ISACA offers tips to the public and businesses to protect their computers, information and systems during a natural disaster.
“Ensuring personal and employee safety is always the top priority, but protecting information is also critical. With the right preparation, individuals and enterprises can emerge from the storm relatively unscathed – and perhaps even stronger,” said Brian Barnier, a risk advisor with ISACA.
For the public:
- Unplug computers from wall sockets to avoid damage from potential power surges.
- Keep equipment away from windows, leaking roofs and other water; wrap in plastic if necessary.
- Use an online data back-up system to protect data.
- Keep passwords handy so they can be used on another computer, in case the primary computer is damaged or loses power.
- Be prepared to pack computers and external drives in the event of evacuation.
Circulate updated continuity plans: Ensure employees are aware of how to access company systems from alternate locations and have the updated continuity plan so they know what to do.
Make sure the emergency command chain information is accurate: Assess the employee roster and make sure phone numbers and e-mail addresses are up to date. Determine whether the chain of command has been communicated effectively and whether there are sufficient back-up contacts at each level. Also determine who will not be available due to vacation, illness, business travel or other obligations.
Prepare for increased BYOD activity: Even if there is no damage to the company facilities, employees may be unable to report to work due to damage to their homes, tree branches in the streets or other obstacles. This may result in employees increasingly using personal devices (e.g., laptops, smartphones, tablets) for work or using work devices at home. Both of these “bring your own device” (BYOD) activities can increase risk. Ensure that there is proper control over these devices and how they connect to corporate systems.
Perform system updates: Review any changes to the organization, facilities and servers—such as a software updates or new vendor implementation – that might complicate emergency response. Especially evaluate critical dependencies on seemingly unimportant systems. Apply lessons learned from previous emergency situations, but also actively consider how the challenge could be different now.
Post-emergency, evaluate response: Once the situation has passed, assess response preparedness and implementation of emergency plans, and make necessary updates to be even more prepared for the next disaster situation.