Cybersecurity Hurricane PreparednessCynthia Taylor, CC

In the wake of the 18th anniversary of Hurricane Katrina, Hurricane Idalia’s strike on Florida and Georgia, and Hurricane Lee in the Atlantic, we start September, National Preparedness Month in the United States. September 10th is the peak of Hurricane season with the busiest times running from mid-August to mid-October. It’s during these times we have to understand that maintaining business continuity is paramount for Cybersecurity and core to availability within the CIA triad.

Having vertically evacuated downtown New Orleans for Hurricane Katrina, I personally witnessed how everything can go wrong–from failed levees to cell towers. This is why pre-planning is necessary, assessing various risks and scenarios, and continuously improving.

In this article, we’ll discuss some main points to consider and compare them to real situations that happened during Hurricane Katrina.

Step 1 - Create a Plan
Due to power loss and flooding from the hurricane, many base stations went out causing all cell signals in the area to disappear. Soon only pay phones had power and signal. Setting a communication plan in place prior to a disaster event can help you assist your employees and help your business recover quicker. You may want to look at how the Cybersecurity and Infrastructure Security Agency (CISA) handles emergency communications as a model. offers information regarding the storm season in multiple languages and includes details on how to create an emergency plan . You can also look into how the Federal Emergency Management Agency (FEMA) prepares for Hurricane season , their recommendations , and potentially take their course .

Step 2 - Reviewing all Risks

Many businesses had difficulty recovering after the storm due to a variety of challenges, including cases where the entire properties were swept out to sea along the gulf coast of Mississippi and Alabama. Examining best and worst-case scenarios can help you figure out what programs to put in place, insurance that’s needed, and your recovery time after the event.

If you’d like to incorporate table-top exercises at your organization, CISA offers a variety of physical security scenarios that you can try. Also, consider giving employees security awareness training around potential post-storm scams that can occur.

Step 3 - Open to Improvement

Even though this storm season is almost at an end, look into putting together a plan for next year. There are always opportunities to enhance your operations after a major incident. The City of New Orleans worked on strengthening its levee system after the storm. CISA currently looks at “extreme weather threats” and their potential impact on critical infrastructure. You may want to harden your infrastructure to withstand flooding and heavy winds. Take a look at CISA’s information regarding resilience services .

A lot of what we covered is foundational knowledge, but important to have in place. My family was very fortunate to be able to drive out of downtown New Orleans with a car that someone had siphoned the gas out of. We now have a more comprehensive plan of action when Hurricane season comes. You should evaluate what would be best for your organization should the time come.

Cynthia Taylor, CC has over 10 years of experience in IT. She graduated with her Masters in Cybersecurity and Information Assurance from Western Governors University in 2022. She currently works in Application Security and Vulnerability Management in the Aviation Industry.