Seven basic security tips to aid business emergency planning

Jan. 19, 2021
Security professionals must integrate security mitigation into their emergency planning to ensure smooth business operations

One of the most important parts of designing a business emergency plan is deciding which parties assume responsibility for mitigating the disruption and helping the company recover after an incident.

Security professionals play extensive roles in maintaining secure physical and online environments before, during and after attacks. Here are several of the specific responsibilities they handle. 

1. Ensuring Exits Are Secure and Clear

Building exits quickly become vital during events like fires or earthquakes. If people cannot reach doors due to clutter and blocked paths or do not know where the nearest exits are from their locations, preventable loss of life and injuries are more likely to occur.

Relatedly, planning for an emergency requires knowing how to secure areas of the building quickly. For example, during an active shooter event, locking down parts of the premises could limit the perpetrator’s access to potential victims.

Professionals specializing in physical security should help create and identify a building’s evacuation routes. Moreover, they should assist in educating employees about what to do when leaving the building. For example, if workers know to meet at a designated location after evacuating, accounting for all parties becomes much more manageable.

2. Backing up Data

Data is vital in today’s society. Many workers realize just how true that is after their organizations get hit with ransomware attacks that lock authorized users out of files or entire networks. This forces them to resort to paper-and-pen methods when performing formerly digital tasks.

Cybercriminals orchestrate ransomware attacks because they hope that doing so will wreak havoc on the affected organizations. Most businesses are so dependent on data that they cannot operate without access to it. Backing it up does not eliminate an affected business’s problems after a cyberattack. However, it ensures that workers can still retrieve information. They may then be able to keep operations running, even if in a limited capacity.

Parties handling cybersecurity for a business should take a twofold approach to data backups, ensuring they address saving copies and understanding how to recover them. They must also examine how to reduce risks. For example, they should avoid keeping primary and backup information in the same location. Otherwise, one disaster in a single place could compromise everything. Fortunately, backing up data to the cloud is an accessible and widely utilized option.

3. Maintaining Security Cameras

Today’s security cameras are increasingly high-tech. Many have artificial intelligence (AI) features that can differentiate between a dog and a human intruder. Others connect to the cloud and let authorized users log in from anywhere to survey the premises.

Security cameras can prove vital in business emergency planning because they can help people at affected locations determine what happened. For example, if a business is robbed or disgruntled customer storms into an office with a weapon, security camera footage may help determine the criminal’s identity. It could show how they gained access or what vehicle they drove, too. Moreover, security cameras can deter would-be lawbreakers from carrying out planned attacks.

Keeping cameras functioning as intended falls to both people who specialize in cybersecurity and physical security. A physical security specialist could oversee things like a camera’s position and adequate lighting around it. A cybersecurity expert could then update the passwords used to review recent footage or retrieve data from the cloud.

4. Facilitating Working From Home When Necessary

One of the best practices for creating a business emergency plan is to prepare for various scenarios that are most likely to affect the company, its employees and operations. Then, security professionals can devote their time and resources to the kinds of events that are most likely to happen.

Some of them may require employees to work from home. Many leaders recently learned that a work-from-home arrangement could persist for months or more due to the COVID-19 health crisis. However, other circumstances could require that a person do things at home, even if they had been coming into an office.

For example, a gas leak could result in an explosion that makes a building unsafe to occupy. An overnight ice storm could leave some people unable to drive to work in the morning. Cybersecurity experts should oversee aspects such as how people can access secured networks and resources from home. They can also consider creating a checklist of the ideal ways to stay safe from cyberattacks when working remotely. That way, people can keep following best practices no matter where they are.

5. Keeping the Premises Well-Lit and Secured

A building’s exterior gives an impression before people enter it. Certain things can also keep people inside safer while preventing an emergency from escalating. For example, a person who plans to rob a business may get the idea that it’ll be easy based on what they see outside. Maybe there are several bulbs burned out in parking lot lights, and a fence surrounding the structure features several weakened or broken links.

Lighting can do more than help a robber decide to go through with or cancel a forced entry, though. During an emergency, backup lights powered by a generator could ensure people evacuate safely despite a power outage. Moreover, if an emergency plan maintains the security of all crucial areas of business, a person who does break into a building will likely find they won’t get far.

Adequate lighting and secured entrances also aid people who continue coming to work in unprecedented circumstances. For example, data centers kept providing essential services during the COVID-19 pandemic, although with substantially reduced staff numbers. If a person must come to work when most people in the area are staying at home, a well lit and properly secured workplace gives more peace of mind. 

6. Understanding the Type and Location of Data

Immediately after a data breach causes a business emergency, cybersecurity experts start looking for the root cause of the issue and determining what types of information the hackers compromised. After learning those details, company representatives must communicate with the affected parties. It’s understandable if someone addresses the public and says an investigation is ongoing, but people don’t want to hear that no one knows for sure what the hackers stole.

Unfortunately, though, that lack of knowledge may be more common than people think. A 2018 study found that only 54% of relevant parties know the location of all their organizations’ sensitive data. Even worse, 68% of IT professionals did not believe their organizations carried out all data protection regulation procedures.

Both physical and cybersecurity specialists must take the time to stay on top of what kind of data a company has and where to find it. Those details would prove invaluable beyond data breaches. For example, if an arsonist destroys part of a building or a natural disaster causes a flood, security professionals could quickly verify the data affected by those incidents.

7. Communicating to Employees Before, During and After Emergencies

Security professionals will give input about both business continuity and disaster recovery plans. While continuity allows a company to keep functioning during and immediately after an event, disaster recovery concerns responding to the aftermath and returning to normalcy.

Communication is crucial during each of these elements — and even before an emergency happens. For example, experts strongly recommend testing a disaster recovery plan rather than merely assuming it works. Security professionals can play instrumental roles in helping employees go through mock scenarios that prepare them for true emergencies.

They should also think about the best ways to inform employees during urgent situations. How would they get the word out if the company has no internet access? After those circumstances pass, security professionals can also take the lead in explaining what the company has done to rectify the situation and stop something similar from happening again. Telling employees about those measures will help them feel safe.

Security Will Factor Into All Emergency Planning Efforts

This is not an exhaustive list of the responsibilities security professionals will play in helping businesses get ready for emergencies. However, it gives useful examples of how physical and cybersecurity should and will be a part of all successful initiatives.

It’s also useful for security professionals to engage with employees at all stages of disaster planning. Workers may have insights about things to implement that were previously overlooked. Moreover, if employees believe security experts are considering their feedback, they’ll feel more valued and respected.

About the author: Devin Partida covers cybersecurity topics for International Security Journal, AT&T's Cybersecurity blog and ReHack.com, where she is the Editor-in-Chief. Find her there to read more of her work.