03-11-13 | Blog Post

State of Michigan & Michigan Businesses Firm Up IT Security with Disaster Recovery Plan

Blog Posts

Michigan state officials and CIO/security officers from major Southeast Michigan businesses are combining efforts to formulate a disaster recovery response plan in the event of a cyber attack. An increasing number of recent private and public sector attacks have heightened the importance of cyber security awareness and remediation readiness. Chief Security Officer Dan Lohrmann told Crain’s Detroit that the plan (to be made public later this spring) would:

  • First, categorize and define the cyber attack by –
    • Statewide disruption
    • Large region disruption
    • Affects more than one company
  • Consider other risk factors, including –
    • Extent of financial impact on the state
    • Affects a critical need, such as electricity or water
  • The plan also addresses –
    • How to bring utility services back online
    • A phone network and critical contact plan

According to Crain’s Detroit, the Michigan government’s website suffered from a denial-of-service (DoS) attack just last fall. There are additional concerns around attacks potentially targeting chemical, oil, electric grid or power plant companies, as they comprise some of the most critical infrastructure sustaining our society.

Information that could be targeted includes tax records, agency credit cardholder data and health records. While industry security standards are widely known for any company that deals with credit cardholder data (PCI compliance) and healthcare data (HIPAA compliance), even state governments can fall prey to a lapse in IT security.

Last August, the South Carolina’s Department of Revenue was hacked and 3.8 million tax records were stolen as a result of a phishing email and stolen passwords that allowed access to several servers and 44 systems. Social security numbers were not encrypted, and two-factor authentication was not employed for VPN (Virtual Private Network) or remote access, as PCI DSS requires.

In addition to a state response plan to an attack, the state and major Michigan businesses could also benefit from reviewing their own organizational security policies. For example, are staff trained on their password policy, and do they follow best practice security procedures that may have kept hackers from accessing millions of tax records?

As I wrote about in Michigan Cyber Initiative Reports ‘People’ As Weakest Link in IT Security, employee errors are common causes when it comes to data breaches – according to the Ponemon Institute, 78 percent of respondents’ organizations had experienced a data breach as a result of negligent or malicious employees or insiders.

To learn more about disaster recovery and IT security, check out:

IT Disaster Recovery Case Studies
Online Tech has provided a variety of IT disaster recovery services for companies in diverse industries requiring continuous data protection and application availability, including software as a service (SaaS), insurance, health IT and others.

Disaster Recovery Webinar Series
Watch a three-part webinar series on the topics of business continuity and technical implementation of disaster recovery.

What to Look for in a Michigan Disaster Recovery Provider
A solid backup and disaster recovery plan is essential to long-term Michigan business success – in the event of a disaster, your business can’t afford to lose valuable data and applications.

As Cyberattacks Grow, State, Biz Mount Strategic Defense

Overwhelmed by cloud chaos?
We’re cloud experts, so you don’t have to be.

© 2024 OTAVA® All Rights Reserved