I follow quite a few small to midsize business (SMB) accounts on Twitter, and noticed that many this week had joined a chat about data privacy for small business (#chatDPD). The topics ranged from the Internet of Things (IoT) to what SMBs know about data privacy.
One tweet in particular caught my eye. It was from AT&T Small Business (@ATTSmallBiz) and it said “Security & privacy must work together, but privacy includes how data is used by your biz and vendors.”It struck a chord with me because I recall a recent event where AT&T found that a breach in its data systems was caused by a vendor whose employee accessed accounts “without authorization.” Of course, I’m sure the person Tweeting was aware of the instance, but their tips and views on the privacy chat definitely hold true for both large enterprises and SMBs.
One other thing @ATTSmallBiz pointed out was how SMBs may have policies to guard against cybersecurity issues, but they may not be as detailed or strong as they should be. Also, small businesses may not have IT staff to reinforce such policies. @ATTSmallBiz said:
What do Sayada, Tunisia, and Red Hook, Brooklyn, have in common? At first glance, not much. One is a fishing town on the Mediterranean Sea. The other is a waterfront neighborhood in an industrial section of America’s largest city. But both are using a networking technology that is cheap, relatively easy to set up, and remarkably resilient and secure.
Called a mesh network, the technology lets users connect directly to each other rather than through a central hub. For the citizens of Sayada, that means they can create a community network free from government surveillance or interference. For residents of Red Hook, the local mesh network helps them stay connected during power outages.
Of course, mesh networks aren’t new. They’ve been operating in Europe for years. They are, however, relatively new to the U.S., where they are just starting to catch on. In Detroit, where some neighborhoods don’t have access to broadband, mesh networks are seen as a low-cost solution to the digital divide that exists there. And for many local governments, mesh networks are a relatively simple way to offer high-speed Wi-Fi. Ponca City, Okla., has adopted mesh as a means of delivering free wireless broadband to all of its 25,000 residents.
Let’s face it: Whether or not policies are in place to prohibit it, business units frequently circumvent the IT department and go out on their own to source the IT products and services they feel they need to stay competitive. So when that happens, who’s really at fault—the business unit, or the IT department?
I recently discussed this topic with Kent Christensen, virtualization and cloud practice director at Eden Prairie, Minn.-based cloud services provider Datalink, who sees the circumvention all the time.
“It’s kind of a given,” Christensen said. “Every organization knows it’s either happening, or somebody has a desire for it to happen.”
Many organizations fail to acknowledge that the scenario most likely to cause a business disruption is an electrical outage. Without power, everything can grind to a halt.
A sudden loss of electrical power can result from weather, mechanical malfunction, human error or any number of other less common causes (sabotage, solar flares, etc.). Minutes or days may pass before power is restored. What should you do to prepare?
Create a Power Outage Policy
A policy may take the form of “How long will we wait before we let everyone go home?” That’s practical, but not a very effective Business Continuity strategy. Or make dismissal decisions based on time-of-day: if the RTOs (or MAD) for local business processes are greater than the hours remaining in the workday, everyone goes home.
BCM experts and practitioners offer insights to raise the profile and relevance of business continuity professionals
PLYMOUTH MEETING, Pa. – Strategic BCP®, a team of business continuity planning (BCP) and management specialists, has announced the availability of its new blog featuring expert content on the topics that help streamline BCP for enterprise resilience and that raise the profile and relevance of business continuity (BC) professionals across their organizations.
The blog acts as an open forum to share ideas that are driving and challenging BCM strategies today. Its content will be comprised of insights authored by Strategic BCP contributors and guest bloggers, tapping into the vast industry knowledge and experience as hands-on consultants and as managers of BC, disaster recovery (DR), and information technology (IT).
Topics will offer best practices, lessons learned, and real-world success examples. Current BCP software considerations, processes, and compliance standards will also be discussed.
Our bloggers currently include:
Frank Perlmutter (CBCP, MBCI): Founder of Strategic BCP & Former DR/COOP (Continuity of Operations Planning) Manager for the U.S. Department of the Treasury
Dave Olkowski (CBCP, MBCI): Senior Manager & Former BC Analyst at MBNA America Bank
Cherie Taylor (CBCP): Senior Manager & Member of the Business Continuity Planners Association (BCPA) Board of Directors
Chris Duffy (CISSP): Senior Manager & Former CIO at Peirce College in Philadelphia
“As colleagues with common goals, there’s no shortage of information to be shared given how complicated this industry can be,” says Kimberly Lawrence (ABCP), Vice President and Business Continuity Program Manager at Umpqua Bank (formerly with Sterling Bank before the merger). “Unbiased viewpoints from real practitioners can help both newcomers and even seasoned pros who are responsible for BC planning.”
