A remote possibility

David Adams reports on the impact of an influenza pandemic on the workforce, and on business continuity processes in general

Are you scared of swine flu? Personally, I think there are too many other things to worry about (and that there's not much we can do to escape it anyway, short of sealing ourselves in an underground bunker). But the truth is, without conducting a universal screening programme, no-one really knows how many of us are already carrying the virus, or what proportion of those people will be ill this week or next.

Media reports on swine flu have been wildly contradictory since its appearance in the spring. There have been scare stories about the forthcoming, more virulent second wave of the virus, about mushrooming numbers of new patients overwhelming the NHS and about the virus becoming resistant to Tamiflu.

As it happens, on the day I'm writing this, the news is (sort of) good, in that the rate of infection in the UK seems to be flattening out, after the total number of cases had been doubling week by week. And the number of deaths is still extremely low. That may change as summer turns to autumn, bringing colder weather and, perhaps, the feared second wave of the illness. But even if swine flu never mutates into a more dangerous form, how significant a threat does it pose to businesses and other organisations?

What does seem certain is that lots of people will need to take time off. There will be those who are ill; those who think they are ill and are then advised by doctors and/or employers not to go into work in case they infect others; more vulnerable individuals like pregnant women who are not ill but are advised not to go to work; those who stay at home to look after sick children; and those who are pretending to be ill. If the NHS does come under severe strain it's possible the government will extend self-certification of absence to 14 days - which will be useful to those people who do want to skive off.

The Cabinet Office is basing contingency planning on an average absence rate of at least 15 per cent, but some businesses are considering the impact of rates of 20 per cent or above. It's easy to imagine how those absences could affect the country, removing staff from workplaces ranging from call centres to the cabs of railway engines or control rooms in power stations. There may also be negative consequences of 'presenteeism', with some people feeling so insecure about their jobs during the recession that they don't stay at home when they should and come in to sneeze all over their colleagues.

Many people in office jobs already work from home at least some of the time and could continue to do so if not too ill to reach a phone or computer. But some key IT systems, like financial or ERP (enterprise resource planning) tools, may not be accessible to staff working from home, thus hampering productivity.

If staff are too ill to work from home, this may be the moment when it finally becomes clear which individuals really make the organisation tick. "Organisations generally risk assess senior management, but often forget about assessing risks relating to core personnel," says Nicky Amor, executive director at AccessRM. "So you might have John Smith, who's been there for 20 years and who everybody else relies upon to help them do their jobs. He might be lower middle management, or whatever, but because he has knowledge about the business and its clients it is a danger to the organisation if he's suddenly not there. We find that most organisations haven't identified those John Smith characters."

That's not to mention all the other usually unsung staff who keep the office working: the IT team, but also the people who look after cleaning, plumbing, electrics, air conditioning or lifts. Clearly there's a need for business continuity planning to encompass the impact on the business of high levels of absence in these areas. It also needs to take into account the likely effects of the pandemic on outsourcers to which business processes have been delegated.

Whatever the size of an organisation, it also needs to be aware of the risks associated with more employees than ever before working from home. That could lead to technical problems, if IT systems are not usually required to support so many remote workers, or if a company alters IT procedures to facilitate more flexible working. "Companies have relaxed security controls, because they're not geared up for large numbers of people connecting from outside the office," says Pragasen

Morgan, senior manager at PricewaterhouseCoopers. He's also concerned about security risks associated with staff using home computers to access corporate systems. Swine flu could also undermine the processes that support business continuity. Plans may not be geared towards large numbers of home workers, data back-up processes might not be properly maintained and an understaffed IT department might slip up on management of software patches and security updates.

Paper document management procedures may not be properly maintained either, suggests Robert Guice, senior vice-president at document destruction specialist Shred-it. "Staff absences will inevitably add pressures to existing employee workloads, causing firms to run the risk of falling behind on document security responsibilities," he warns. "Should confidential materials not be destroyed properly, businesses leave themselves open to costly security breaches [and] irreparable reputational damage."

"Whether they're taking confidential documents home to work on, or accessing office systems remotely before printing off these materials, workers shouldn't take for granted the security risks associated with disposing of sensitive office documents," Guice adds. After all, the problems companies face as swine flu jumps from one employee to the next will probably increase opportunities for fraud, incidence of which usually rises in a recession.

Even the best-protected business could fall victim to problems entirely beyond their control, such as excessive demand straining the networks of telecommunications carriers. There will surely be frustration ahead for home workers whose internet connections hit bottlenecks at local exchanges. On the other hand, most business users don't need that much bandwidth to send email and exchange Microsoft Office documents.

Nonetheless, the question is being asked of providers like BT, which has issued a couple of vaguely reassuring statements in response, such as: "BT's network is in a strong position to cope with expected demands in home working." (I tried to speak to someone at BT to get a little more detail on this, but was told no-one was available for interview. When I asked if that was because of swine flu, the press officer giggled and said no.)

There are perhaps two other important areas that businesses and other organisations ought to consider in the context of swine flu. One is the need to ensure they are fulfilling their duty of care towards vulnerable staff, including pregnant women or diabetes and asthma sufferers. Employment lawyers are already suggesting that swine flu could lead to a rise in personal injury, health and safety and negligence claims, against employers who failed to take every necessary precaution to protect staff.

Secondly, there's the fact that some, perhaps even most companies, will settle invoices more slowly than usual if key personnel are not in the office to authorise payments.
As usual, only time will tell us if these are justified concerns.

"I don't think we've seen the worst of this yet," says Ben Howard, marketing manager at continuity solution supplier Vocal. "The big concern is if it does increase when the kids go back to school and you have more people not coming to work because they're looking after children. The impact on business could be absolutely enormous."

    Share Story:


Cyber risk in the transportation industry
The connected nature of the transport and logistics industries makes them an attractive target for hackers, with potentially disruptive and costly consequences. Between June 2020 and June 2021, the transportation industry saw an 186% increase in weekly ransomware attacks. At the same time, regulations and cyber security standards are lacking – creating weak postures across the board. This podcast explores the key risks. Published April 2022.

Political risk: A fresh perspective
CIR’s editor, Deborah Ritchie speaks with head of PCS at Verisk, Tom Johansmeyer about the confluence of political, nat cat and pandemic risks in a world that is becoming an increasingly risky place in which to do business. Published February 2022.