Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

1/8/2010
11:20 AM
Keith Ferrell
Keith Ferrell
Commentary
50%
50%

Winter Worryland: Keeping Secure When The Weather Turns Rough

The chill that's wrapped much of the country in its grasp the last couple of weeks offers a pretty good, if pretty obvious, opportunity to take a look at the effects weather can have on your business -- and especially your business security.

The chill that's wrapped much of the country in its grasp the last couple of weeks offers a pretty good, if pretty obvious, opportunity to take a look at the effects weather can have on your business -- and especially your business security.How ready is your business for a weather-caused disruption or interruption?

It's a question that's been on a lot of minds the last few weeks. Here in southwestern Virginia where I live and work, the effects of a foot-and-a-half snow three weeks ago are still being felt, with some of those effects extended and exacerbated by the ongoing frigid weather that's refusing to release its hold on much of the country.

Other areas, of course, have gotten more snow, and been more cold -- but some of those areas are at least more familiar with and generally better prepared for long sieges of winter than we are.

Talking with small and midsized businesses about the unusually harsh (for us) weather, I was struck by how quickly the topic turned to adjustments some of them were making -- and to actions they wished they had taken before the frigid siege set in.

In other words, everybody talks about the weather, but while there is nothing you can do about, there's plenty you can do to minimize the effects of bad weather (and not just in winter) on your business's ability to function.

Here are a few of the business and security issues that have come up while talking about the weather:

How ready is your business to function if employees -- and especially key employees -- can't get to work?

Telework is one answer (assuming of course that communications lines and media remain functional) but you can be too confident of telework's ability to maintain necessary productivity and response levels, particularly if you haven't tested your plans and the systems and tools required to make telework work.

Shake down to your telework strategy and shake out the bugs and glitches before the weather forces you test them.

How secure are the systems your teleworkers are using?

As with any mobile or remote worksite, the devices and tools used should meet the same security standards you insist upon at business. But mobile and remote security standards are tough to enforce in good weather.

In the event of bad weather forcing employees to work unexpectedly from home (and probably from home computers and other equipment), security issues become the first priority. And it's a priority that needs to addressed before the weather event happens. If there's any likelihood that an employee will be using a non-work device for business or business-related information, bring that equipment up to security standards and keep it there as part of your weather readiness plan.

How ready is your workplace for heavy weather?

Say the employees can get to work without too much difficulty (even here the main and major secondary roads were cleared within a day or two). Is your workplace ready to meet the demands that heavy weather will place upon it in addition to the usual demands your business makes?

Probably you have generators and backup power sources if the juice goes out. But what about backup or supplemental heat (or in summer cooling) in the event of severe temperatures? What aspects or areas of your business can be sealed off, even partially, to reduce demand on these resources and reserves>?

Don't forget that sealing your workplace tighter against the cold (or heat) and cranking up propane and other backup heaters may raise ventilation safety and air quality issues.

Bear in mind as well the parking lots, walkways and other winter hazards employees may have to navigate in order to get to the warmth of the workplace.

How secure is your security if nobody can get in?

Finally, bear in mind that an empty workplace or office as a result of weather is different from ordinary times of no activity such as nights and, for some businesses, weekends. Rather, a weather-forced shutdown is more like a holiday closing in that the crooks (who may see weather conditions as an opportunity rather than a hardship)know the staff is gone and, in the case for instance of a heavy snowfall, they know the responders are likely to busier with emergencies than responding to larcenies.

Double-check your locks and security systems (paying particular attention to backup power fro alarm and surveillance/monitoring systems).

Make sure digital data is encrypted and sensitive paperwork locked away. Above all, make sure that all data is backed up and securely stored elsewhere.

Check and re-check your smoke and other alarm systems, as well as workplace fire-suppression systems, if you have them. Again, responders will have more emergencies than usual during a weather event, not to mention the winter firefighting difficulties we've all seen on the news, often with tragic effects.

As I said earlier,you can't do anything about the weather, but you can do a lot more about weather-proofing your security and business continuity planning than just talk about it.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-35198
PUBLISHED: 2021-05-12
An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.
CVE-2021-23872
PUBLISHED: 2021-05-12
Privilege Escalation vulnerability in the File Lock component of McAfee Total Protection (MTP) prior to 16.0.32 allows a local user to gain elevated privileges by manipulating a symbolic link in the IOTL interface.
CVE-2021-23891
PUBLISHED: 2021-05-12
Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.32 allows a local user to gain elevated privileges by impersonating a client token which could lead to the bypassing of MTP self-defense.
CVE-2021-23892
PUBLISHED: 2021-05-12
By exploiting a time of check to time of use (TOCTOU) race condition during the Endpoint Security for Linux Threat Prevention and Firewall (ENSL TP/FW) installation process, a local user can perform a privilege escalation attack to obtain administrator privileges for the purpose of executing arbitra...
CVE-2020-36289
PUBLISHED: 2021-05-12
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and fro...