Sandy's impact on security

The thoughts and prayers of the Cygnus Security Group go out to all those impacted this week by Superstorm Sandy, which left a path of destruction from the Outer Banks of North Carolina to the shores of Maine. The storm has been blamed for the deaths of more than 90 people in the U.S. New York and New Jersey bore the brunt of the storm’s wrath with residents being plunged into darkness by widespread power outages and transportation being brought to a crawl.

The storm also forced the postponement of ISC East, which had been scheduled to take place at the Jacob K. Javits Convention Center in New York City on Oct. 29-31. Nearly everyone across the security spectrum – from equipment manufacturers, systems integrators, alarm monitoring centers, and CSOs – have been affected by this storm in some capacity.

Surveillance camera maker Mobotix, which has an office on Wall Street, has been forced to reroute phone calls to the company’s headquarters in Germany and respond to customers as best they can given the circumstances, according to Steve Gorski, general for the Americas at Mobotix.

"Unfortunately, (Sandy) affected us in a pretty significant way," he said. "Basically, we lost power and the whole area is flooded. We haven’t been in the building since the hurricane hit."

In addition, Gorski said that the majority of their employees who work at the New York office live on Long Island or in New Jersey and not only cannot get the building, but are having difficulty charging their cell phones, which has made communication all the more difficult.

"I think New Yorkers are pretty resilient. I know my guys are chomping to get back to office, so I think it was certainly a challenging week for us, but I anticipate that the office will be open by Monday of next week and we’ll be back to work," he said.

The widespread disruption of business operations that this storm has inflicted upon numerous organizations also raises awareness about the importance of having enterprise risk management (ERM) plans.

A few months ago at ASIS 2012, I had an opportunity to sit in on a session presented by Jeff Spivey, president of security consulting firm Security Risk Management, Inc. and a former president of ASIS International, about security’s role in ERM. "We, as security professionals, own a certain part of risk that the enterprise is exposed to," he told the audience.

According to Spivey, good ERM plans should unite risk silos in addition to physical security such as compliance, IT security, legal, human resources, operations, and technology/physical infrastructure. He also outlined four principles that ERM should take into consideration. Among these include; meeting stakeholder needs; covering the enterprise end-to-end; applying a single integrated framework; and, enabling a holistic approach.

If you’re part of a company that’s been directly impacted by Sandy, you’re probably already running, step-by-step, through the disaster management playbook you have on hand. If you’re organization wasn’t affected by Sandy, I would suggest using the storm as an impetus for reviewing what contingency plans you have in place for a natural disaster. Perhaps you and your colleagues should even consider running through some tabletop exercises or actual drills to make sure the procedures you have in place would be executed properly during a real emergency.

As Superstorm Sandy has shown us, natural disasters can occur anytime, anywhere. Your job as a business or security leader is to make sure your organization is prepared to weather the storm.