Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - Do you have a personal disaster recovery plan? InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Do you have a personal disaster recovery plan?

Published: 2011-06-04
Last Updated: 2011-06-05 14:49:12 UTC
by Rick Wanner (Version: 2)
2 comment(s)

I am going to stray a little off the beaten path of the ISC today and ask you about personal disaster planning.

I am in the middle of the bald prairie in Western Canada, in the last several months we have experienced a record snowfall, a rapid melt, abnormally high precipitation, widespread flooding, wildfires, and tornadoes.  Despite all this my part of the country has gotten off relatively easy. Other parts of Canada and the U.S. have been far less lucky, with significant loss of life on top of devastating property damage. As a matter of a fact, my thoughts and prayers this weekend are with the Internet Storm Center’s Deb Hale, who is at this moment living through the flooding in Iowa.

As these events were unfolding, companies all over were dusting off their business continuity and disaster recovery plans and making sure they were adequate to get them through the coming crisis, if it were to occur. Although in my part of the world only minor aspects of most plans were implemented, I wondered about all the people whose basements were flooded, whose farm land was submerged, and whose houses were underwater. Did they have a personal disaster recovery plan?

Given the human tendency to look at the bright side and to downplay risks that can’t easily be imagined, most people do not have an adequate personal disaster recovery plan. I am not suggesting that you need to plan for every contingency, but it cannot hurt to go through a couple of the most likely scenarios and see what resources you would need to minimize the impact on your family and put the foundation in place in advance.

The Center for Disease Control Zombie Apocalypse preparedness blog from a month or so ago is an excellent place to start  for planning for the immediate aftermath of a disaster, but what about after the immediate crisis is over. Would you have the ability to access the resources necessary to recover from a disaster?

I suggest building a file of important documentation and contact information. Keep one copy in a safe place in your house, a fireproof box perhaps, and a second copy at a friend or relative's place, sufficiently far from your house, so you can access it if your house is seriously damaged or inaccessible for an extended period of time. What sort of information should be in the file?

  • Insurance Information
  • Medical Information
  • Contact list of anyone you will need to be able to contact to tell them you are safe
  • Contact list of companies and agencies that may be able to help you recover.

Personally I keep the originals in a safe deposit box and scans, in PDF form, on a couple of good quality USB thumb drives as well as on an Internet data storage site. Be sure to throw some money into these files, just in case the problem is widespread enough to put banks and ATMs out of service for a bit.

Would you have enough money to survive and start the rebuilding process? Insurance money, in most cases, will not be immediately forthcoming, and adjustors may not be available for an extended period of time. I recommend setting up a line of credit with your financial institution for at least half of the value of your house and contents. Most institutions do not charge you anything for having a line of credit and not using it, although there may be some fees for establishing the line of credit initially. Be sure your line of credit permits cheques to be written against it and place several of the cheques in your documentation packages.

I think that is a good start, but I am sure you will have many other excellent ideas. What sort of things have you done to aid your personal recovery from a disaster?

Please provide your ideas via comments or through the contact form.

-- Rick Wanner - rwanner at isc dot sans dot org - - Twitter:namedeplume (Protected)

2 comment(s)
Diary Archives