Preparing for Hurricane Milton: Cybersecurity Checklist

As Hurricane Milton barrels toward Florida, our thoughts are with everyone in the storm’s path. Safety is always the number one priority, but as the storm approaches, it’s important to think about your business’s cybersecurity and ensure that your critical infrastructure remains protected.

Below, we’ll cover a few key cybersecurity measures you should take now, ahead of the storm, as well as some considerations for post-storm recovery. With the right steps in place, you’ll be better positioned to keep your organization’s network secure, even amidst natural disaster.

 

Pre-Storm Preparations

1. Back Up Critical Data

Before Hurricane Milton hits, make sure all important data is backed up securely. Use both cloud and offsite backup options to reduce the risk of losing essential data to physical damage or power outages.

It’s also a good idea to review your backup policies to ensure they cover everything. Are you backing up just your most critical files, or do you have redundant systems in place?

2. Test Your Business Continuity and Disaster Recovery Plans

Now is the time to review and test your business continuity (BC) and disaster recovery (DR) plans. You’ll want to make sure your communication protocols, data recovery procedures, and remote access plans are clear and functional.

Run a quick “fire drill” to ensure all systems and personnel understand their roles in case of an outage. This will give you confidence that your organization can weather the storm with minimal downtime or data loss.

3. Ensure Backup Power and Redundancies for Critical Systems

Power outages are inevitable during hurricanes, so ensuring your business has backup power solutions in place is crucial. Verify that your uninterruptible power supplies (UPS) and generators are working and that they’re sufficient to power essential cybersecurity systems, such as firewalls, VPNs, and Network Access Control (NAC).

Focus on keeping cybersecurity measures like intrusion detection systems and access controls operational during any disruptions.

4. Review Access Controls and Network Security

If many of your employees will be working remotely, now is the time to ensure that your remote access protocols are secure, your VPN is properly configured, and multifactor authentication (MFA) is enforced for anyone logging into the network.

With fewer people physically present to monitor the network, ensuring security alerts are routed properly and monitored can make a big difference.

5. Power Down Unnecessary Devices and Systems

Turn off any non-essential devices and systems to prevent damage from power surges or vulnerabilities while they’re unmonitored. This can reduce the strain on your power and data systems during outages, and it minimizes the risk of devices being exploited while your focus is elsewhere.

6. Physically Secure Hardware

Move essential equipment—like servers, routers, and other critical devices—away from areas prone to flooding or water damage. If possible, elevate them to safer levels, and ensure that all cables and connections are properly secured to avoid accidental disconnections or damage during the storm. Covering hardware with protective materials can add an extra layer of defense against water intrusion or debris.

 

Post-Storm Considerations

After the storm has passed, take stock of your cybersecurity posture and assess the damage—both physical and digital—only when possible and safe to do so.

1. Conduct a Network Integrity Check

Once the storm dissipates, the first step is to conduct a full assessment of your network’s integrity. Were there any breaches during the storm? Were any unusual access patterns or traffic spikes detected?

Cybercriminals often take advantage of times when businesses are distracted or operating under crisis mode, so it’s essential to comb through your network logs and identify any anomalies that could signal a breach.

2. Review and Restore Your Data

If necessary, restore data to ensure you’re working from clean, uncompromised files. Reintroducing data from backups can bring back corrupted or compromised files, so be sure to thoroughly scan any data before restoring it to your systems.

3. Reiterate Cybersecurity Awareness to Employees

During and after natural disasters, phishing scams and other social engineering attacks tend to spike. Employees should be reminded of basic cybersecurity practices, such as using VPNs when working remotely, being cautious of email links, and ensuring that any login attempts are secured with MFA.

4. Be Ready for Post-Storm Cyberattacks

Have your incident response plan ready, and ensure your security teams are prepared to act swiftly in case an attack happens. Encourage constant communication between security staff and leadership during this period to ensure swift responses to any threats.

 

Support from Portnox

Hurricane Milton presents a very real physical threat. Stay safe—and remember that we’re here to support you through both the storm and its aftermath. Please know that our team is here for you. Should you need any assistance with Portnox Cloud, our support is available 24/7. You can contact us directly via email at [email protected], or by visiting our support site at support.portnox.com.

Your cybersecurity is our priority—now more than ever.