
Let me start by saying, I know nothing about football. Seriously! The offside rule is a mystery to me, and I don’t know my Arsenal from my Arsene Venger!
However, I do know that normal TV (whatever that is) has been disrupted by a load of balls of various sizes… Tennis, footballs, and cricket! If you’re a sports fan it is an exciting month. For me… it’s just an opportunity to read more and get out for a walk!
But what has this got to do with Information Security you may ask? Well, quite a lot actually.
CIA – Includes ‘Availability’
As most of us are aware, a core principle of Information Security is the ‘CIA Triad’;
Confidentiality
Integrity
Availability
When there is a big sporting event the availability of people can become a very real risk for businesses. People want to experience these events and with so much TV coverage, they can do so with friends and family, and often with a large amount of food and drink too.
For those who have to work during these events, they are often distracted and only paying scant attention to the work they are meant to be focused on.
‘Availability’ in the context of information security is about the availability of resources (and data) when and where needed. If people aren’t available, then services can be severely impacted.
So, what about Wimbledon and the Euro’s? Is there likely to be a problem? Well, consider for a moment when the final for Wimbledon is; Sunday 14th July. But do you know when the Euro final is?
Yes, you guessed it; Sunday 14th July.
Whichever way you cut it, Sunday 14th is going to be a big day for sports fans, and Monday 15th is going to be a quiet day at the office, as people nurse headaches and (possible) heartache.
It’s the Final… countdown.
Although personally I’m not that excited about the final of either tennis of football, it’s clear that Sunday 14th July will be a day of excitement and excess for many. Which means that Monday will be a day when the likelihood of people calling in sick is going to increase, or where errors and mistakes occur.
People just won’t be at the top of their game, and therefore we need to consider the impact on our businesses and devise a plan now.
For example, for organisations that will be working on the Sunday you might consider giving people access to the game at the office (e.g. in call centres this is a great idea so that staff can still enjoy the game). If you don’t do this, then the chances are your staff will simply be monitoring the game(s) on their devices.
This is a great opportunity to build some team morale and keep your people engaged.
On Monday 15th, you might want to consider a later start time for staff, so they can sleep off the excesses of the previous night. This is especially important if those staff need to drive to the office, as alcohol could still be in their system and they could still be over the legal limit.
Keep in mind that when people aren’t feeling well, are tired, or still feeling ‘under the influence’, the possibility of making a mistake, or an error in judgement will increase. This could easily lead to a mistake that causes a data breach or incident that puts you and your business at risk.
Start planning now
ISO27001:2022 Specifically discusses the need for information security incident management planning and preparation (Annex A5.24). Some might think that this only relates to big events like floods, fires and pandemics. But in truth we need to have a process for responding to smaller events, like adverse weather (e.g. snow) sporting events that might disrupt services.
Of course I’ve focused here on the negative, but it could be that your services are increased demand come the 14th or 15th July. If you’re in hospitality then are you ready for the influx in business? Taxi firms might be high demand on both dates too.
These are the topics that you should be discussing in your Management Review meetings to assess the impact on your business from events that are on the horizon. It’s not just about discussing the more mundane and less likely events, like power outages or cyber attacks.
To help, here is your 3-point action plan for the next few days, to help you prepare for the big sporting weekend of 14th.
Gather business areas together and assess the potential impact (positive or negative). Remember to consider external issues, such as transport problems or suppliers who might also struggle to provide their services?
Agree what actions you will take to manage the impact (e.g. changing shift patterns)
Develop a Comms plan to go out to key stakeholders (staff, clients suppliers etc)
The key here is to start planning today. Don’t wait until Friday 12th to discover that half of your business has booked Monday 15th off on annual leave, knowing the rest will simply ‘throw a sickie’ (except people like me who just aren’t interested in sport!).
This doesn’t have to be an onerous task either. It all starts with a conversation. We often say that it’s not about the plan, it’s about the planning. Or to put it another way; It’s not about the destination, it’s about the journey. The plan that comes out of the planning is of course important, but you’ll learn more about your business and about other contingency processes when you engage with the business over events like these.
Good luck with the planning. Whatever the outcome of the 14th July, I hope the best team/person wins, and although I know nothing about football, I know that usually means the team or player who has trained better than their opponent and therefore is more prepared.
Sound familiar?
More questions?
If you found this topic of interest and want to know how you can build Incident Response and Business Continuity Plans that work, then get in touch. Our plans are designed differently from the majority of plans you’re going to find out there. Based on deep psychological research and expert analysis on how the military and emergency services respond to major incidents, our plans actually work.