Data security during load shedding

Issue 2/3 2023 Information Security, Power Management

Everything is going fine, but then the power cuts out. No problem, your employees have laptops, and backup systems keep PCs running. But what about your data? What steps have you taken to ensure your business information and application services remain available when load shedding strikes? And did you also cover your security?

When data and applications become unavailable, work stops. Load shedding has made this balance much harder to maintain, and many companies might start cutting corners in their security to ensure productivity. They are taking a significant risk.

"Today's digital businesses must balance access to their systems with hybrid workers, 24/7 availability and ongoing security. Throw in frequent power failures and they need to start making tough choices. It becomes tempting to make choices that focus on availability and sacrifice security features, which is understandable, but they should be careful because cybercriminals can exploit those shortcuts," says Gerhard Swart, CTO at cybersecurity company, Performanta.

Load shedding puts every organisation's security under pressure. According to Swart, there are five key considerations you should take into account to avoid trouble while keeping your systems online and your business cyber-safe.

1. Users log in from different areas and at different times

Modern cybersecurity depends on predictable user behaviours, particularly zero trust security that scrutinises the locations and times of people logging in. Load shedding causes big swings in when and where people decide to access systems, and criminals exploit this confusion. Companies should implement multi-factor authentication to reduce problems with hacked accounts and enlist threat-detection services to catch unusual behaviour.

2. Data centre providers are not impervious

Third-party data centres invest considerable resources to provide power generation and protection against surges. But these measures can still fail, and all organisations must have data loss protection plans. These plans include backup services and failover contingencies, such as a secondary live data site duplicated from the primary data centre.

3.Productivity pressures can derail backup/recovery security

When users need to access data or applications, it should happen quickly, or their productivity will suffer. Speed is essential for ready access to digital assets. But such productivity demands often lead to cutting security corners. This is a dangerous compromise and should be avoided. Create clear, flexible backup and recovery processes that maintain key features such as zero trust security and encryption.

4. Password sharing and weak passwords are more widespread

Hybrid working has encouraged some bad security habits to grow, such as weak passwords, reusing passwords and sharing passwords. Even though passwords are not a great solitary defence, they still form part of a robust security posture and good security hygiene. Poor password habits have dual adverse effects: they undermine security culture and weaken security measures. Load shedding amplifies these bad habits. Create a clear password policy, scan for duplicate passwords, and consider providing a company-supported password manager.

5. Criminals can exploit load shedding anxiety

One of the most significant risks from load shedding is the anxiety and panic it causes. Criminals can use these emotions in phishing attacks such as an email offering a super-cheap, high-end power supply (act now or lose it forever!). Users click on the link, thinking they will get a special deal, but they instead allow malware onto their system. Ensure your people are updated on their security hygiene, inform them to watch out for these attempts, and use periodic testing to demonstrate how an attack could happen.

Load shedding amplifies many risks around technology. Most of these are apparent, such as providing backup power. However, it’s important not to overlook the problems it creates for data and applications. Speak to an experienced digital business security provider to ensure your environment balances security and productivity when the lights go off.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Time is of the essence
Information Security
Ransomware attacks are becoming increasingly common. Yet, many individuals and organisations still lack a clear understanding of how these attacks occur and what can be done to secure their data.

All aspects of data protection
Technews Publishing Editor's Choice Information Security Infrastructure AI & Data Analytics
SMART Security Solutions spoke to Kate Mollett, Senior Director, Commvault Africa, about the company and its evolution from a backup specialist to a full data protection specialist, as well as the latest announcements from the company.

The song remains the same
Sophos Information Security
Sophos report found that telemetry logs were missing in nearly 42% of the attack cases studied. In 82% of these cases, cybercriminals disabled or wiped out the telemetry to hide their tracks.

How hackers exploit our vulnerabilities
Information Security Risk Management & Resilience
Distractions, multi-tasking, and emotional responses increase individuals’ vulnerability to social engineering, manipulation, and various forms of digital attacks; 74% of all data breaches included a human element.

Projections for 2024’s Advanced Threats Landscape
News & Events Information Security
Kaspersky Global Research and Analysis Team (GReAT) experts offer insights and projections for 2024 in the Kaspersky Security Bulletin, with a focus on the evolution of Advanced Persistent Threats (APT).

Veeam and Sophos in strategic partnership
Information Security
Veeam and Sophos unite with a strategic partnership to advance the security of business-critical backups with managed detection and response for cyber resiliency, and to quickly recover impacted data by exchanging critical information.

Expanding cellular IoT applications in the SA energy sector
IoT & Automation Power Management
Cellular IoT is a way of connecting physical devices to the internet through cellular networks. This is not a new technology, but it has the potential to revolutionise the energy sector in the country.

Unmasking insider risks
Information Security
In today’s business landscape, insider risks can manifest in various forms, including data theft, fraud, sabotage, insider trading, espionage, whistleblowing, negligence, truck hijacking, goods robbery from warehouses, and more.

When technology is not enough
Information Security
[Sponsored] Garith Peck, Executive Head of Department for Security at Vodacom Business, writes about the importance of creating a cybersecurity strategy in a world where threats never sleep.

Identity verification and management trends
Technews Publishing Information Security
Insights into what we can expect from identity fraudsters and the industry next year, ranging from criminal exploitation of AI and digital IDs to multi-layer fraud protection and the need for more control over personal information sharing.