Here are six steps to protect your workforce and prepare it for the un

precedented challenges of working  in the midst of a global pandemic.

PUT PEOPLE FIRST
In a crisis of this magnitude, it’s essential, first, to ensure the phys
ical safety of the workforce and to acknowledge the demands that 
the pandemic is putting on their health and personal lives. Prioriti
ze employee health and well-being
even if in the near term it comes at the cost of organizational perfo
rmance.
As the world mobilizes to mitigate the impact of COVID-19, uncertainty abounds.
We must take this opportunity to seek the upside for employees, enterprises, and
society.

Thank you to my co-authors for bringing these insights together:  Beth

Kaufman,  Sibley Lovett,  Debbie Lovich, and  Reinhard
Messenboeck.
In disorienting times, the most effective leaders find ways to re-ground themselves in the
fundamentals of crisis leadership. They recognize that their decisions will have an out-sized
impact on their employees’ well-being, their enterprises’ futures, and in some instances,
society at large – and this knowledge comes with an acute sense of responsibility. As
Winston Churchill said, “It is no use saying, ‘We are doing our best.’ You have to
succeed in doing what is necessary.” Rather than succumb to panic or paralysis, though,
effective leaders embrace four key behaviors of crisis leadership and use them to navigate
critical “moments of truth” for their employees, enterprises, and society. 

What are four core leadership behaviors required in

a crisis?
1. Put people first. Period
 2. Paint a vision of getting to the other side of the crisis
3. Empower others, so that everyone can do their part
4. Acknowledge that these times are highly emotional

First and foremost, people come first. Period. In order to unleash the best in their
employees in today’s crisis, and ensure a robust, resilient workforce for the future, leaders
must care deeply and consistently about their people – their health, their needs, their
fears. This includes both the big things such as ensuring ways for employees to return home
despite travel bans, and the little things such as amending health insurance policies so that
employees can stock up on critical prescriptions and medicines to last through extended
periods of self-isolation. 

Leaders must also paint a vision of getting to the other side of the

crisis, showing the way to a place where the situation and environment stabilize. This does
not mean projecting false confidence or certainty, but rather conveying with reassurance that
someone is focused on the overall trajectory and health of the enterprise; that the captain is at
the helm and steering the ship through the proverbial storm. This frees up employees’
capacity and mind share to devote to smaller-scale concerns within their direct sphere of
influence, at work and at home, rather than worrying about the underlying viability of their
organization.  

One cannot navigate the crisis alone: leaders must empower others so
that everyone can contribute their skills to the needs of the moment. Align on what matters,
so that everyone has a clear “north star.” But also give teams room to operate, and trust that
they can deliver. Organizational agility and digital tools for real-time coordination and
communication become ever more important in an unfolding crisis, so that all employees,
regardless of level, can bring their expertise to bear. Similarly, a central “Crisis Management
Office” or “COVID-19 war room” provides critical enterprise direction through reliable
communications so that frontline teams can move forward with speed and autonomy. 

Lastly, leaders must recognize that these are highly emotional times – both for
leaders, and for those they are leading. Merely acknowledging this and giving yourself and
others permission to process the emotions of the moment can go a long way toward creating
the mental calm needed to stay grounded and continue moving forward. Ignoring the human
side of challenging circumstances can leave employees feeling disconnected and
demotivated, rather than fueled to meet the days ahead. 

What are the key “moments of truth” in the COVID-

19 response?
With these behaviors in mind, leaders can more honestly and effectively face the moments
of truth that arise in a crisis – moments that not only define one as a leader, but also
define the future of the organization and become part of the company’s history and lore. One
cannot anticipate the specifics of one’s “defining moment,” but by being attuned to the three
dimensions of people, enterprises, and society, leaders will be better prepared to navigate
them. 
People “moments of truth”: Supporting employees
Employees’ experiences of crisis cover a broad spectrum. In today’s crisis, some may be
infected by COVID-19; others may face hardships due to family care needs, difficulty
traveling to work, or lost wages. At the same time, employees may also tap into new reserves
to address the crisis at hand. As a leader, one must keep this range in mind, offering empathy
and flexible solutions to those who are struggling, while also recognizing those who are
going above and beyond. This includes hospital leaders recognizing frontline workers who
are working extra shifts or coming out of retirement in order to increase capacity, or
executives who are taking proactive pay cuts rather than laying off workers. 

