Data Security and Natural Disasters

A Kansas City enterprise may be unconcerned about the threat of tsunamis, but every location comes with some potential for a natural emergency. Hurricanes, tornados, floods, fires and earthquakes regularly feature in our news reports. Each region has particular risks, be it hillside brushfires and mudslides, coastal storms and flooding, or southern plains twisters in tornado alley. What steps will you take to prepare for natural disasters in your business locations?

Natural Disaster Preparedness

​Keeping data secure begins with knowing the natural risks to your business facility and if your company uses Internet-based storage, any threats to your data center. Your company’s emergency plans should be conscious of these data center preparations so that you can stay operational, well-stocked and ready for prolonged disruption.

​Hurricane Harvey, for instance, put Houston data centers to the test. Edward Henigin, CTO of Data Foundry Inc. in Austin, said their North Houston data center is a “purpose-built facility designed to withstand Category 5 hurricane wind speeds.” Just before Hurricane Harvey, the company brought on additional staff to maintain the data center throughout the emergency and provided food, showers, cots, books and video games for employees who remained at work five straight days. The major data center providers in Houston reported that there was no interruption of service during the emergency. This is impressive, as Hurricane Harvey damaged 203,000 homes and cost at least $125 billion in reparations.

​For companies physically located along a fault line, architects and contractors build earthquake protection into the structures. Business locations in these areas, and especially those used as data centers, are ideally situated on a bedrock foundation with a seismic base isolation system, and with adequate wall structures. Data centers must have plenty of reserves of cooling water and fuel in case of major earthquakes. And while bedrock gives stability during a tremor, it is of little benefit in a fire or flood.

​In the event that evacuation may be necessary, your disaster plans should include the option of secure transportation of your data. This can’t be merely emailing copies of your data to a hard drive. At minimum, there must be a way to transport essential data on a hard drive. It is also critical to decide in advance where your company’s operations will relocate during and following a disaster.

​Physical records, for instance in hospitals or schools, also need to be kept safe. Past disasters have shown that basements are unsuitable for record storage or emergency power equipment.

​Your company must have steps to deal with power drops and blackouts. Power outages, a severe concern for data security and a threat to equipment, may be caused by storms, heat waves, rodents and various accidents. 3,526 blackouts in 2017, averaging 81 minutes each, affected more than 26 million people across all 50 states. Uninterruptible power systems (UPS), power regulating software and generators can help maintain continuous power supply. Review past power disruptions and coordinate with your power company to avoid or reduce future impacts.

​Make sure your staff fully understands the company contingency plans. They need to be ready to support your enterprise through any trying events and the following recovery.

Recovery and Cleanup

​Your company’s data can be at risk not only during a natural disaster but also in the cleanup afterward. Even if your office is in a safe location, thieves and looters can come through and steal crucial information. Keep human, not just natural, threats in mind as you develop your plan.

​Hire only reputable cleanup and debris removal personnel. Ask for identification from government representatives. Thieves may pose as employees or officials to gain advantage.

​Be aware of online threats as well. Port of New Orleans CIO David Cordell pointed out another risk, “After a natural disaster, there seems to be a real trend toward cyberattacks because your attention is focused elsewhere. That’s one of the concerns I have to be able to address in a timely manner.”

​The Department of Homeland Security warns on their US-CERT website of increased phishing and charity scams following major natural disasters. As always, avoid email links and attachments that are unsolicited or look suspicious. Cyber crooks capitalize on human interest and concern for disaster victims, and may even claim to represent charity organizations.

​The right disaster planning will include secure data copies, evacuation plans, trained staff, power redundancy and the necessary stores of supplies for extended emergency conditions.