Hurricane Harvey has wreaked havoc in Houston – a testament to the power of natural forces and our continuing vulnerability to them. During times like these we see the images and empathize with the loss of property and life that takes place. Priority is given to rescuing, feeding and taking care of displaced persons and salvaging property. During times like these it’s easy to take stock of the obvious needs – general contractors to correct damaged buildings or a wet vac to clear out water on the factory floor. What you might not be thinking about is your sensitive information. Those purchase orders that are floating down the street or the data you exposed by using the coffee bar’s WiFi when everywhere else was down. The agony of rebuilding can take on the added nightmare of long term damage from data lost, acquired, or reacquired – but not by you.
Here are a couple of key areas to be aware of for Digital protection after a natural disaster. And some about your physical data protection as well.
Be aware of the risks of using open wifi connections and ways to lessen the risk:
During a disaster you may have no other choice than to use what connections you have left to keep your personal and business life running but you don’t want to bring back any viral visitors to your company or give away sensitive information. Here are a few suggestions to keep it safe – or at least as safe as you can – during a crisis.
- If you must us an open network avoid using any sensitive information
- Turn off file-sharing and AirDrop options. You probably have some sharing options that assume working on a trusted network. Turn off file sharing and enable built in firewalls. Mac users can set AirDrop to contacts-only.
- Turn WiFi off when you’re not using it. Work off-line when you don’t need to be connected.
- Use HTTPS (secure SSL) everywhere you can.
- Use a VPN connection-your own, or a third party provider.
- Make your own WiFi hot spot and avoid the question all together. Maybe you don’t have one right now but for a fee, many phones can be turned into hot spot. It’s more expensive, but adding it in on key phones in the company can save you in the long run. Many carriers will add the service on or take it off with a quick phone call.
Hackers love to exploit disasters. Be aware and train your employees in safe practices during disasters.
It would be nice if everyone tried to help during a disaster but there are always those who are ready to exploit instead. Scams and malicious websites quickly surface after a disaster. Hackers are not nice people. If you are still up and running, you and your employees are probably looking for the latest news and reports. If you have avoided everything else during a disaster, these can take you down. Beware of:
- Fake on-line charities – don’t go to a charity website through a provided link. And if they ask for your social security number run. No legitimate charity needs your social security number. Check BBB’s Give.org to check for legitimate charities
- Unsolicited e-mails – Don’t click on them
- News updates from unrecognized sources – Go to a recognized home website instead
- Emails purporting to show photos of disaster areas – These are often ruses to insert malware onto your computer or devices
- Search engine results – Attackers manipulate search engines in order to get their malicious pages to the top of your search lists.
Let’s not forget your physical data
Most of us have physical data as well as digital. And Information Security includes the handling of sensitive physical data.
The Federal Trade Commission gives this advice for taking care of physical sensitive information:
- Take stock. Create an inventory of the personal information you have. That way, if your files are destroyed or lost in a natural disaster, you’ll know what information is involved.
- Scale down. Collect only what you need. For example, if there’s no business reason why you have to have someone’s Social Security number, don’t ask for it in the first place. Keep records only as long as you have a reason to maintain them. Don’t hold onto customer credit card information unless you have a business need for it.
- Lock it. Store personal information in the safest part of your building. If information is missing after a natural disaster, contact law enforcement. If possible – this is where your inventory helps – contact affected individuals so they can place a fraud alert on their credit reports.
- Pitch it.Properly dispose of what you no longer need. Shred, burn or pulverize paper records before discarding. If you use consumer credit reports for a business purpose, you may also be subject to the FTC’s Disposal Rule.