Business “moments of truth”: Sustaining the enterprise

Enterprises will face myriad challenges over the coming months: some vendors may not be
able to pay on time; some customers may radically reduce buying. In response, leaders must
be resourceful as they seek solutions to ensure short-term liquidity for their supply chains and
preserve future viability. Eight of the largest U.S. banks announced they would halt stock
buybacks through the second quarter, in order to maintain customer solvency and liquidity.
GrubHub has eliminated commissions for restaurants to ease the burden on those shutting
their doors to dine-in customers.                                     

Societal “moments of truth”: Serving the broader community

Leaders will also be faced with moments where business decisions can directly impact
society at large, whether by closing or curtailing businesses, or expanding services to rise to
the occasion. As leaders respond to the crisis, they must carefully consider how to balance the
needs of their enterprise with those of society at large. Restaurants, for instance, may close to
prevent the spread of disease. Grocery stores are dedicating the first operating hours of the
day for senior citizens to shop, to support social distancing for a vulnerable population. Some
companies may even stretch outside the bounds of their business models in order to address
societal needs, such as the mobile dentistry service that is re-outfitting units to provide
mobile COVID-19 testing instead. 

As the world mobilizes to mitigate the impact of COVID-19, uncertainty abounds. One thing
is clear, however: as leaders, we must take this opportunity to not only minimize the
downside of crises but also seek out the upside for employees, enterprises, and society. By
pivoting from a fear-based perspective, to one grounded in the four core behaviors of crisis
leadership, leaders can equip themselves to navigate these “moments of truth” effectively,
regardless of when they occur.
 ACCELERATE SMART WORK
Many employees face the prospect of working remotely from home 
for an extended period of time. Make remote work “smart work” 
by developing virtual-meeting best practices, trainings, tools, and 
IT support and by defining clear norms for virtual agile teams.

How to Remain Remotely Agile Through COVID-19

MARCH 24, 2020By Benjamin Rehberg , Martin Danoesastro , Shilpa Kaul , and Liza Stutts

 

   

One of the pillars of agile ways of working is team collocation. Study after
study shows that teams that work together in the same place report higher
productivity and effectiveness and better decision making. So, what
happens when a disruption such as coronavirus renders collocation
inadvisable if not impossible? Can team members working in remote
locations still be agile?

The answer is yes, although most teams—especially those that have been
formed recently—will experience some drop in productivity. This should
not be cause for concern: it’s just more evidence that collocation really
makes a difference. We are also finding that agile makes remote working
much easier. Many companies that are working in an agile way say the
following agile principles help them become more effective remotely:

 Rigid Prioritization. Creating backlogs and constantly refining

them have made sure that individuals and teams can work on the most
valuable things even when they are remote.
 Working in Small, Cross-Functional Autonomous Teams. Small
teams build resiliency and make it easier to change direction when needed.
 Regular Rhythm of Meetings. A regular meeting cadence helps to
make sure that everyone is aligned and enables collaboration when people
are working from home.
 Agile Leadership. Good leaders focus on concrete output and goals,
allowing teams to have a common vision to work toward.
At its core, agile is a set of cultural values, principles, and behaviors,
rather than a set of specific practices. Teams that remain true to the
principles can still operate effectively until life and business return to more
normal patterns. Here’s how teams should focus their efforts.

MAINTAIN ALIGNMENT

As we have observed before, small, cross-functional, empowered

teams are at the core of every agile organization. The ability to act
autonomously spurs ownership and creativity, enabling teams to make
quick decisions and move fast. But a high degree of autonomy works only
when there is also a high degree of alignment in and among teams, and the
importance of this alignment is heightened when team members are
working remotely.
Agile leaders need to make doubly sure that
teams align around the company’s overall
purpose, strategy, and priorities.
Agile leaders need to make doubly sure that teams align around the
company’s overall purpose, strategy, and priorities. Leaders need to
communicate intent, explaining both the why and the what, so that
members stay focused on their team’s goals and the connection to larger
business objectives. In normal times, this alignment is the precursor to
autonomy; in times of distraction, when teams are physically separated,
alignment becomes more important than ever.

PRIORITIZE CEREMONIES

Regular ceremonies help bring structure and normalcy to the remote

workday. A common cadence of virtual meetings and calls includes
weekly team touch points of 60 to 90 minutes to discuss progress, forecast
plans for the coming week, go through official communications from
management, and raise any emerging risks or issues. Daily standups of 15
to 30 minutes are used to review progress since yesterday, plan for today,
and raise any issues or blockers. In addition, virtual meetings (employing
videoconferencing when possible) and instant messaging are used as
needed to chat with colleagues about work and other issues.
It helps for leaders to be transparent about their calendar and
commitments. For example, they should put placeholders in the online
calendar so that colleagues can see their availability, and leaders should
make time for regular ceremonies and touch points with their teams.

