Think Swine Flu is an overblown health threat with negligible security consequences? Think again.
By Bill Brenner, Senior Editor
June 03, 2009 — CSO
The world went into panic mode over Swine Flu when it began spreading like wildfire early last month, first in Mexico, then the United States and beyond. Then it became evident that most cases were mild — no worse than garden-variety seasonal flu. People moved on in search of something else to worry about.
And so went another textbook example of how we panic too much when a threat is in the news and plan too little when the headlines dissipate.
The reality, at least in the case of Swine Flu, is that the threat was low in spring but could morph into something more sinister in the fall and winter. Emergency preparedness experts say there’s no cause for panic, but that this is a reminder that organizations should always be thinking about how to keep the machinery moving in the event something big and unexpected happens.
For emergency planners, there are both physical and cyber security challenges to think about regarding Swine Flu and other potential pandemic viruses.
On the physical side, private entities should be hammering out a game plan for who would do what and where if the government decided to restrict our movements to contain an outbreak, says Kevin Nixon, an emergency planning expert who has testified before Congress and served on infrastructure security boards and committees including the Disaster Recovery Workgroup for the Office of Homeland Security, and the Federal Trade Commission.
“Companies and employers that have not done so are being urged to establish a business continuity plan should the government direct state and local governments to immediately enforce their community containment plans,” Nixon says.
If the Federal government does direct states and communities to implement their emergency plans, recommendations, based on the severity of the pandemic, may include:
- Asking ill people to voluntarily remain at home and not go to work or out in the community for about 7-10 days or until they are well and can no longer spread the infection to others (ill individuals may be treated with influenza antiviral medications, as appropriate, if these medications are effective and available.
- Asking members of households with a person who is ill to voluntarily remain at home for about 7 days (household members may be provided with antiviral medications, if these medications are effective and sufficient in quantity and feasible mechanisms for their distribution have been developed).
- Dismissing students from schools (including public and private schools as well as colleges and universities) and school-based activities and closure of childcare programs for up to 12 weeks, coupled with protecting children and teenagers through social distancing in the community, to include reductions of out-of-school social contacts and community mixing. Childcare programs discussed in this guidance include centers or facilities that provide care to any number of children in a nonresidential setting, large family childcare homes that provide care for seven or more children in the home of the provider, and small family childcare homes that provide care to six or fewer children in the home of the provider.
- Recommending social distancing of adults in the community, which may include cancellation of large public gatherings; changing workplace environments and schedules to decrease social density and preserve a healthy workplace to the greatest extent possible without disrupting essential services; ensuring work-leave policies to align incentives and facilitate adherence with the measures outlined above.
On the IT security side, organizations need to be thinking about how to stay on top of things like log monitoring and patch management in the event of sickness among the IT security staff.
Kevin Coleman, a strategic management consultant at Technolytics, says companies should also plan for limitations on business travel and even bringing in extra cleaning crews and keeping employees at home if they complain of so much as a sniffle.
“Encourage anyone who feels the least bit sick to stay home,” Coleman says. “If an employee can do all the work from home on company laptops and VPNs that they do in the office, there’s no reason to have them come in. If you can limit exposure from the get-go, why wouldn’t you?”
Meantime, Coleman said, companies should ramp up the cleaning crew activity that’s already going on, mostly after office hours. Bringing in extra cleaning crews to wipe down heavily-touched surfaces like doors, walls, phones and keyboards is money well spent, he said.
“Employees can also do their part to limit the spread of flu by carrying around antibacterial hand wipes,” he said, noting that some of his clients have already pulled back on the amount of business travel employees can do.
It’s far from certain that we’re in for a deadly 1918-style pandemic. Either way, security experts say going over the scenarios and building a game plan is time well spent.
Read more about preparedness in CSO online’s Preparedness section.