Some recent posts include:
About Strategic BCP
Strategic BCP® represents a team of business continuity management specialists who empower organizations of all sizes to build cost-effective, action-based plans that can be implemented immediately in the event of downtime. The company’s award-winning BCM software, ResilienceONE®, integrates risk assessment and management, BC plan development and maintenance, incident management, and compliance issues in one comprehensive easy-to-implement solution. It features proprietary algorithms and metrics that automate cumbersome tasks and provide comprehensive insight into an organization’s risk profile. Strategic BCP complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework. More information: www.strategicbcp.com.
A new report by EEF, the manufacturers' organization, warns the UK Government to act over escalating risks to the UK's supply of essential materials. It says that the global growth in middle-class consumers, increased demand for all commodities and an over-reliance on China for strategic supplies, is leaving the UK vulnerable. But, while other manufacturing nations have strategies in place to shield their economies from resource risks, the UK is lagging behind.
The report ‘Materials for Manufacturing: Safeguarding Supply’ digs behind concerns raised by UK manufacturers that volatile material prices and security of supply pose a threat to growth and confirms that the UK does indeed face escalating risks.
Globally, the consuming middle classes are expected to swell from 1.8 billion people to 4.9 billion by 2030. Demand for all commodities is expected to rocket by 30 to 80 percent by 2030. However, the UK's supply of essential materials – ranging from silicon metal and rare earth elements through to coking coal - is concentrated. China is the leading supplier of materials to the UK, producing 22 of 38 elements of strategic economic value. These are minerals and metals that are vital to British manufacturing.
The BCI Diploma is the unique and only BC award that provides a route to Institute membership on one hand, and a significant development in confidence, capability and subject understanding and knowledge in those who are successful in achieving it on the other.
The designation DBCI shows that the holder has gone the significant extra distance and studied BCM in depth, looking far beyond frameworks and simple guidance, and researching the subjects related to continuity, resilience and associated issues in significant depth. The DBCI also indicates that the holder has the potential to succeed at postgraduate level, and we have several graduates from the Diploma now enrolled on our MSc Organisational Resilience.
When hospitals moved from film-based hardcopy systems to electronic images, they began to generate large amounts of data held on PACS – Picture Archiving and Communications Systems. Hospitals use various ‘modalities’ to scan patients, including Computer Tomography, Magnetic Resonance Imaging and Ultrasound systems. These modalities must regularly (and frequently) upload the scanned images to the PACS, where they can be stored, sequenced for retrieval and made available for remote diagnosis. However, a PACS is often a potential single point of failure with inevitable downtime – which is where the DR lessons start.
School shootings have captured the attention of the American public and certainly school administrators, who feel compelled to do something to prevent or mitigate the effects of a similar incident taking place on their grounds.
Solutions — in the form of cameras, metal detectors, buzzers, bulletproof white boards and the like — are coming out of the woodwork and are being foisted upon administrators. There is a lot of training available too, such as the Run, Hide, Fight video that demonstrates what to do in the event of an active shooter, including taking down an armed gunman.
But there are problems with these approaches and educators are missing key elements of managing these scenarios by relying on some of the technology fixes and the active shooter training, some experts say.
The Run, Hide, Fight training is an alternative to waiting for law enforcement to arrive, which is ineffective since most violent acts are usually over in minutes, before law enforcement arrives. The objective of the training videos is to condition students and administrators, anyone faced with the potentially deadly situation of an active shooter, to recognize the best avenues for avoiding bloodshed.
National Institutes of Health workers preparing to move a lab in Bethesda, Md., found an unwelcome surprise in a storage room this month: six vials of smallpox.
There is no evidence that any of the vials was breached, and no lab workers or members of the public were exposed to the infectious and potentially deadly virus, the federal Centers for Disease Control and Prevention said in its announcement Tuesday.
The vials labeled variola — a name for the smallpox virus — were found July 1 “in an unused portion of a storage room” and seem to date to the 1950s, the CDC said. They were freeze-dried, intact and sealed, forgotten and packed away in a cardboard box, officials said.
The vials were "immediately secured" in a containment lab, then transported via government aircraft Monday to the CDC’s containment facility in Atlanta, it said.