USE VIRTUAL TOOLS

One piece of good news: there are plenty of virtual tools available today,
and they can help. Consider using conferencing tools—for audio and video
—such as Webex and Zoom. Larger companies can use their virtual
private networks. An always-on connection during working hours can
facilitate informal and formal connections among team members. Frequent
calls or conferences during the early days of remote working can help
people adapt to a new way of interacting. A breakout capability—the
ability for team members to engage in one-on-one meetings while also
remaining part of a larger virtual gathering—is an important component of
simulating collocation. Virtual whiteboards are another useful tool for
overcoming physical separation, as are collaboration tools—such as
Egnyte, Hangouts, Jira, and Trello—and work-oriented messaging
platforms such as Slack.

Frequent calls or conferences during the early

days of remote working can help people adapt.
In planning how to work remotely, it can help to break down the activities
that typically occur during a day and think about where in the physical
office they take place. These spaces or rooms can be recreated using a
variety of virtual tools. (See the exhibit.) Taking team members on a
virtual tour of their virtual quarters can get them acclimated to remote
collaboration.

BUILD A VIRTUAL TEAM CULTURE

Good leaders look for inventive ways to build a
sense of culture for team members.
This may be the most difficult part of working remotely—and the most
important. Culture is an intangible but critical aspect of the workplace, and
it is easily lost when teams physically disperse. There is no water cooler or
lunchroom in cyberspace. 

Good leaders look for inventive ways to build a sense of culture for team
members. One way is to invite team members into leaders’ new work
environment. Leaders can share photos or give a virtual tour of their home
office—or even the house and the neighborhood. One of our colleagues
recently wrote about her experiences replacing physical distance with
virtual social intimacy. Another method is to assign roles to the team to
ensure focus and to encourage engagement. A “rabbit hole master,” for
example, ensures that the team doesn’t get stuck in unnecessary
discussions. A “zen master” ensures that the team’s energy level is at its
best. The “timekeeper” performs timeboxing.

Adhering to three good practices will also help create a functioning

culture.

Empathy. Some people will respond more readily than others to the total
disruption of their work environment. Those with children may have more
challenges working from home than those without, for example. Consider
that everyone’s take on this situation will be different—and talk about the
various perspectives openly. Teams members that remain aware of one
another’s circumstances can operate effectively until life and business
return to more normal patterns. 
Transparency. At a time when the only thing that seems certain is
uncertainty itself, leaders should make an extra effort to be totally
transparent about their work, ongoing deadlines, and their personal
responses—even if the answer is, “I don’t know right now.”
Engagement. Encourage conversation among colleagues. That water
cooler chat is important for sustaining relationships. Not all online
conversations should be about work. Ask colleagues how they are coping
or how their kids are making out.   
 While no one knows how long the COVID-19 crisis will last, it seems
inevitable that many of us will be working remotely for at least weeks if
not several months. Productivity may take a hit, but it doesn’t have to hurt.
An agile approach can keep remote teams functioning effectively and
make them more resilient for the future.

CREATE VIRTUAL SOCIAL INTIMACY
Collaboration is key to performance, and effective collaboration de
pends on strong social connection. Digital collaboration tools can h
elp but so can simple practices—regular video check-in calls and 
devoting portions of online meetings to personal interactions—to 
minimize social isolation. 
Creating Social Intimacy with the Distance
 Published on March 14, 2020

Debbie Lovich

Managing Director & Senior Partner at Boston Consulting Group (BCG)

6 articles Follow
I was supposed to be in Milan yesterday with 15 or so of my colleagues. We were to fly in
from China, India, US, UK, France, The Netherlands, Australia, and Germany for two days to
share the latest and greatest in our work, reflect on the impact we had on clients last year, and
plan for how to build our practice and impact in 2020. We also do a bit of celebrating
together—a nice dinner, a little too much wine, and late evening jet-lagged strolls back to the
hotel. Meeting two to three times a year and leading our global People and Organization
practice together, we have become quite close.

Instead we had 8 hours of WebEx.

I woke up early before our WebEx to work out and watch the latest news. I kept hearing the
phrase “social distancing” again and again and again. What does this “social distancing”
really mean?

Then I got on my WebEx.

So this is what the talking heads meant by social distancing: A screen on my laptop mostly
taken up by PowerPoint slides meant to be shared in Milan, lots of little boxes only half of
which were filled with faces versus initials. I guess some didn’t want to turn on their videos
at home. A challenge to stay engaged.

