Casual spectators of business behavior can't help being jaded; every day they see news stories about corporate fraud, security breaches, delayed safety recalls, and other sorts of general malfeasance. But what they don't see is the renewed time and investment companies around the world are putting toward implementing and reporting on responsible behavior (this less sensational side of the story gets far less coverage).
This week, Nick Hayes and I published an exciting new report, Meet Customers' Demands For Corporate Responsibility, which looks at the corporate responsibility reporting habits of the world's largest companies. While it's easy to think that the business community is as dirty as ever, we actually found a substantial increase over the past 6 years in what these companies included in their CSR and sustainability reports.
It’s that time of year again…most people are slowing down for the Christmas break. The raft of out-of-office replies from the second week in December seem to increase by the hour as people begin to use up the last dregs of annual leave and head out in to the busy shops. Others are using this time of year as an opportunity to reflect on the previous 12 months. As its BlueyedBC’s 1st Birthday I thought it was only right to get all reflective on you guys!
The Birth of BlueyedBC
Okay, so in the autumn of 2013, professionally, I was not in a very good place at all. I was unqualified, on to my 3rd BC job in less than 12 months and deeply lacking in confidence. My peer group networks were virtually non-existent because I hadn’t built it up yet and if I’m being honest I was quite angry and frustrated with the way things were going.
So I decided in my wisdom to pick up a pen and paper and write some of my thoughts down. It started by blaming virtually everyone else except myself for the recent challenges in my career. Once I started writing I found that I couldn’t stop…venting my frustrations became like an addiction to me. I had several difficult years of trying to make it as a professional post university with all this pent up feeling inside of me and I was rapidly running out of ink! It wasn’t long before my scribbles became small chapters in their own right and this is when I submitted my first (rather unfair) scathing review of my experience in the industry to Continuity Central who kindly released it to the BC world.
In our increasingly competitive business environment, companies everywhere are looking for the next new thing to give them a competitive edge. But perhaps the next new thing is applying new techniques and capabilities to existing concepts such as risk management. The exponential growth of data as well as recent technologies and techniques for managing and analyzing data create more opportunities.
Enterprise risk management can encompass so much more than merely making sure your business has purchased the right types and amounts of insurance. With the tools now available, businesses can quantify and model the risks they face to enable smarter mitigation strategies and better strategic decisions.
The discipline of risk management in general and the increasingly popular field of enterprise risk management have been around for years. But several recent trends and developments have increased the ability to execute on the concept of enterprise risk management.
As the complexity and diversity of devices, platforms and modes of interaction advance, so do the associated risks from malicious individuals, criminal organisations and states that wish to exploit technology for their own purposes. Below, Michael Fimin, CEO at Netwrix, provides his major observations of IT security trends and the most crucial areas to keep watch over in 2015:
Many individuals and enterprises are already using cloud technologies to store sensitive information and perform business critical tasks. In response to security concerns, cloud technologies will continue to develop in 2015, focusing on improved data encryption; the ability to view audit trails for configuration management and secure access of data; and the development of security brokers for cloud access, allowing for user access control as a security enforcement point between a user and cloud service provider.
As the adoption and standardisation of a few select mobile OS platforms grows, the opportunity for attack also increases. We can expect to see further growth in smartphone malware, increases in mobile phishing attacks and fake apps making their way into app stores. Targeted attacks on mobile payment technologies can also be expected. In response, 2015 will see various solutions introduced to improve mobile protection, including the development of patch management across multiple devices and platforms, the blocking of apps from unknown sources and anti-malware protection.
Software defined data centre
’Software defined’ usually refers to the decoupling and abstracting of infrastructure elements followed by a centralised control. Software defined networking (SDN) and software defined storage (SDS) are clearly trending and we can expect this to expand in 2015. But while these modular software defined infrastructures improve operational efficiency, they also create new security risks. In particular, centralised controllers can become a single point of attack. While the adoption of this approach is not widespread enough to become a common target for attacks, as more companies run SDN and SDS pilots in 2015, we expect their security concerns will be raised. This will result in more of a focus on security from manufacturers, as well as new solutions from third party vendors.
