With the effects of Hurricane Florence, the need to prepare for natural disasters is clear. The National Oceanic and Atmospheric Administration (NOAA) reported that natural disasters caused $87,377.50 million worth of US property damage in 2017 alone. Yet, not just physical assets need safeguarding in disasters: digital ones can be just as vulnerable.
Whether a hurricane, earthquake, tornado, or something else altogether, there are ways to help ensure digital assets remain safe and customers beyond the disaster’s reach have service.
1. Have a Digital Asset Protection Plan
Just as organizations plan for day-to-day operations, like bring your own device (BYOD) policies, they should plan for natural disasters. According to the Federal Emergency Management Agency (FEMA) and US Department of Labor, 75 percent of businesses without a continuity plan will fail within three years of a disaster.
Some disasters, like hurricanes, come with advanced notice. Others, like forest fires, are unplanned. While it is possible for some planning before more predictable disasters, even for these, it is best to have plans in place to avoid becoming part of the aforementioned 75 percent.
In conjunction with continuity plans, IT recovery plans are critical for protecting digital assets during a natural disaster. Ready.gov, FEMA’s public service campaign, suggests IT recovery plans begin by taking inventory of hardware, software applications, and data. They then suggest development of a strategy to ensure critical data is backed up while determining which software applications and data are critical and what hardware is needed to access this data and hardware. It recommends prioritizing hardware and software restoration. To expedite continuity planning creation ready.gov recommends holding a “Ready Business Workshop” where businesses can create their plan with input from multiple members of their company.
The Internal Revenue Service (IRS) has similar recommendations for dealing with natural disasters. It emphasizes the importance of documenting equipment and valuables and has even created a form to help businesses document their belongings. While items in the IT department are not the only equipment it recommends documenting, items in the IT department are important to keep in mind when creating this list. Note that this form is only for personal use. To report a loss and receive a tax refund in federally declared disaster areas, taxpayers must claim disaster-related losses on their previous year’s tax return.
2. Educate Employees
The best plan in the world can be useless in a disaster if no one knows it exists. That’s why employees need to know about procedures for natural disasters before the disaster starts. Especially when disasters come without warning, employees are unlikely to read lengthy reports about what procedures to follow. Ready.gov recommends dividing employees into different training levels with a different amount of training for each level. Under this approach, team leaders would receive more disaster training than the employees ranking underneath of them so that team leaders can spread awareness of policies to follow during disasters. Organizations might also consider drills of emergency situations. This will not only protect investments but the employees themselves.
Businesses should note that some training is required for employees in the United States. The Occupational Safety and Health Administration (OSHA) outlines requirements for training employees in various industries in their guide, Training Requirements in OSHA Standards.
3. Backup to a Backup Data Center
Backing up data is critical to its protection. During a natural disaster, any data stored in physical locations could be destroyed. There are two primary ways to minimize this: uploading data to the cloud and having physical backup data centers.
Hard drives and flash drives have physical locations, so the most secure way to protect digital assets against natural disasters is to place them in the cloud.
But, while the cloud can be the best way to protect information from natural disasters, it may not be the best choice overall, especially with confidential information. Therefore, it might be better for your organization to create a physical backup data center. This relies upon having your data backed up to another physical location. Say, by having offices in different locations. This minimizes the risk of data loss because the chance of a natural disaster affecting all locations is much lower than the chance of a natural disaster affecting one.
4. Be Wary of False Information
It is the unfortunate truth that some people take advantage of desperate situations. One way that the digital assets of even individuals and organizations beyond the direct reach of a largescale natural disaster can be affected is through phishing and malware campaigns.
Following Hurricanes Harvey and Irma, for example, the FBI’s Internet Crime Complaint Center (IC3) issued a public service announcement that it had received indications “that fraudsters used e-mail and social-networking sites, including job search engines, to facilitate fraudulent activities.”
The fraud included advertising false charities, temporary housing, and job opportunities. The IC3 suggested people not respond or click on links in spam emails, donate to unconfirmed charities or provide private information to individuals asking for donations, and research housing ads before paying.
The same holds true regarding many other disasters. To avoid digital assets falling prey to such schemes, it is important to include standard cybersecurity best practices in employee training. For example, inform them of the need for caution when opening email attachments, donating to unknown charities, and maintaining computer security.
5. Maintain Security
While backing up data is a great way to ensure its protected from natural disasters, it presents another potential vulnerability for cybercriminals to exploit during stressful times like natural disasters.
That’s why it is important to ensure organizations have measures in place to protect their digital resources even in situations when headquarters’ offices are inoperable. Make sure to incorporate how security will continue throughout disasters into continuity plans because, as established, some cybercriminals use disasters to their advantage, making bad situations even worse.
How Impulse Weathered the Storm
Last year, Impulse put its disaster planning to the test. Headquartered in Florida’s Tampa Bay Area, Impulse was well within Irma’s expected path. Our main offices experienced hurricane-force winds and lost power for several days. Despite this, SafeConnect’s operation continued for customers beyond the storm’s reach.
“Impulse Point is no stranger to natural disasters like hurricanes, having survived many, and most recently, Hurricane Irma,” said Kirk Anderson, Technical Account Manager. “All of Impulse’s critical infrastructure is now cloud based, safely away from hurricanes. We leverage both our Network Access Control with custom policies to avoid issues with false information and our Software Defined Perimeter offering to allow critical resources to work remotely and securely.”
Impulse uses the cloud service provider Amazon Web Services (AWS) to store SafeConnect Software Defined Perimeter (SDP). AWS provides firewalls, encryption in transit, and connectivity options to help ensure SafeConnect SDP remains secure. This allowed SafeConnect to work for customers too far from the storm to lose power.
To help customers in range of disasters, SafeConnect itself can even deploy in ways that can expedite recovery after a disaster. To further help customers maintain operation during Irma, Impulse’s staff continued working remotely and securely when needed using SafeConnect SDP. Impulse’s employees who work in alternate locations were available for further assistance.
Whether your organization has investments in the location of a natural disaster or is looking on from afar, make sure your organization’s digital assets are not left unprotected. To learn more about SafeConnect and how it can secure your virtual assets, visit impulse.com/safeconnect or email [email protected].