Six Considerations for CPG CIOs: A COVID-19 Checklist
The Consumer Brands Association is working with PwC to provide our members with perspectives on how companies and functional leadership can better focus their efforts as the novel coronavirus crisis evolves.
In the wake of the ongoing economic uncertainty wrought by the global COVID-19 crisis, chief information offers (CIOs) at CPG companies are now at the forefront on multiple levels. They are charged with:
- Confirming business continuity
- Enabling new, virtual ways of working
- Managing evolving business priorities
CIOs are juggling the twin challenges of maintaining — and sometimes enhancing — essential services while concurrently managing costs. In our ongoing series on the implications of COVID-19 for CPG companies, we will focus this issue on how CIOs can respond to the immediate impact and begin to plan for the aftermath and recovery:
1. Protect people and productivity
The well-being of workers is a top priority. Consider your employees’ obligations, which might include caring for kids home from school or potentially vulnerable family members. A clear line of communication is crucial. Plan for potential implications to core business activities if key personnel may be unavailable. Follow this checklist to help safeguard your people and productivity:
- Enable emergency contact systems to disseminate accurate information.
- Expand call-center capacity to help support a distributed workforce.
- Implement data-capture tools to track worker health and safety.
- Establish health and safety protocols to help protect on-site employees.
- Communicate consistent, accurate messages from leadership.
2. Expand remote working capabilities
As demand continues to fluctuate, resilient systems infrastructure becomes crucial. Critical capabilities include: shifting sales channels online, enabling employees to work remotely and sharing sensitive real-time data securely. These steps can make a difference:
- Support rapid deployment of software-as-a-service (SaaS) collaboration tools and internet-as-a-service (IaaS) via cloud vendor or partner ecosystem to help support evolving computing and storage needs.
- Provide virtual collaboration tools, productivity training and remote access to business-critical systems.
- Define remote IT operating model, governance, infrastructure and network needs.
- Establish a scalable asset management and maintenance program.
3. Establish security measures, both digital and physical
Many companies are finding that their business-continuity plans may not have accounted for the sudden, sharp business implications of COVID-19. The immediate need for remote workers to access proprietary information securely can bring new cybersecurity challenges. For a cybersafe environment, consider the following:
- Identify the systems and processes that may be necessary to maintain critical operations, noting that this may have changed from pre-COVID-19 conditions.
- Determine the combination of capabilities to manage remote workforce most efficiently and cost effectively.
- Leverage scalable remote access infrastructure to help prevent an overload of remote access.
- Confirm that personnel have appropriate access to systems in order to perform their responsibilities.
- Strengthen remote access management policy and processes.
- Closely monitor remote access by privileged accounts and third parties.
- Tune rulesets and alerts for increased remote work and potential network spikes.
- Require multi-factor authentication (MFA) for users coming from untrusted devices or networks and connecting to critical or sensitive business systems and data.
- Provide guidance on where and how to access IT support.
- Open the communication channels, and make efforts to respond quickly and efficiently.
4. Protect your organization from phishing, business email compromise and fraud
Distribute updated awareness and communication materials to end-users focused on the following reminders:
- Don’t click on links or open attachments from unknown senders or familiar people (i.e., CEO, doctor) who do not usually communicate directly with you.
- Examine the sender’s email address to confirm it’s a true account. Hover over the link to expose the associated web addresses in the “to” and “from” fields; be vigilant to slight character changes that may make email addresses appear visually accurate.
- Report suspicious emails to the IT or security department.
- Install an anti-phishing filter on browsers and emails.
- Use anti-virus software to scan attachments.
- Go directly to the charity website to donate, do not donate to charities via links included in emails.
- Inform staff that phishing can occur through voice or SMS as well and to be cautious.
- Investigate carefully before opening attachments from unrecognized
- Note grammatical errors in the text of emails; this is a likely sign of fraud.
- Work with your marketing and education teams to remind any customers that your organization does not ask for sensitive information through emails or online.
In addition, consider the implementation of these additional controls:
- Update perimeter defense to detect COVID-19 related threats and abnormalities.
- Provide endpoint detection response (EDR) to support monitoring of user activity and endpoint anomalies.
5. Consider redirecting resources
Consumers, manufacturers, suppliers and retailers have settled into a new rhythm that may often require daily — even hourly — adjustments. To reassess capacity and reassign resources, CPG executives need updated company-wide information in near real-time. These actions can help make a difference:
- Deploy resources to meet increasing e-commerce demands, including supply chain and manufacturing capabilities.
- Use warehouse-management technology to adapt to the increased volume of online orders.
- Boost transparency with enhanced logistics capabilities.
- Bolster remote-access capabilities to confirm finance staff can perform end-of-quarter functions.
6. Redefine IT cost structure
Companies are seeking internal and external opportunities for cost containment. CIOs can manage costs to protect investments that help differentiate the company by doing the following:
- Invest in projects that can help save ongoing operating costs.
- Delay discretionary spending while accelerating cost-saving opportunities.
- Renegotiate vendor contracts.
- Accelerate Robotic Process Automation (RPA).
- Evaluate unit costs to optimize cloud consumption.
The way forward
As CIOs adjust to this new normal, they are also well-advised to prepare for eventual recovery — by accelerating migration to the cloud, restructuring operations to feature smaller outcome-oriented teams and investing in enterprise agility across functions.
Your workforce is essential. Help reduce their risk by keeping a pulse on their ability to perform essential jobs and help to keep the world moving with PwC’s Check-In. For additional information, visit the Consumer Brands coronavirus resource page or PwC’s COVID-19 site or contact one of our subject matter specialists:
Steven J. Barr, PwC | Consumer Markets Leader
Ron Kinghorn, PwC | Consumer Markets
Michael McCarron, PwC | Consumer Markets
Samrat Sharma, PwC | US CPG Leader
From providing original research, industry guidance and cutting-edge insights, to advocating on Capitol Hill and shaping policy that will have an impact for years to come, we are committed to delivering for our industry during this crisis. Stay informed.
Published on April 17, 2020
Our Updates, Delivered to You
Receive the latest updates from the Consumer Brands Association.