Internet of things
The Internet of things (IoT) universe is expanding with a growing diversity of devices connecting to the network and/or holding sensitive data - from smart TVs and Wi-Fi-connected light bulbs to complex industrial operational technology systems.
With the IoT likely to play a more significant role in 2015 and beyond, devices and systems require proper management, as well as security policies and provisions. While the IoT security ecosystem has not yet developed, we do not expect attacks on the IoT to become widespread in 2015.
Most attacks are likely to be ’whitehat’ hacks to report vulnerabilities and proof of concept exploits. That being said, sophisticated targeted attacks may go beyond traditional networks and PCs.
Next generation security platforms
In 2015 and beyond, we can expect to see more vendors in the information security industry talking about integration, security analytics and the leveraging of big data. Security analytics platforms have to take into account more internal data sources as well as the external feeds, such as online reputation services and third party threat intelligence feeds. The role of context and risk assessment will also become more important. The focus of defence systems becomes more about minimising attack surfaces, isolating and segmenting the infrastructure to reduce potential damage and identifying the most business critical components to protect.
Looking back at previous years, new security challenges will continue to arise, so IT professionals should be armed with mission critical information and be prepared to defend against them.
When the topic of cybersecurity comes up at your organization, I’m guessing your executives immediately look to the CIO – yourself included. After all, when you’re talking about data, about information access and about the technology needed to keep both safe from unwanted activities, you assume IT has it covered. And your organization isn’t the only one operating under this assumption – far from it.
According to a report by Kroll and Compliance Week, three-quarters of Compliance Officers have no involvement in managing cybersecurity risk. Plus, 44 percent of respondents revealed that their Chief Compliance Officer is only given responsibility for privacy compliance and breach disclosure after a security incident has taken place and plays zero part in addressing the risks beforehand.
Here’s the problem with that approach: many breaches are preventable. According to the 2013 Verizon “Data Breach Investigations Report,” 78 percent of initial intrusions are rated as “low difficulty.” Now, don’t get me wrong: hackers are extremely crafty and are scheming new tactics as I write this. But part of the reason they are able to get their hands on data that isn’t theirs is because organizations simply aren’t prepared.
The festive season is upon us and, assuming there are no postal strikes, Christmas Cards in their billions will be delivered to homes across the world spreading peace, joy and goodwill. Of course the Business Continuity Institute shares those same sentiments but, as has become tradition, we have decided not to send cards. Instead we will donate the money to those who need it more than we do.
This year, with the deadly virus Ebola high on our radar, we will be supporting Unicef in fighting this outbreak. As of the 1st December 2014, the total reported number of confirmed, probable, and suspected cases in the West African epidemic was 15,935 with 5,689 deaths. "Thousands of children are living through the deaths of their mother, father or family members from Ebola" said Manuel Fontaine, UNICEF Regional Director for West and Central Africa. "These children urgently need special attention and support; yet many of them feel unwanted and even abandoned. Orphans are usually taken in by a member of the extended family, but in some communities, the fear surrounding Ebola is becoming stronger than family ties."
As business continuity professionals, our role is to make sure that our organizations can continue to operate in the event of a 'disruption' but how would you prepare for a crisis of this magnitude? Can you prepare for a crisis of this magnitude? How do you continue to operate when death lurks around every corner and lives are consumed by fear? Fortunately most of us will never have to experience this, but we can play our part in helping those who do, which is why we are making this donation. If you would also like to make a donation to Unicef and help fight the spread of Ebola then please click here.
The BCI would wishes all our Chapter Leaders, Forum Leaders, the BCI Board, Global Membership Council and fellow business continuity practitioners around the world, Seasons' Greetings and a healthy 2015.
Note that the BCI Central Office will be closed on the 25th and 26th December and the 1st January 2015, re-opening on Friday 2nd January 2015. On the days between Christmas and New Year, the office will be staffed between 10am and 3pm only (GMT).
A recent court decision about the Target breach should have businesses of all sizes taking note.
“Although the third-party hackers’ activities caused harm, Target played a key role in allowing the harm to occur,” Magnuson wrote in his ruling. “Indeed, Plaintiffs’ allegation that Target purposely disabled one of the security features that would have prevented the harm is itself sufficient to plead a direct negligence case.”
