Spring World 2017

Conference & Exhibit

Attend The #1 BC/DR Event!

Bonus Journal

Volume 29, Issue 5

Full Contents Now Available!

The State of New York recently announced new regulations [PDF], set to take effect on March 1, that require banks, insurance companies and other financial services companies to establish and maintain cyber security programs that meet specific standards.

"As our global financial network becomes even more interconnected and entities around the world increasingly suffer information breaches, New York is leading the charge to combat the ever-increasing risk of cyber attacks," Maria T. Vullo, superintendent of the New York State Department of Financial Services, said in a statement.

The regulation requires companies to examine security at third party vendors, and to maintain a cyber security program that's adequately funded and staffed, overseen by qualified management, and reported on periodically to the organization's most senior governing body.

...

http://www.esecurityplanet.com/network-security/new-york-intros-new-cyber-security-rules-for-financial-companies.html

By now you’ll have read the troubling tale of alleged workplace sexual harassment as told by a former Uber employee on her personal blog.

As the LA Times reports, Uber CEO Travis Kalanick has called in former U.S. Attorney General Eric Holder to conduct an independent investigation and claimed that the blog post was the first he knew of the incident.

The allegations are a warning to the tech industry and its so-called rockstar culture, the LA Times notes.

The New York Times goes into more detail here.

...

http://www.iii.org/insuranceindustryblog/?p=4801

Friday, 24 February 2017 15:29

BCI: Incident micromanagement - good or bad?

The Business Continuity Institute

Yesterday I attended the Scottish Continuity Resilient Scotland Conference at the RBS Headquarters in Edinburgh. The opening speaker was John Swinney MSP, Deputy First Minister and Cabinet Secretary for Education and Skills. He began by talking about the need for resilience in Scotland, as well as the risk from cyber attacks and how we must all do our bit to protect our organisations from threats.

Outside the conference room Storm Doris was in full force, prompting questions about the severe weather. This discussion led to John Swinney mentioning the heavy snowfall of December 2010, which left hundreds of motorists stuck in freezing cold conditions overnight. He said that this situation should never be allowed to happen again. I’m not quite sure if this is because of the poor people left freezing in their cars, or because the Minister in Charge had to resign as a result of the incident!

One of the innovations the Scottish Government has implemented since the incident, is location finding equipment on each gritter lorry, allowing John Swinney to see exactly where every gritter in Scotland is at any one time.

I was surprised by this and wonder if it is a good idea for those managing at the most strategic level to have situational awareness of minute detail? When I am teaching incident management, I always say that members of the strategic team should not have direct communication with those at the operational level. All communication should go through the tactical team, otherwise those on the ground at an operational level will not know which person to listen to and what set of instructions to follow.

If those at the John Swinney level have access to the location of every gritter lorry, would they not try to interfere and redirect the vehicles to another area? Yet the Deployment Manager for the gritters knows their local area, where resources can be most effective, and have a tried and tested deployment plan. The danger is those at the strategic level thinking that they know better than those whose job it is.

In the same way, we see lots of action films where Special Forces are sent in to free hostages, while the generals watch the troops carrying out the attack in real time via video link from their bunker or headquarters. Should the generals be looking at this footage, with the chance that they might try and intervene in the situation or misinterpret what is going on on the ground?

I am still convinced that micromanagement is not good and generals should pace the bunker waiting for the commander to report the success (or otherwise) of the mission, instead of listening to the action as it happens. Technology makes this easier, but in the end I think strategic managers should keep their thoughts and interactions at a high level, letting those experts on the ground get on with what they know best.

Charlie Maclean-Bristol is a Fellow of the Business Continuity Institute, Director at PlanB Consulting and Director of Training at Business Continuity Training.

Friday, 24 February 2017 15:28

BCI: BCAW 2017 posters

Cyber security is everyone’s responsibility

Play your part in building a resilient organization

This is the message we want to get across during Business Continuity Awareness Week (15th – 19th May). We want people to see realise that cyber security is everyone’s responsibility, not just those in the IT department. We all have a role to play in building resilient organizations whether it is ensuring that we have a secure, safe password, or whether it is making ourselves more aware of the potential risks.

To help you in promoting this theme, the Business Continuity Institute has created six posters that make the statement above, offering ideas on what individuals can do to play their part. Obviously there are many more, and we’d love to hear from you about them.

The posters are free to download either as a PDF in various shapes and sizes, or as a PNG. They are also available with or without bleeds depending on whether you would like to print from your own computer, or you would like to get them professionally printed. Click on the links below to download the version(s) you would like.

Make sure you display these posters prominently in your workplace or any other suitable location to help raise awareness, and share the image versions through your social media channels to really spread the message.

Without bleeds – ideal for personal printing

A4
A3
A2
A1
Ledger
Letter

A4
A3
A2
A1
Ledger
Letter

A4
A3
A2
A1
Ledger
Letter

With bleeds – ideal for professional printing

A4
A3
A2
A1
Ledger
Letter

A4
A3
A2
A1
Ledger
Letter

A4
A3
A2
A1
Ledger
Letter

Image files – ideal for social sharing

PNG

PNG

PNG

Without bleeds – ideal for personal printing

A4
A3
A2
A1
Ledger
Letter

A4
A3
A2
A1
Ledger
Letter

A4
A3
A2
A1
Ledger
Letter

With bleeds – ideal for professional printing

A4
A3
A2
A1
Ledger
Letter

A4
A3
A2
A1
Ledger
Letter

A4
A3
A2
A1
Ledger
Letter

Image files – ideal for social sharing

PNG

PNG

PNG

The Business Continuity Institute

The countdown has begun for Business Continuity Awareness Week (15th - 19th May 2017). We are only a few months away, and now we have published the posters that will be used to promote the week. The theme for BCAW this year is cyber security, and we have produced a series of six posters that all display the message:

Cyber security is everyone's responsibility
Play your part in building a resilient organization

The posters all highlight an activity that each and every one of us can do in order to help improve cyber security, not just within our organization, but within our own personal cyber world as well. They all seem quite simple, and you might think we shouldn't need reminding of these, but the report we will be publishing during BCAW suggests otherwise.