But suddenly, at a scheduled 15-minute break, the PowerPoint disappeared, and the little
pictures became bigger. I saw Felix’s unshaven face, an infinite wall of books behind Rainer,
Maria’s fancy desk chair in her home office, and some great artwork behind Allison. Before
people took their headsets off for the break, I asked, “Can you give me a video tour of your
house?” And instantly the distance became intimate. Felix revealed the mess to the right of
his desk, Rainer revealed the piles of books on the floor, Fabrice showed us great views, and
Maria introduced us to her dog. I had a completely new and more intimate view of colleagues
I have known for years.

With the COVID-19 outbreak now declared a global pandemic, and rapidly spreading despite
containment measures, public health officials have urged countries and businesses to adopt
new practices and behaviors to slow the rate of infection. Working remotely is one of them.
So, with all this social distance we lose the chats on the way to the meeting, the dinners after,
the knowing eye-rolling across the table. And with it we can lose the human connections that
make work fun.

There is so much more we can do other than video house tours to create social intimacy: I
threatened the leadership team with a seven-minute fitness routine on our next call (team, I
am serious). Maybe someone can teach us how to make fake office backgrounds behind us,
and we could have a contest for the best one next time. Maybe we take our iPads for a walk
around our neighborhoods as the weather gets warmer?

And for my next phone call, I want to spend the first five minutes trying to really get to know
the person I am talking with. Instead of the COVID-19 banter, maybe I will ask: What did
you and your family stockpile? What are you running out of? What did you make for dinner
for the family last night? What shows should I start binge watching? What random acts of
kindness have you committed?
Maybe with my project teams I could have a team video dinner—where we catch up over a
virtual dinner table?

Social distancing at this time is critically needed . . . but it is also critical that we create new
ways for creating social intimacy and connection. Please comment with your ideas (please
only publicly shareable ones!) for creating Virtual social intimacy while we create physical
distance. 

SPEED UP DIGITAL READINESS
Effective remote work requires a robust technology infrastructure. 
Incorporate new software tools such as Trello, Hangout, WhatsAp
p, and Jamboard. But pay special attention to cybersecurity becaus
e a company’s remote technology infrastructure may be especially 
vulnerable to cyber attack. 

Managing the Cyber Risks

of Remote Work
MARCH 20,
2020By Michael Coden , Karalee Close , Walter Bohmayr , Kris Winkler , and Brett Thorson
 

   

Across the world, companies and governments are rapidly taking

responsible measures to protect the health of their employees and citizens
—including asking people to work remotely. More than 30 million office
workers in the US, and up to 300 million globally, are expected to be
working from home, according to US Bureau of Labor Statistics and
Boston Consulting Group estimates. Accounting clerks, procurement
officers, human resources staff, the C-suite, and other workers will be
logging into company sites, attending online meetings, and accessing
sensitive company data via the internet—in many cases through their
home computers and private mobile phones.
While digital tools offer excellent support for remote workers, shifting
work patterns on such a massive scale can have serious unanticipated
implications for IT and cybersecurity. Is your company adequately
prepared for the changes in your cybersecurity risk?

Consider the implications of workers clicking on an ad promising a

COVID-19 wonder drug, or opening an email attachment—from what
appears to be a legitimate health agency offering pandemic updates—that
embeds software designed to compromise security. Or what if a worker is
manipulated by social engineering techniques to follow instructions from a
cyber criminal claiming to be from the employer’s help desk? Does your
company have adequate provisions in place to prevent workers from
downloading malware that could be used to collect passwords providing
access to payment systems, personnel records, personal customer data,
intellectual property, and other important assets?

It’s an unfortunate reality that in times of humanitarian crisis, we need to

speak more about cybersecurity. We have observed several warning signs.
As early as January, COVID-19-branded website domain names began to
be acquired. Cyber criminals use these domain names to masquerade as
legitimate COVID-19 information sites. They are also sending phishing
emails that appear to come from legitimate organizations, such as the US
Centers for Disease Control and Prevention and the World Health
Organization, but that actually contain malicious links or attachments.

In one case, recipients were offered a link to a university dashboard about

COVID-19 that is a popular source of up-to-date information. But when
they installed the software needed to view the dashboard, malware worked
in the background to compromise their computers, collecting and
transmitting personal and company user IDs and passwords to cyber
criminals. In another case, users who clicked on an email link purporting
to be a COVID-19 update from a leading shipping supplier were redirected
to a realistic-looking Microsoft Outlook login page that prompted them to
enter user credentials, giving cyber criminals access to company email
accounts.

