Protecting Technology & Systems

Protect Agency Data and Systems

• If your agency hosts its management system in-house, make sure you take a current snapshot of all systems and data. Copies of your data should be stored off-site in a secure way, and you must be able to access it from off-site. Contact your agency management system vendor to ensure you have remote access to your management system after a disaster (such as on a secure website) and to learn if you can restore your data in its cloud system.
• Make sure staff are assigned passwords and trained on accessing policyholder information remotely from this off-site source.
• Some off-site sources will perform authorized functions for the agency if the agency is unable to access its systems locally. These contingency arrangements should be established in advance so that the appropriate agreements can be put in place, covering such things as scope of the third party’s authority to act on the agent’s behalf, agency notification before certain actions are taken, and the privacy and security protections the third party will employ to safeguard client and agency information.
• If possible, load your management system on one or more office laptops since these are easier to power up or recharge than a desktop.
• For agencies with telecommuters located outside the expected disaster area, consider transferring some functions to them, including access to electronic data in the cloud and possible phone systems.
• Consider a relationship with a technology firm capable of providing the agency with emergency services such as a help desk, generators, on-site assistance, and equipment to help the agency get back up and running. This should be tested in advance and regularly reviewed, especially if electrical requirements change.

Protect Internet Access and Equipment

• If you use cloud-based systems, find out if there is a way you can gain access to them in the event you have no internet connection (i.e., load it on a laptop or stand-alone computer).
• If resources allow, consider having a redundant internet connection. For example, if you use DSL, get satellite, cable, or an internet wireless service. You should also explore hotspots. Vendors such as Verizon, AT&T, and Sprint often establish temporary towers after a storm, allowing these devices to work.
• If using hotspots, ensure your desktops (usually hardwired) have USB wireless adapters available to connect to Wi-Fi.
• Have a UPS (uninterruptible power supply) on all equipment. This not only allows a controlled shutdown, but also affords a conditioned electrical circuit when power is restored, through repair or a generator. Never connect a computer directly to a generator because of power fluctuations.
• Consider a UPS able to provide continuous power to a workstation for a minimum of 15 minutes and to servers for a minimum of 30 minutes. This will allow enough time to close files and turn off the systems, preventing data loss or corruption. Note: most UPS systems can connect with your network and include administration software that sends notifications, allows for the automatic closing of files and applications, and powers off the workstation/server, if power is lost for designated a period of time.
• UPS units should be tested at least quarterly. This is best performed when the workstations and servers are idle, allowing time for the UPS to recharge (end of business day or weekends). To test, remove the UPS input power plug from the electrical socket. Record the total time it takes for the UPS to quit supplying output power to the workstation/server. If the total time is not within your expectations, replace the UPS batteries or entire unit.