice or out of necessity\u2014will likely have to play a significant role in your business continuity planning,\u201d Womble says. \u201cStress test every facet of your infrastructure now.\u201dAn IT backbone intended to remotely support perhaps 10% to 20% of the workforce might struggle under the weight of the current challenge. \u201cThe earlier you understand the weak points in your system, the more time you\u2019ll have to problem solve, or prioritize who should have access to your systems,\u201d Womble says7. Be transparent in sharing updatesEven the best business continuity plan is likely to be significantly challenged without dedicated employees willing and able to go above and beyond their normal responsibilities to help navigate the unique challenges a medical crisis can pose.\u201cEnsure those employees\u2019 efforts are recognized and appreciated,\u201d Womble says. \u201cBy removing\u2014or simply reducing\u2014your employees\u2019 burden of sifting through an overwhelming and contradictory mountain of \u2018intelligence,\u2019 you enable them to focus on their roles and free them up to help meet the challenges to the organization.\u201dCompanies have a duty of care to their employees as well as a broader responsibility to their business partners and communities, Womble adds. \u201cThe flip side to any crisis is opportunity, and organizations will rarely have a better opportunity to build trust and prove themselves than in the midst of a crisis that directly impacts individuals as well as business outcomes,\u201d he says.