In light of the recent series of hurricanes, organizations should be proactive in protecting their information technology assets in case they are faced with a natural or man-made disaster. This means that it is critical for organizations to have a solid disaster recovery plan in place, prior to an incident occurring. To illustrate the threat, back-to-back hurricanes and tropical storms, such as Gustav, Hanna and Ike, have had devastating effects on entire regions of the country. And the threat is not over as hurricane season begins June first and ends on November 30th, with most hurricanes occurring mid August through mid October.
"It is critical that organizations ensure they have measures in place to swiftly respond to adverse affects of natural disasters, such as hurricanes and man-made disasters," said Al Tirevold, director of security architecture at SecureWorks. "Safeguarding critical customer or member data is not just an IT issue; it's a business continuity issue, and the opposite can cause you financial loss and an inability to serve your customers."
"We checked on our clients in Texas after Hurricane Ike hit because our clients' well-being is always our first concern," said Tirevold. "We were pleased to find out they were doing well and in good spirits despite the circumstances, and they were in full disaster recovery mode. One client reported 13 of their 29 centers in Houston had power, and they were open for business. They had disaster recovery trailers equipped with computers and generator power in place. They had ample fuel capacity for their data center, and they were able to shift personnel to other locations because of a damaged call center and damages to their corporate headquarters. This is an organization that minimized business disruption because of a well-thought out and well-executed disaster recovery plan," explained Tirevold.
Although hurricanes originate in the Atlantic and Eastern Pacific oceans before making landfall along coastal states, organizations in other geographical areas should be concerned with preventing business disruptions as well. According to news reports, the affects of Hurricane Ike, for example, reached areas like Illinois, Ohio, Kentucky and New York, causing floods, wind damage and power outages. Kentucky alone saw winds of up to 75 mph and had four deaths attributed to the storm.
Many organizations and regulating bodies have guidelines on how companies should handle data loss prevention, response and recovery. The Federal Financial Institutions Examination Council (FFIEC), which prescribes uniform principles and standards for financial institutions, outlines key areas of a business continuity plan (BCP) in its Business Continuity Planning IT Examination Handbook. Additionally, the National Institute of Standards and Technology (NIST), a non-regulatory federal agency within the U.S. Department of Commerce, offers guidance on preparing for disasters as well.
For companies who have not yet formalized their BCP plans, here are some guidelines which are aligned with some of today's common regulations: