january 2023
Enterprise Services
By Madeline Lauver, Assistant Editor
Public and private sector security leaders can learn from each other’s approaches to maintaining operational continuity after a natural disaster.
Maintaining Operational Continuity After a Natural Disaster
AlenaPaulus / E+ via Getty Images
Injury, facility damage and operational outages are some of the risks security leaders must consider when it comes to combatting the organizational effects of natural disasters.
When a natural disaster occurs, affected businesses and governmental agencies need to remain operational to support community stakeholders and mitigate disaster damage. According to emergency management and security leaders from across the private and public sectors, focusing on clear communication, public-private partnerships, and infrastructure redundancy can help organizations maintain operations during and after natural disasters.
The Power of Infrastructure Redundancy
Security professionals across the globe deal with a range of natural disasters, including flooding, hurricanes, tornadoes and a number of other events. Rodney Andreasen, Owner of Xspct, LLC, and retired Director of Emergency Management for Jackson County, Florida, has helped the county respond to and mitigate the effects of numerous disasters. Andreasen says securing critical assets, such as hospitals, and installing backup communication strategies has helped Jackson County remain resilient throughout largescale events, including Hurricane Michael, a category five storm that hit northern Florida in 2018.
Damage sustained by a call center in Jackson County, Florida during Hurricane Michael. Image courtesy of Andreasen
“When Michael came through, it leveled the entire power grid for the community. There was nothing left,” Andreasen says. Preparedness played a critical role in getting the community back on its feet and avoiding further damage. “I would advise security professionals to get ahead of the curve,” he says, naming the restoration of power and communications as top priorities after a disaster.
George Frandsen, Senior Director of Enterprise Security and Support at GuideWell, has led a number of natural disaster response and business continuity initiatives across the health solutions company. With offices across the United States and concentrated in Florida and Puerto Rico, Frandsen’s organization has weathered floods, tornadoes, tropical storms, hurricanes, wildfires, winter storms and other emergencies.
Frandsen says that when a natural disaster occurs, leadership needs to assess the full scope of potential damage and adverse effects a disaster can cause. “There can be communication disruptions, security system outages, supply chain disruptions, and you could lose the ability to service your customers,” he says.
Navigating these challenges starts with creating redundancies in organizational infrastructure to ensure business continuity. “Some risk leaders don’t completely consider the wide range of impacts that natural disasters cause. Of course, there’s the physical damage and the destruction that they cause, but leaders also have to consider the other impacts that are often more critical than the physical damage that happens — namely, information security risks and business reputation challenges.” For example, bad actors taking advantage of weakened cyber defenses due to power outages can target organizations impacted by a natural disaster, says Frandsen. Combatting these threats comes down to protecting against outages by building in redundancies for power and information systems, such as battery and generator-powered backups, he says.
The importance of redundancy extends into the physical security realm as well. Andreasen says that emergency management professionals should prioritize backing up communication networks — for example, if an organizational phone system or network goes down, employees and community stakeholders should know where to access critical information, such as through a PA or amateur radio system. In addition, assessing the backup needs of security systems can help reduce downtime in the event of a power outage, Frandsen says. Security leaders should be aware of whether their systems are connected to backup power sources, and if so, how long those backups will last.
Leveraging Public-Private Partnerships
Backups and additional resources are often sourced from outside of an organization or affected area after a natural disaster. While Jackson County was outside of Hurricane Ian’s path, the Jackson County Emergency Management team still leapt into action, sending resources to affected areas as law enforcement and safety professionals traveled downstate to aid victims and assess the storm damage. This response exemplifies a strategy commonly seen in effective natural disaster response — collaboration.
According to Andreasen, collaboration and public-private partnerships increase community safety after a natural disaster. “Public-private partnerships are some of the most important things that we could have had after a disaster,” Andreasen says. Jackson County set up mutual aid agreements with community organizations, such as houses of worship, to provide aid after disasters. “The churches have been instrumental in feeding a lot of people after events. And I cannot stress enough, get those agreements in place and make those contacts before a storm — you don’t want to be exchanging business cards at a disaster,” Andreasen says.
“The best thing security teams can do is have a plan in place that describes the decision-making framework and procedures required for pre-, during and post-natural disaster.”
— George Frandsen, Senior Director of Enterprise Security and Support at GuideWell
Frandsen has seen the positive effects of public-private partnerships firsthand. “We have very close working relationships with law enforcement at GuideWell. In fact, during the last hurricane, the Jacksonville Sheriff’s Office asked us for a safe place to store road equipment as the storm hit, so we opened our garage. In turn, our campus increased its law enforcement presence, and more local police officers were able to familiarize themselves with our campus,” Frandsen says.
Communication Best Practices Pre- and Post-Disaster
When a disaster hits, employees and communities rely on their organizations and government agencies for threat information and safety tips. According to Frandsen, “The best thing security teams can do is have a plan in place that describes the decision-making framework and procedures required for pre-, during and post-natural disaster,” he says. “The plan should be aligned with your organizational priorities and stakeholder commitment.”
When it comes to organizational priorities, both Frandsen and Andreasen’s organizations put people first. In Jackson County, many county employees work throughout natural disasters to keep the community safe. Andreasen says strategizing for employee safety during a disaster can be a tough challenge, especially when considering operational continuity. “If the roads are blocked because of an event, nobody’s coming in,” he says. “That’s why I try to have people in position before a disaster.”
Supporting employees during a natural disaster doesn’t stop there, says Andreasen. Jackson County allows mission-critical safety professionals to bring their families to work with them to avoid indefinite separations after an event. “If we have to house them in my office, that’s what we’ll do,” Andreasen says.
At GuideWell, security and business leadership support employees by confirming emergency contact information prior to a storm, checking in with employees after events, and then responding to any individuals who need assistance. “One of the first things we do post-event is check on the welfare of our employees who live in that impacted area,” Frandsen says. With the organization’s remote work policy, Frandsen’s team monitors for employees working from affected regions and reaches out to see if they need help.
GuideWell also operates a company information line for employees who have questions about the impacts of natural disasters on their area and the business’s operational continuity. The security team uses real-time threat intelligence to assess the risk of operations and employees returning to work, and the organization uses the company information line to clearly communicate with people who have questions about scheduling, payroll and safety.
Natural disaster preparedness and communications should be an ongoing effort, Frandsen says. “You want to be able to communicate natural disaster expectations to employees on an annual basis to keep it fresh in their mind,” he says. Pre-event, security teams should focus on updating emergency contacts, conducting drills and tabletop exercises, and backing up their critical infrastructure. Frandsen also notes the importance of ensuring support from external security stakeholders during an event by setting up emergency services agreements with contract guarding companies and security integrators.
Andreasen has seen this strategy used to great effect after a natural disaster. When a large retailer in Jackson County sustained damage after Hurricane Michael, law enforcement was tied up assisting storm victims elsewhere. The retailer relied on contract guards to protect the facility, enabling community members to get groceries and other necessities soon after the storm without burdening first responders.
Natural disaster response requires collaboration and buy-in from the top down in organizations and communities. One of the most important priorities for security teams before, during and after natural disasters is communicating critical information and acting as safety and preparedness ambassadors. “You need to address and work with people not just in security, but everywhere, to get them cognizant of what’s going on,” says Andreasen. As natural disasters impact organizational operations across the globe, security teams must prepare their organizations for any risks they could face. “Don’t take an ‘It won’t happen here’ attitude to natural disasters,” he adds.
january 2023 / SECURITYMAGAZINE.COM