Florida organizations shore up systems in preparation for Irma
With Hurricane Irma posed to make landfall in southeast Florida over the weekend, businesses throughout the region were feverishly preparing on Thursday and Friday to contend with the storm. Not the least of their considerations: How to protect their data and keep their computer operations up and running.
Faced with a Category 4 hurricane and potential winds of up to 155 miles-per-hour, IT, security and risk management executives in Florida, Georgia and neighboring states have two things going for them—they’ve had several days warning to prepare for the storm, and they operate in an area of the country that is accustomed to extreme weather. Developing detailed plans for coping with such occurrences is standard operating procedure here.
But with the devastation caused by Hurricane Harvey two weeks ago in Texas fresh on everyone’s minds, businesses in the area are bracing for the worst.
Fidelity National Financial Inc., a Jacksonville, Fla., based provider of title insurance, technology and transaction services for the real estate and mortgage industries, is one such firm, and for the past few days it has been busy preparing and validating that its operations will be able to continue normally, despite heavy storm damage.
“We’ve already shifted a lot of our critical systems up to the cloud,” reports Jeff Foltz, the company’s chief information security officer (CISO) who reports to the firm’s chief risk officer. This is in line with Fidelity National’s increasing reliance on cloud computing for its critical infrastructure and includes services such as Microsoft Office 365. It also means employees should be able to continue day-to-day business operations throughout the storm and its aftermath.
The firm has been preparing for such an event for some time, running evacuation drills a few times a year and providing seminars for employees on what to do if a disaster strikes—such as working from remote facilities, Foltz says.
A priority this past week was making sure workers could gain access to corporate networks and data from remote locations.
“Most have already set up systems so they can work remotely, which our Business Continuity Office requires in events like this,” Foltz explains.
Another priority this week was to ensure that business operations would be able to continue in the event the administrative headquarters and remote offices lose power or are otherwise not operational.
“Employees test remote access through drills, and so could already work from home offices or other locations well before the hurricane was expected to hit. So we are open for business and able to keep our systems running,” Foltz says.
That includes Foltz, who was planning to work this weekend from his home office in Jacksonville. He has worked in disaster recovery for some 15 years, and having experienced Hurricane Matthew - another powerful storm that pummeled Jacksonville with high winds and flooding in 2016 - he is well aware of the damage that can result from such events.
“I flew in the last night before Matthew hit and hunkered down in my house,” Foltz recalls. “There was tremendous damage” from that storm. “Matthew was an experience, so I know what this is like and have prepared even more since then.”
Also monitoring Hurricane Irma and the potential impact to its employees is various Florida locations is Align Networks, a Jacksonville-based division of One Call Care Management, which provides specialized services to the healthcare industry that enable fast and effective claims resolution.
In a note to employees sent out late in the week, management said, “We want everyone to be able to take care of their homes and families. Our first priority is always to ensure the safety and security of our employees.”
Align Networks planned to close its Florida facilities beginning Friday afternoon until a post-storm assessment of office locations.
The company provided guidelines to employees as to how to handle processes before, during and after the storm, to help ensure business continuity, says Steve Wingate, security and compliance officer.
Among other things, employees were instructed to continue to backup all important working documentation and data; take assigned laptops home each night; ensure that virtual private network (VPN) access was active; and ensure that all contact lists were updated and distributed to team managers.
Companies located in areas that were not expected to bear the full brunt of Irma but were nevertheless in its path—such as Atlanta, Georgia—were also preparing for the hurricane’s impact.
Northside Hospital, a network of healthcare facilities in Atlanta, was “treating this as a weather event like so many others that happen in Georgia,” says Martin Fisher, manager of IT security for the organization.
“As a hospital we have to be available no matter what, and that ethos permeates our IT operations as well,” Fisher says. “We have a standard, staged plan that our executive team will activate as they determine conditions require.”
Such natural events are not unusual for the hospital. As a result, leaders throughout the hospital’s operations regularly hold conference calls and communicate via email to help them coordinate activation of the disaster recovery plan, Fisher says.
“We have developed a risk-based prioritization model designed to ensure patient safety and ensure quality of care during any incident,” Fisher says. “We use a wide variety of methods, including remote data centers and detailed backup manual processes to ensure patient safety and care.”
Northside Hospital conducts emergency exercises on a regular basis, and actually activates its disaster recovery plan a few times a year.
“Weather events in Georgia happen more often than many would think,” Fisher notes. Conducting the drills “helps us keep the plan oriented and relevant, as well as communicate responsibilities across the organization.”