While most risk professionals are satisfied with their insurers and brokers, those from of organizations with enterprise risk management (ERM) programs were the least content, according to the inaugural J.D. Power and Risk and Insurance Management Society (RIMS) 2014 Large Commercial Insurance Report.
The full report, based on findings of the J.D. Power 2014 Large Business Commercial Study, slated for release in February 2015, examines industry-level performance metrics among large business commercial insurers and brokers. The study, which interviewed almost 1,000 risk professionals, highlights best practices that are critical to satisfying them.
As an information technology (IT) leader dealing with the intricacies and complexities of enterprise technology every day, I can tell you this: it’s not the technology that is the toughest thing to change in IT. It’s the people. Here’s my personal take on 4 of the hardest IT transformations to implement – and how people make or break those changes.
1. Going global
There’s no question that transforming your company from regional-based systems to global systems is a big job. Global applications, global processes, global networks … that takes tech expertise to the nth degree. You need to talk with the regions, departments, and teams to ensure that you have all the business requirements clear and know how the end-to-end processes now need to work before you can consolidate disparate systems or stand up new ones.
That being said, chances are that you’ll find those separate regions have their own cultures, methodologies, goals, and initiatives … and they like it that way. It often works, and works well – for them. The most important thing when talking to these regions is to remember that people want to be heard and valued for their expertise. This doesn’t mean they’re absolutely tied to the old way of doing things. Most likely, they simply want to provide context so that their voices and inputs are considered in the new direction.
So as you transform your ERP apps to span the world, or plug in new SaaS apps to transform the user experience, you simultaneously need to build a culture that helps people move out of their regional silos. Hear what they have to say before you encourage them to embrace a new perspective. Having listened, you can then encourage them to look at what is best for the company and for the customer overall. Let them see the benefits that will come from globalization, such as the removal of inconsistencies or duplication. Acknowledge that they are giving up something when they lose their regional approach, but assure them that there are great answers to the ever present question “WIIFM”: “What’s in it for me?”
Claims Team in Place to Address Severe Weather in the West
LOS ANGELES -- The stream of tropical moisture referred to as the Pineapple Express continues to cause damage in Northern California, Oregon and Southwest Washington. Wind gusts of 60 mph have been reported in the path of the storm and have resulted in downed power lines and trees.
Farmers Insurance advises residents in the path of this storm to protect themselves and their families (including their pets). Farmers reminds everyone to ensure they have a list of emergency contacts, water, canned food, a battery powered radio and a backup power supply for their cell phone, among other items that may be needed during a power outage. A list of items that can go in a family emergency kit can be found at www.Farmers.com/catastrophe/family-emergency-kit.
The Farmers Insurance claims team is working around the clock to track the weather system and prepare a quick and efficient response to customers. >From preparing additional call handlers in their multiple call centers across the country to placing national catastrophe claims handling staff on standby, Farmers Insurance is ready to ensure a speedy recovery for customers.
"At Farmers Insurance our claims staff continually prepares for severe weather events such as this," stated Keith Daly, Farmers chief claims officer. "We know that the path to a fast recovery starts with by being prepared for a fast, efficient response."
Daly advises that all Farmers customers who suffer damage from severe weather should file their claims at www.farmers.com, through their agent, or by calling the 24-hour claims center. Daly also noted that anyone in the path of this storm should closely monitor their local news stations for updates and follow the advice and directions of local authorities.
Farmers Claims Contact Center number: 1- 800-435-7764.
Foremost and 21st Century customers can also use the 1-800-435-7764 number for immediate assistance.
Bristol West customers can call 1-800-274-7865 for immediate assistance.
Spanish-language claims assistance is available to Farmers customers by calling:
Farmers Insurance Group of Companies is a leading U.S. insurer group of automobiles, homes and small businesses and also provides a wide range of other insurance and financial services products. Farmers Insurance is proud to serve more than 10 million households with more than 20 million individual policies across all 50 states through the efforts of over 50,000 exclusive and independent agents and approximately 22,000 employees.
For more information about Farmers, visit its Web site at www.farmers.com or at www.Facebook.com/FarmersInsurance.