Risk
8/24/2007
12:19 PM
Keith Ferrell
Keith Ferrell
Commentary
50%
50%

Weathering The Weather

Watch the news coverage of the Midwest floods and the toll they've taken on families, homes and holdings, and you can't avoid hearing -- and often -- from flood victims who discovered that their insurance didn't cover flood or landslide/mudslide damage. It's no great leap to extend those personal stories to small and mid-size business stories. How covered are you when a natural disaster strikes your business?

Watch the news coverage of the Midwest floods and the toll they've taken on families, homes and holdings, and you can't avoid hearing -- and often -- from flood victims who discovered that their insurance didn't cover flood or landslide/mudslide damage. It's no great leap to extend those personal stories to small and mid-size business stories. How covered are you when a natural disaster strikes your business?Not all the threats your business faces are digital, and not all of them are criminal.

If you don't have a disaster preparation and recovery plan in place for your business -- and, just as crucially, for your remote and mobile employees -- you're running a risk that could catch up with you without warning.

Are all of your business-critical and confidential files backed up and stored on a remote site? What's the date of your most frequent backup?

Do you have a contingency plan in place for running your business -- even minimally -- if your office equipment is destroyed, or if you face an extended period of time without electricity?

Do you carry sufficient insurance to replace that equipment -- and does the insurance cover the likeliest (and, to be safe, the most likely of the unlikely) natural disasters for your region?

Are all of your employees up-to-speed on your disaster and recovery plans?

For that matter, are all of your employees up-to-speed on assistance and support they could offer other employees (first) and your business (once you're sure everyone is all right) in the event of a natural disaster?

Some of you may be experiencing some of this first-hand: in addition to the floods over the past few days, a power outage has knocked out a chunk of Chicago's electric grid as I write.

When natural disaster strikes you'll have plenty to deal with without being distracted -- or heartbroken -- by matters you could have dealt with earlier.

Make sure your overall security planning includes planning for weather and other natural catastrophes as well as digital disasters.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.