By implementing a number of practical training, process, and technology

measures, companies can avoid adding a cyber crisis to the challenges
 associated with COVID-19. We urge companies to take the following
seven steps to protect their corporate assets. (See the exhibit.)

1. ASSESS CORE IT INFRASTRUCTURE FOR REMOTE WORKING

In an office environment, much of the workforce uses desktop computers

connected to corporate servers by Ethernet cables or an enterprise Wi-Fi
network that depend on the physical security of the building to keep data
secure. To work remotely, people will most likely be required to use
company-issued laptops or even personal devices that connect to company
servers over the internet. Instead of speaking with IT and cybersecurity
help desks via an internal phone system, workers will use their mobile
phones or landlines.

Companies need to assess three categories of infrastructure: endpoints,

connectivity, and enterprise architecture and infrastructure:

 Endpoints. Ensure that these include approved applications and

cybersecurity tools. Collect a complete inventory of devices authorized to
connect to company systems, paying special attention to device Ethernet
MAC addresses in order to correlate authorized devices with authorized
users.
 Connectivity. Ensure that connections to company networks take
place over virtual private networks (VPNs) with two-factor authentication
to prevent spying on data transmitted between workforce endpoints and
company servers. VPN and token software can be downloaded remotely,
but additional licenses may need to be acquired.
 Enterprise Architecture and Infrastructure. Configure firewalls,
networks, collaboration tools, and servers to accept remote connections
over the internet. The capacity for remote connections at many companies
may not be sufficient to accommodate the increased load of thousands of
connected workers. It may therefore be necessary to purchase additional
hardware for on-premises systems or to rapidly move to a cloud service
provider.
As the dramatic shift to working remotely accelerates, these technologies
will have to be tested at scale to ensure that the company’s infrastructure
and systems can accommodate the high loads. We observe many
 companies facing significant capacity limits given the rapid increase in
demand. 

2. SECURE APPLICATIONS AND DEVICES FOR THE REMOTE

WORKFORCE

IT infrastructure alone will not ensure that a company’s systems, software,

and security are properly configured and operating well. When
incorporating the technology needed for remote work into your
infrastructure, take the following measures to ensure the cybersecurity of
operations:

 Encrypt and install firewalls on all devices. Ask users to

immediately install security patches and update endpoint protection and
security (EPS) software on all endpoints, without exception. EPS provides
personal firewall, application control, antispyware, and antivirus
protection and keeps computers from becoming infected, thereby
preventing hackers from accessing IDs and passwords and using
computers as points of entry to the company’s servers and systems. Make
sure that all computer hard drives, external hard drives, and USB (thumb)
drives are encrypted and company issued to protect worker endpoints from
theft or unwanted physical access. Put guidelines in place to prevent the
use of USB drives that are not company issued. All endpoints should have
remote wipe capabilities so that data can be erased from a lost or stolen
device, as well as data loss prevention (DLP) software to prevent data
exfiltration. (DLP protects against even authorized workers, who may be
less careful not to exfiltrate data when working remotely than they are in
the office, where they can be more easily detected.) Finally, instruct
employees to regularly back up data on all laptops to company servers in
order to ensure quick recovery from incidents and protect critical business
processes.
 Secure access to company systems. Your company’s security
operations center should monitor all VPN and remote-access logs for
anomalous behavior. If the organization does not operate globally,
consider restricting system access to specific networks or locations in
order to reduce exposure to the internet, mitigate risk, and ensure early
detection of unwanted behaviors.
 Make sure cyber-incident response processes are robust.Security
operations and IT teams should update and test all processes and
procedures to ensure that cyber-incident response and chains of escalation
 work seamlessly with the remote workforce and backup personnel.
Companies should also test restoration of backups so they can be relied
upon during a crisis.
 Install remote-collaboration safeguards. Ensure that the remote
workforce has licensed, secure, enterprise-level teleconferencing and
collaboration tools that have been tested. Such tools will enable secure
productivity and prevent workers from using a chaotic proliferation of
consumer-quality tools that should be prohibited. Compromise of just one
workforce endpoint could create a breach for the entire company. 
3. EMBED CYBERSECURITY INTO BUSINESS CONTINUITY PLANS

While the workforce is operating remotely, it is important to consider the

security of employee locations—and, potentially, new ways of working.
Business continuity plans should include cybersecurity provisions on
several dimensions:

