IT Security & Storms

So... a less than fun topic to deal with in the midst of power outages and water / heating issues impacting about half the US, but sometimes it is best to write about topics in order to inform others of potential issues.

1) Physical access to security devices.  If weather is bad enough, you can't get to your servers / IT technologies you use to help maintain data integrity.  Further, if you are using cloud security components, do they still operate without internet access?  Having roads unusable, or locations inaccessible, makes any difficult situation 
even worse.  Having to figure out how to even reach a facility to check systems stability is a problem in and of itself.  Having to verify the physical security of a location (no break-ins that could result in stolen data, etc.) is a whole different set of problems that is exacerbated by a disaster situation.

2) Security management without security console access.  How can you do your job verifying security if you have no internet access/no console access?  If your internet is down or erratic, you can encounter a lot of problems in trying to verify security integrity.  Do you have internet access through your phone? 
Does your data center have disaster protections / generators?  Is it located in a cloud server architecture with redundancy?  These are all problems you can face when you're trying to deal with intermittent power and internet loss.

3) End users in crisis. This is where work from home problems become exponentially more difficult.  In spite of terrible weather, inaccessible roads, intermittent internet and power... people are 
still working.  This means you have end users trying to access the internet through whatever means they have available.   Are they accessing email from their personal phones? Personal machines?  Are they trying to access corporate resources through free wifi hot spots, or other riskier locations?  Navigating these problems is difficult when as a security engineer you may not have reliable internet yourself.  Troubleshooting problems without a phone / email / internet means you have a bundle of problems that are just waiting for you the second you have access.

4) Disaster recovery options may fail.  If you are running daily backups that require an internet connection... and your connection
 goes down, what happens?  You don't have backups.  Verifying this is key in today's malware / ransomware prevalent world.  If you don't have the ability to guarantee your data is securely backed up in case of an issue, it is going to be even more problematic if you lose days of work due to failed backups during a disaster.

Looking at those fundamental problems, what are solutions?  Well, let us lay out some of what London Security would consider integral to any disaster preparedness plan.

Step zero: Have a plan.  Have a disaster recovery plan and strategy in place for a number of different scenarios.  This is going to mean you know what to do when your workers are without power / internet.  You know what will happen during that window so you can communicate that to employees before the issue occurs.  The next steps all frame from having a plan in place first.

First, make sure redundancy is a key part of any security technology or data recovery option you have.  Is the data stored locally? Is it stored cloud only?  Do you have options to make use of in an emergency?  All of those are important questions you need answered when you select those kind of solutions.

Second, make sure you have technologies that will work even when you (the security admin) is not able to work.  Having access to 24/7/365 coverage through a solid MDR Solution (London Security recommends Blackpoint Cyber) can be the difference between having a threat be isolated and prevented versus spread across a network you don't have access to.  It is important to make sure the engineers for that technology are guaranteed through redundancy (multiple locations across the United States) and have a disaster plan in place they can present to you.

Third, utilize trusted security advisors to help you build out these solutions.  Work with industry professionals like London Security who have helped companies generate these kinds of disaster plans in the past, and can help you generate your own in the future.  These kinds of services are the value that London Security provides our customers, and we are here to help if you let us.

In the weeks that follow, keep an eye out for us and our ways to recommend future security options and solutions to secure your networks and end users.