ISACA Now Blog

Knowledge & Insights > ISACA Now > Posts > Help your information weather the storm

Help your information weather the storm

| Posted at 2:40 PM by ISACA News | Category: Risk Management | Permalink | Email this Post | Comments (0)

Wild weather has plagued many areas across the globe recently, bringing a renewed focus to the importance of preparing enterprises’ information systems for the worst. Ensuring personal and employee safety is always the top priority in a disaster, but protecting information is also critical. With the right preparation, individuals and enterprises can emerge relatively unscathed—and perhaps even stronger.


Below are some tips that will help your enterprise’s valuable information weather the storm:


·         Circulate updated continuity plans: Ensure employees are aware of how to access company systems from alternate locations and have the updated continuity plan so they know what to do.


·         Make sure the emergency command chain information is accurate: Assess the employee roster and make sure phone numbers and e-mail addresses are up to date. Determine whether the chain of command has been communicated effectively and whether there are sufficient back-up contacts at each level. Also determine who will not be available due to vacation, illness, business travel or other obligations.


·         Prepare for increased BYOD activity: Even if there is no damage to the company facilities, employees may be unable to report to work due to damage to their homes, tree branches in the streets or other obstacles. This may result in employees increasingly using personal devices (e.g., laptops, smartphones, tablets) for work or using work devices at home. Both of these “bring your own device” (BYOD) activities can increase risk. Ensure that there is proper control over these devices and how they connect to corporate systems.


·         Perform system updates: Review any changes to the organization, facilities and servers—such as a software updates or new vendor implementation—that might complicate emergency response. Especially evaluate critical dependencies on seemingly unimportant systems. Apply lessons learned from previous emergency situations, but also actively consider how the challenge could be different now.


·         Post-emergency, evaluate response: Once the situation has passed, assess response preparedness and implementation of emergency plans, and make necessary updates to be even more prepared for the next disaster situation.


In addition to preparing the enterprise, consider sharing these tips with all employees. This is especially important now that so many have work devices at home or may have work information contained on their personal devices:


·         Unplug computers from wall sockets to avoid damage from potential power surges.

·         Keep equipment away from windows, leaking roofs and other water; wrap in plastic if necessary.

·         Use an online data back-up system to protect data.

·         Keep passwords handy so they can be used on another computer, in case the primary computer is damaged or loses power.

·         Be prepared to pack computers and external drives in the event of evacuation.



Brian Barnier, CGEIT, CRISC

Member of Risk IT’s Development Team

Principal, ValueBridge Advisors


There are no comments yet for this post.
You must be logged in and a member to post a comment to this blog.