 Guarantee emergency security access. Ensure that security

operations and incident response teams can access their tools and
collaborate remotely if they are unable to physically access systems or be
near colleagues during an incident.
 Train backup teams and enable remote support. Plans should
take into account the possibility that at least some cybersecurity staff will
contract COVID-19 and be unable to work, even remotely. Companies
should also have service level agreements with remote cybersecurity and
IT providers that can realistically be maintained for several weeks, and
they should verify that these providers can support remote operations at
the needed scale.
 Put clear communication plans in place. Secure direct and backup
communications so that remote cybersecurity employees and other key
staff can be safely reached in an emergency. Don’t rely on a single
communication method, such as email, which can be compromised.
 Adapt your plans. Because the COVID-19 crisis is evolving
rapidly, it’s important to track and quickly incorporate lessons learned, as
some things will inevitably go wrong in this new environment.
4. MAKE THE NEWLY REMOTE WORKFORCE AWARE OF THE
ADDED SECURITY RISKS
 In addition to the technical considerations, cybersecurity training and
awareness-building initiatives are critical to reducing risk. Here are some
of the steps you should take:

 Train workers to use new tools and features securely.Ensure that

your workforce knows how to use the tools and technologies that support
remote collaboration, as well as how to recognize and prevent COVID-19
cyber threats, such as phishing and fraudulent emails and phone calls
offering tech support or posing as solicitations from charities. While
working from home, staff should configure their routers to create a
network for their work computers that is separate from the one used by the
rest of the family’s personal devices—a capability that is a feature of
almost all home routers. This is a necessary measure because nation-state
operatives and criminals are targeting the computers of C-suite executives’
family members.
 Establish protocols for remote workers to authenticate each
other. Train remote workers to use only secure methods to authenticate
help desks and co-workers. Maintaining strict protocols will prevent staff
from inadvertently divulging information.
 Prepare a guidance library. Distribute materials such as self-
service guides, videos, and lists of frequently asked questions that make
employees aware of the security threats and cover best practices for
working remotely in a secure manner.
5. ESTABLISH PROTOCOLS AND BEHAVIORS TO PREPARE FOR
SECURE REMOTE WORKING

The speed and scale of the transition to remote working create numerous
security risks for an organization, and your help desk will be the first line
of defense. Here are ways to prepare for the change and mitigate risk:

 Enhance help desks. Support the rapid surge in remote workers

with additional secure tech support. Create or expand your support center
(or centers) with voice and chat services to address increased queries.
Ensure that the help desk authenticates remote workers properly using
multifactor methods of authentication. This can be as simple as texting a
code to the authorized worker’s confirmed or company-issued cellphone.
Establish periodic touchpoints with your workers to discuss their progress
and solicit their ideas for improving secure ways of working. Your
workers want to help, and they know what is working well.
 Explicitly define ways to work remotely. Provide the organization
with clear guidelines and explicitly define secure procedures for dealing
with remote working. Distribute a remote-work policy that specifies
acceptable methods for connecting to the internal network. Consider
minimizing data access only to those who need it, and align on “normal”
working hours, which will facilitate the cybersecurity team’s ability to
detect anomalous activities. Define close of business, end of day, and other
times after which sensitive data can no longer be accessed—just as if
workers were leaving the office to go home.
 Document, announce, and provide for remote meetings, digital
collaboration, and file sharing. Well-known platforms such as Webex,
Zoom, and Skype will reliably enable secure meetings, but users must be
trained and informed. The meeting host should be hypervigilant regarding
potential intruders by taking attendance and requiring all participants to
announce themselves. Sending password-protected calendar invites will
add further security. Enterprise-level collaboration platforms such as
Slack, Trello, and Skype for Business provide organizations with secure
chat and project management capabilities. But allow only those
collaboration and file-sharing platforms that have been approved for
business use; avoid commercial platforms that can lack data protection
features. Organizations should review the security configurations of these
technologies and conduct assessments to detect Shadow IT that may have
been set up to collaborate in unapproved ways. Finally, be open to new
secure ways of working by listening to employee suggestions and
implementing solutions per best guidance from the provider.
6. EMBED CYBERSECURITY IN CORPORATE CRISIS MANAGEMENT

Crisis management teams serve a central role in navigating organizations

through difficult times. It is vital to adapt plans for secure, remote crisis
management by taking the following steps:

