Risk

8/24/2007
12:19 PM
Keith Ferrell
Keith Ferrell
Commentary
50%
50%

Weathering The Weather

Watch the news coverage of the Midwest floods and the toll they've taken on families, homes and holdings, and you can't avoid hearing -- and often -- from flood victims who discovered that their insurance didn't cover flood or landslide/mudslide damage. It's no great leap to extend those personal stories to small and mid-size business stories. How covered are you when a natural disaster strikes your business?

Watch the news coverage of the Midwest floods and the toll they've taken on families, homes and holdings, and you can't avoid hearing -- and often -- from flood victims who discovered that their insurance didn't cover flood or landslide/mudslide damage. It's no great leap to extend those personal stories to small and mid-size business stories. How covered are you when a natural disaster strikes your business?Not all the threats your business faces are digital, and not all of them are criminal.

If you don't have a disaster preparation and recovery plan in place for your business -- and, just as crucially, for your remote and mobile employees -- you're running a risk that could catch up with you without warning.

Are all of your business-critical and confidential files backed up and stored on a remote site? What's the date of your most frequent backup?

Do you have a contingency plan in place for running your business -- even minimally -- if your office equipment is destroyed, or if you face an extended period of time without electricity?

Do you carry sufficient insurance to replace that equipment -- and does the insurance cover the likeliest (and, to be safe, the most likely of the unlikely) natural disasters for your region?

Are all of your employees up-to-speed on your disaster and recovery plans?

For that matter, are all of your employees up-to-speed on assistance and support they could offer other employees (first) and your business (once you're sure everyone is all right) in the event of a natural disaster?

Some of you may be experiencing some of this first-hand: in addition to the floods over the past few days, a power outage has knocked out a chunk of Chicago's electric grid as I write.

When natural disaster strikes you'll have plenty to deal with without being distracted -- or heartbroken -- by matters you could have dealt with earlier.

Make sure your overall security planning includes planning for weather and other natural catastrophes as well as digital disasters.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
8 Ways Hackers Monetize Stolen Data
Steve Zurier, Freelance Writer,  4/17/2018
Securing Social Media: National Safety, Privacy Concerns
Kelly Sheridan, Staff Editor, Dark Reading,  4/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.