Wildfire Aftermath: “Our Security Held”

Lessons Learned from Institutions in the Path of CA Blaze

What is the biggest lesson learned from the fast-moving wildfires that scorched a seven-county wide swath of Southern California in late October? “Have a plan.”

See Also: How to Build Your Cyber Recovery Playbook

Financial institutions in the area were forced to temporarily close branches and initiate their emergency response plans across seven counties. (See related story: Banks Feel the Heat). As institutions resume business as usual, executives reflect on the success of their emergency planning.

Earthquake Comparisons

Ben Loveless, Senior Vice President and Director of Operations for First Enterprise Bank, says his bank has pinpointed several parallel issues to earthquake preparedness that they plan to add to the bank’s Business Continuity Plan (BCP).

“The fire situation did not directly impact our Orange County branch or our main Los Angeles office,” Loveless says. “However, there were several freeway and street closures that disrupted commuter and business travel in a way very similar to the events surrounding the Northridge earthquake. (Northridge registered 6.7 on the Richter scale and caused more than $12 billion in losses to the Los Angeles area in January, 1994).

“We did have to deploy some employees to different branches because they could not get to the branch to which they were assigned,” he says. “We also had to move some courier routes and schedules around.”

Based on his wildfire experience, Loveless says the bank will address these issues when tweaking its BCP:

  • Employee commuting trends,
  • Short term power loss,
  • Courier rerouting,
  • Cash availability to customers.

Remote Emergency Management

For officers at San Diego National Bank, the wildfires proved to be an exercise in remote emergency management. With the downtown headquarters tucked safely away from the fire raging in the hills, officers jumped into action, instituting an emergency readiness plan that focused on communicating with employees and customers, many of whom were evacuees.

“It was interesting, because the city and the county pretty much shut down business because so many people were displaced and didn’t go to their jobs, so there wasn’t much banking activity,” says Kristy Gregg, VP of marketing and community relations for SDNB.

For the first two days of the emergency, 10 of 22 branches were closed, and efforts were made to redirect customers to branches that remained open, routing calls and requests through headquarters, and making sure employees were safe and accounted for. For one employee, it was a close call, with fires burning through a backyard, but failing to reach the house.

But like many institutions with the best-laid plans, an actual disaster laid bare the organization’s ability to improvise. For the most part, SDNB handled the challenges. But Gregg says that the bank will take a harder look at how communications were handled, especially online.

Website information could have been more complete, she says. But the problem had a lot to do with the fluidity of the emergency -- the uncertainty of the fire’s movement and the ability of firefighters to contain it.

“Our emergency line is always there, but we didn’t implement our website [emergency information plan] because there wasn’t enough time, and we didn’t want to start telling people something, to direct them elsewhere, if that was going to change,” says Gregg. “I think, if our branches had been closed longer than a day, we should have had something that went up on the website, and probably sooner. That probably didn’t happen as quickly as it should have. We were in a sort of quandary of putting something out there that wasn’t going to be accurate for more than a 12-hour period.”

Communications Lesson

Communications became a major lesson for officers at First Future Credit Union, as well, says John Elington, FFCU’s director of information technology.

The credit union had two branches that were threatened directly by the fire line -- one in Poway, the other in Escondido. An emergency hot line put in place after the 2003 fires, as well as the public website, was used to deliver messages to employees and customers. “We were more proactive in our communications [than last time],” says Elington.

The credit union closed all its branches on Monday of that week and reopened five of 17 branches on Tuesday. Per their plan, officers also reserved three rooms at a nearby hotel -- one of which ended up being used by the CEO, who was one of the more than 500,000 people evacuated from their homes. Other rooms were taken up by support staff who manned the corporate office 24 hours a day for the three critical days of the event.

One early lesson learned, Elington says, is that even a large disaster doesn’t always overshadow people’s insistence on going on with daily life. Indeed, First Future experienced higher than expected transaction volumes on Tuesday, the midpoint of the emergency. “The city as much as possible tried to conduct business as close to normal as they could,” he says.

Corporate officers also found themselves relying more than expected on local branch managers to make on-the-ground assessments, which were then acted on by corporate office staff.

“On Wednesday, we had a 6 a.m. meeting and made the decision to open all of our branches from 9 a.m. to 3 p.m. with the exception of Poway and Escondido,” Elington says. “We asked the branch managers of those two branches to assess the situation, what the air quality was, was it viable, and when we got those reports back we went ahead and opened those branches as well. On Thursday, we went back to normal hours.”

Preparedness paid off in many ways. For the first time since the 2003 fires, corporate offices lost electricity. But the “unplanned test” of the new backup generator showed that it worked “like a jewel,” Elington says, and the institution’s secure servers never went down. “Our security held.”
Linda McGlasson contributed to this report.

About the Author

Patrik Jonsson

Patrik Jonsson is an award-winning, Atlanta-based writer with over 15 years experience writing about business, technology and security.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.in, you agree to our use of cookies.