 Update cyber crisis management plans to address the security

implications of COVID-19. Ensure that the lines of communication used
by crisis teams are secure and approved—and that alternatives are
available. Review your refreshed incident management plans to ensure that
they meet cybersecurity and privacy regulations in the countries or states
in which the company operates.
 Ensure that mission-critical technology and personnel are
always available. Confirm that leadership and security personnel can
 maintain secure access to the tools they need when working remotely or
quarantined. Communicate emergency escalation procedures, identify
backup personnel, and define succession plans by role, such as security
operations and system administration. Make sure backup personnel
understand that they may be called upon at any moment—if someone in
the crisis management team has been hospitalized with COVID-19, for
example—and confirm that they have appropriate training and
documentation.
 Maintain awareness of the performance, location, and health
status of all employees. Establish communication and reporting
mechanisms for all staff throughout the crisis. Closely monitor the status
of IT and cybersecurity staff in quarantine or in the hospital, and ensure
that backup personnel are fulfilling their roles. Implement a secure,
dedicated COVID-19 communication channel, such as an SOS application,
phone hotline, or email inbox, so that staff and leadership can
communicate easily.
 Provide frequent, coordinated cybersecurity
announcements. Update the workforce on evolving cyber threats related
to COVID-19. Make sure people understand the gravity of the
cybersecurity situation by making it a core topic in all workforce
messaging.
7. UPDATE ACCESS AND SECURITY MEASURES

Executives and other key staff who handle sensitive data are particularly
critical but often less familiar with technology and its risks. Cybersecurity
and identity management teams should limit their access and provide
upgraded security measures to reduce the risk of compromise. The
following are some examples of the roles that organizations must keep
careful watch over and the security measures they should consider:

 C-suite executives should alert their family members to the fact that
they are cyber targets and teach them to practice good cyber hygiene. This
will help prevent attacks from cyber criminals who know that executives
are working from home and possibly sharing the family network.
 Finance personnel should be on the lookout for phishing, phone, and
business email scams, especially those claiming ties to health care
organizations or charities. They should verify all financial
communications, such as emails, links, and wire transfer requests, for
 authenticity and require verbal approval from executives for all financial
transfers.
 Procurement officers should ensure that contractual and other
confidential data are shared securely using secure Wi-Fi, enterprise file-
sharing solutions, and encrypted, company-issued USBs. Beware of emails
with suspicious attachments such as purchase orders and invoices from
unknown vendors or from people pretending to be known vendors—
especially those claiming to be related to COVID-19. Even emails with
unfamiliar addresses that appear to be legitimate should be treated with
caution. The difference between the following two addresses, for instance,
is impossible to detect: mail@example.com and mail@exampIe.com.
But in the first one, the “l” is lower case, while in the second, the “l” has
been replaced by an upper-case “I.”
 Executive assistants should verify all requests of senior executives,
especially from unknown entities. Cyber criminals often resort to
personalized COVID-19 scare tactics, such as claiming that the CEO’s
child has contracted the virus. Don’t open such attachments or provide
information to the caller. Telephone trusted sources directly to verify
claims.

Just as the COVID-19 outbreak has exposed the vulnerabilities of the

world’s health care systems, a massive shift to remote working can put
existing infrastructure and security measures to new and extreme tests.
Remote working has been a growing trend for a while—and IT and
cybersecurity professionals at most companies have worked diligently
over the years to safeguard their systems. But few anticipated the scale and
suddenness of this transformation of the working environment, and many
companies just don’t have the infrastructure in place to support it.

The necessary technologies, digital tools, and procedures for mitigating the
cybersecurity threat are available and can be implemented in a holistic and
comprehensive manner with modest effort and expense. BCG staff have
been working remotely for many years, and we know that thoughtful
planning that takes into account digital modes of communicating and
collaborating can avoid the potential cyber disruption and enable your
business to successfully continue its operations. Cyber attacks are like the
 COVID-19 virus itself. Patching your systems is like washing your hands.
And not clicking on phishing emails is like not touching your face. It may
seem daunting at first, but these measures are crucial now and will
continue to be important as remote working increasingly becomes a fact of
life in the future.

MITIGATE PEOPLE RISK
For people and teams in mission-critical roles, take extra steps to 
ensure business continuity—for example, by developing explicit 
succession plans in case of illness, creating shadow teams to provid
e necessary backup, and reengaging recent retirees. 

EAD WITH EMPATHY
As in any crisis, frequent communication is a must—but so is 
frequent listening. Give employees multiple opportunities to voice t
heir concerns and make clear that they are heard by responding ra
pidly. There are no perfect solutions, but reaching out and acknow
ledging challenges is key. 
Supporting Working Mothers During COVID-19—and Beyond
 Published on March 20, 2020
Matt Krentz

Managing Director & Senior Partner Global Leadership and Diversity & Inclusion Chair at Boston
Consulting Group (BCG)

8 articles Follow

The COVID-19 crisis is upending life around the world as it continues to unfold, bringing
grave concerns about health and welfare and a long list of other stresses and uncertainties.

