What is offline secure storage?

Offline secure storage (OSS) is a data protection method where data is physically disconnected from the internet when not in use. Unlike cloud storage, data stored offline has zero remote attack surface — it cannot be hacked, ransomed or accessed remotely because it is not connected to any network. Firevault provides this through hardware-encrypted vaults that are physically isolated.

How does Firevault protect against ransomware?

Firevault protects against ransomware by physically disconnecting your data from the internet. Ransomware can only encrypt data it can reach over a network. When your data is stored offline in a Firevault, ransomware attacks cannot reach it. Even if your entire network is compromised, your offline vault remains untouched and intact.

How much does Firevault cost?

Firevault Vault starts from £75 per month (inc VAT) for individuals. Business Storage starts from £360 per month (inc VAT). Enterprise Platform pricing is available on request. All plans include hardware encryption, identity verification, and physical disconnection by default.

Who is Firevault designed for?

Firevault is designed for individuals protecting passports, wills and crypto keys; professionals such as solicitors, accountants and consultants protecting client data; SMEs and businesses protecting crown jewel data; and regulated industries including healthcare, financial services and legal sectors requiring offline backup for compliance with GDPR, NIS2, DORA and FCA regulations.

Is Firevault GDPR compliant?

Yes. Firevault is designed to support GDPR compliance by keeping sensitive personal data physically isolated and offline. Physical disconnection ensures data is not exposed to network-based attacks, supports data minimisation principles, and provides an audit trail of access. Firevault is also designed to support NIS2, DORA, FCA and SRA compliance requirements.

What is a physical air gap?

A physical air gap is a security measure where a computer or storage device is completely isolated from the internet and all unsecured networks. Unlike a logical or software air gap, a physical air gap cannot be bridged remotely. Firevault uses a Layer 1 physical air gap — your data is stored on hardware that is physically disconnected from any network when not in active use.

Back to Guides

Incident Responseadvanced

Operating Without Systems: Incident Response

When every connected system is encrypted or compromised, how does your team actually operate? This guide covers the practical reality of incident response when your tools, communications, and documentation are all unavailable.

12 min read

The First Thirty Minutes

The call comes at 3:00 AM. Ransomware has been deployed across your infrastructure. Domain controllers are encrypted. Email is down. The VPN concentrator is offline. Your team cannot access the building management system, the phone system, or the incident response platform.

This is not a drill scenario. It is the lived experience of thousands of UK organisations every year. And the first thirty minutes determine everything that follows.

Communication Without Infrastructure

The most immediate challenge is coordination. Your team needs to communicate, but every corporate communication channel depends on infrastructure that may be compromised.

Pre-Staged Communication Channels

Personal mobile numbers: A printed or offline-stored list of key personnel mobile numbers enables basic coordination
Pre-configured messaging groups: Signal or WhatsApp groups created before the incident, using personal devices, provide encrypted team communication
Out-of-band conference bridges: Pre-arranged dial-in numbers for conference calls that do not depend on corporate infrastructure

Every one of these requires prior preparation. The contact list must exist before the incident. The messaging groups must be created before the incident. The conference bridge must be arranged before the incident. Offline secure storage ensures this preparation survives the incident.

Decision-Making Without Data

Your monitoring dashboards are encrypted. Your asset inventory is inaccessible. Your network topology documentation is on SharePoint. How do you make informed containment decisions?

Pre-Staged Decision Support

Network topology maps: Printed or offline-stored diagrams of your network architecture enable containment decisions without access to monitoring tools
Critical services list: A prioritised list of business services and their infrastructure dependencies guides recovery sequencing
Vendor contact matrix: Third-party support contacts, contract numbers, and escalation procedures enable external assistance

Recovery Without Credentials

Your backup console requires Active Directory authentication. Your cloud console uses SSO. Your password manager is on a server that is encrypted. How do you actually begin recovery?

Break-Glass Credential Packs

Maintain offline copies of every credential needed to begin recovery from a total compromise:

Local administrator passwords for key servers
Backup console local authentication credentials
Cloud console root account credentials (not federated)
DNS registrar account access
Certificate authority root key material
Firewall and switch local admin credentials

The First 24 Hours: A Practical Sequence

Hour 0 to 1: Establish communication, assess scope, activate incident response team using offline contact details
Hour 1 to 4: Contain the attack using network topology documentation. Isolate affected segments. Preserve forensic evidence
Hour 4 to 12: Begin recovery using offline credentials. Prioritise identity infrastructure (domain controllers), then communication (email), then business-critical applications
Hour 12 to 24: Initiate regulatory notification using pre-staged templates. Brief the board. Engage external support using vendor contact matrix

What This Looks Like in Practice

An organisation with offline secure storage accesses their Vault within the first hour. They retrieve the incident response pack containing contact lists, credential packs, network documentation, and notification templates. Within four hours, they have contained the attack and begun recovery. Within 24 hours, they have restored core business services and initiated regulatory notification.

An organisation without offline preparation spends the first 24 hours trying to work out who to call, what credentials they need, and how to access their backup systems. Recovery takes weeks instead of hours.

Conclusion

Operating without systems is not a theoretical exercise. It is the reality of major cyber incidents. The organisations that recover in hours are those that prepared for exactly this scenario by maintaining critical response assets in physically disconnected storage. The preparation must happen before the incident. The offline storage must be in place before the attack. There is no improvisation that compensates for prior governance.