The posters are free to download either as a PDF in various shapes and sizes, or as an image file. They are also available with or without bleeds depending on whether you would like to print from your own computer, or you would like to get them professionally printed. Make sure you display these posters prominently in your workplace or any other suitable location, and share the image versions through your social media channels to really spread the message.

Email automation platform Mailgun has raised $50 million in financing as it spins out from Rackspace and becomes an independent company.

Rackspace acquired Mailgun in August 2012 to add an easy-to-use email delivery service for developers. Mailgun offers a set of APIs that allows users to send, receive and track emails from within their applications.

The $50 million financing round is led by Turn/River Capital with participation from Scaleworks and Rackspace. The funding will help accelerate Mailgun’s product roadmap, drive growth initiatives and expand customer support, according to an announcement on Wednesday.

...

http://www.datacenterknowledge.com/archives/2017/02/23/email-delivery-platform-mailgun-spins-rackspace-raises-50m-financing/

Thursday, 23 February 2017 15:54

Is It Time to Rename Malware as Sneakyware?

Malware (Sneakyware) is the software that gets into your system and causes havoc, unless you detect it and neutralize first.

To detect malware, a common approach has been to place suspicious files in a “sandbox”, which is an isolated space in an IT system.

The idea is that the malware behaviour can then be engaged harmlessly, and the malware then quarantined or eliminated.

However, malware creators being sneaky by nature, new, advanced forms of malware now detect such sandboxes and take evasive action. If you thought sandboxing was the end of your malware worries, the following list of sneakyware tricks should convince you otherwise.

...

http://www.opscentre.com/time-rename-malware-sneakyware/

BATON ROUGE, La. — If you’re a Livingston or Orleans parish resident recovering from the recent tornado disaster but you don’t have flood insurance, don’t worry. You may be eligible for FEMA or SBA assistance.

The disaster declaration on Feb. 11 for Livingston and Orleans parishes was a wind-related event. Damage is considered to be the direct impact of wind from tornadoes. FEMA may have required some survivors who previously received federal disaster help to maintain a flood insurance policy. Those who didn’t maintain a policy may still be eligible for FEMA help.

Livingston and Orleans parish residents are encouraged to apply for FEMA assistance online at DisasterAssistance.gov or by phone (voice, 711 or relay service) at 800-621-3362. TTY users should call 800-462-7585. Toll-free lines are open 7 a.m. to 10 p.m. seven days a week. You will be asked to provide:

  • Social Security number
  • Address of the damaged primary residence
  • Description of the damage
  • Information about insurance coverage
  • A current contact telephone number
  • An address where they can receive mail
  • Bank account and routing numbers for those preferring direct deposit of funds

Once you register with FEMA, you can also stay in touch with the agency by calling the FEMA helpline listed above. Additional information is available online at DisasterAssistance.gov.

FEMA disaster assistance is short-term and not the same as insurance.

Policyholders should contact their insurance adjuster to file a claim for tornado damage. FEMA may help if your insurance doesn’t cover certain disaster-related needs or you don’t have insurance.

Homeowners may receive help to repair disaster-related damage to their primary residence so it’s safe, sanitary and functional. Assistance only provides the basic needs for a home to be habitable.

FEMA’s minimum home repair program is not intended to repair your home to its pre-disaster condition.

Also, homeowners and renters may receive help with paying rent if they can’t return home and may help with other serious disaster-related needs, such as medical and dental expenses.

U.S. Small Business Administration (SBA) Loan Assistance

Low-interest disaster loans from the SBA are available for businesses, private nonprofits, homeowners and renters. Disaster loans cover losses not fully compensated by insurance or other recoveries.

SBA customer service representatives will be available by phone at 800-659-2955 to answer questions, explain the application process, help small businesses apply for a low-interest economic injury disaster loan and help individuals and business owners close their approved disaster loans. Deaf and hard-of-hearing individuals may call 800-877-8339. For disaster program information visit SBA.gov/disaster. Applicants may also contact SBA by email at This email address is being protected from spambots. You need JavaScript enabled to view it..

For information call the FEMA helpline at 800-621-3362, download the FEMA mobile app, or go online to DisasterAssistance.gov or fema.gov/disaster/4300.

As with anything else in your organization, the way to ensure a job gets done properly is to educate the people that need to do the jobs. In other words, training is integral to any program.

We’ve all been through the annual awareness training, where we sit and listen to, or read, the information on the screen and pay enough attention to click through the test if there is one. Your participation can then be checked off, but did you really learn anything?

Role-specific training can be helpful as a way to make a more lasting impression. Ask developers to take specific security-related training for the language and platform they code on, and provide different training for your customer-facing people. Employees that handle sensitive data like employee data and payment data need specific and focused training to understand their importance in the bigger security posture.

...

http://www.mir3.com/make-cybersecurity-plan-training-people/