Childcare changes, such as school and daycare closures, are among the most difficult day-to-
day challenges. These disruptions are not just an inconvenience. They are serious problems
for those who don’t have the option of working from home, who may lose income from
reduced hours, or whose children depend on school for meals and safety. 

But even among parents with white-collar jobs that offer some flexibility, managing children
during this crisis is extremely difficult—especially for women, who are 60% more likely than
men to take on childcare responsibilities. In fact, company leaders are facing a hard moment
of truth as they make decisions about how to respond to the needs of working mothers and
fathers during this difficult time. The way they handle this challenge today has the potential
to affect their pipeline of workers down the road, and the gender balance of their future
leadership.

The Burden on Working Mothers

An unprecedented number of children are being forced to stay home from school as countries
and municipalities attempt to slow the spread of the COVID-19 virus. As of March 18th,
107 have closed all schools nationwide, and an additional 12 countries have closed schools
across large regions and in major cities. 

The situation is particularly difficult in households in which both parents work, a more and
more common scenario. Today, white-collar employees are more likely than ever to be part
of a dual-career household: around 66% of households in the US and Japan are dual-career,
and almost 70% in Canada and Australia.

Even though more companies are allowing employees to work from home, it’s not easy for
parents to supervise and monitor the education of their children while continuing to be
productive at their jobs. And, of course, it’s even more challenging for parents who have jobs
that cannot be performed remotely and who cannot afford alternative care arrangements.

But women feel the burden the most. Women in heterosexual dual-career households are
more than one and a half times as likely as their spouse to have primary
responsibility for childcare, and single working mothers carry even more of the childcare
load. Women are also more often responsible for the care of elderly family members as well
as for their own children, placing them in that “sandwich generation” that is particularly
vulnerable during this crisis. In addition, women in the US are ten times more likely
than men to take days off from work to care for a sick child, even though over half of them
are not paid for that time.
Steps to Help Working Parents—and Keep Women in the Pipeline
It’s critical for companies to mitigate the repercussions, some of which can be long-term, that
school and daycare closures can have on women’s careers.

Working women with school-age children are often at a critical stage of their career,
potentially serving as middle managers and on their way to leadership and executive
positions—roles that around the world are still more often filled by men. As these women
navigate the COVID-19 crisis, their employers will be put to the test.

For regular sick days, forward-looking companies already have helpful policies in place, such
as paid sick days, backup childcare options, and flexible work opportunities. These are all
extremely important tools that help women balance work and family when it’s business as
usual. But these are not usual circumstances right now.

Here are four recommendations for what companies can do to support all working parents,
but particularly mothers, during this complicated time—and keep them on the job:

Communicate, prioritize, and be flexible. Don’t assume that employees working

from home will be at their regular capacity or on their regular schedule. Instruct managers to
have open conversations with their reports about what impact the current situation will have
on workload and workflow. Determine what’s mission-critical and prioritize those tasks
accordingly, re-balancing workloads by shifting resources to enable short-term flexibility and
support for one another. Plan by department instead of by individual in order to reduce
dependence and pressure on working parents.  
Take the long view and allow working parents the accommodations
they need. Even if a leave of absence is necessary, work hard to find a way to make that
happen. It’s the right thing to do both for public health and for the bottom line, as turnover
costs are estimated to be 33% of an employee’s annual salary.
Lay out a plan that accounts for the impact of childcare in the annual
review process, including the notation of that impact, adjustment of annual goals, and
protection against retaliation if, for example, childcare issues affect the work that gets done.
Lead with empathy. There will be no perfect solutions to these issues, but proactively
reaching out to your employees on this topic and acknowledging the challenges is the first
step. Men, in particular, may be reluctant to ask for help because they feel more social
pressure to prioritize work over family and often want to seem as committed as possible to
the job. Frame this as a problem to be collectively addressed, rather than putting the onus on
the individual.
Not the Time to Backtrack
Mothers and fathers, of course, should have open and regular conversations about how to
better share family responsibilities, so that the default is not always for women to take on the
extra work. But at the same time, organizations should seize this moment to make sure that
women are not opting out of their careers if they don’t have to.

These are unprecedented times for everyone, and challenges faced by companies and
individuals are daunting. School closures will undoubtedly hit lower-income and blue-collar
workers the hardest, and we need to see strong action from governments and companies to
ease the pain. But at the same time, company leaders need to step up and make sure they
don’t backtrack on the shaky progress that’s been made in advancing women into business
leadership.