Spring World 2017

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 29, Issue 4

Full Contents Now Available!

Industry Hot News

Industry Hot News (6692)

The length of time victims wounded in school shootings and terror attacks must wait for help from an EMT could be minutes or hours—during which time they could bleed to death. This has happened in a number of cases, including a shooting at an Orlando nightclub in June, when a woman bled to death while waiting for help to arrive.

These incidents have prompted the Department of Homeland Security’s Stop the Bleed campaign, a nationwide initiative to empower individuals to act quickly and save lives in emergency situations. Bystanders are asked to take simple steps to keep an injured person alive until medical care is available. Security guards, custodians, teachers and administrators are being trained at schools and other places to administer first aid until help arrives.



Your organization's actual ability to respond to and recover from an event is directly related to employee readiness across the organization.

It is important to note that too many times we train only those directly involved in key recovery positions and do not train the lower levels of the organization. To determine employee readiness, or how well employees are prepared, ask people across the organization if they know what BCP is or what they are supposed to do in an emergency. If possible, ask not only individual contributors, but senior management as well.

It is important to note that too many times we train only those directly involved in key recovery positions and do not train the lower levels of the organization. To determine how well employees are prepared, ask people across the organization if they know what BCP is or what they are supposed to do in an emergency. If possible, ask not only individual contributors, but senior management as well.

Employee readiness must be heightened both at work and at home. If people are not available because of their personal situation, they cannot assist with any business recovery. Remember, individuals will be most concerned about themselves and their family (and rightfully so). If their personal situation is not safe or stable, they will be distracted at best, or unavailable at worst.



Wednesday, 07 December 2016 00:00

The Key Elements of the Hybrid Cloud

The hybrid cloud is evolving along a strange sort of dichotomy as the year comes to a close: It is getting easier to deploy but more challenging to optimize.

This is partly due to the fact that the enterprise itself is tasked with managing multiple types of workload – everything from traditional business applications to mobile computing and device-driven analytics. But it also points to the fact that the hybrid cloud is not a single entity but a collection of components that must work together near-flawlessly in order to provide the seamless data experience that users expect.

Tech writer Alan Joch noted on BizTech recently that the emergence of turnkey solutions and hybrid management tools is making it easier to deploy distributed cloud environments. Leading IT vendors have taken to leveraging both their home-grown systems portfolios and third-party contributions to craft hybrid architectures that can be easily launched and then quickly scaled to production-level environments. VMware’s Cross-Cloud Architecture, for example, provides for consistent deployment models, security policies and governance across multiple clouds and can be delivered under the company’s Cloud Foundation architecture that incorporates legacy platforms like vRealize, vSphere and NSX software-defined networking.



Having an adjuster with the National Flood Insurance Program (NFIP) come to your home isn’t the same as having your homeowner’s insurance agent or a FEMA inspector assess your damages.

FEMA Individual Assistance (IA), homeowners insurance and flood insurance are three different programs.

Homeowner and business insurance policies usually don’t cover flood damage. They generally do not. Disaster officials recommend:

  • If you have flood insurance, call your agent right away.
  • If you have homeowners insurance, call your agent right away.
  • If you had damages and haven’t registered with FEMA, do so right away.

Receiving a flood claim inspection, registering with your city’s emergency management agency, registering with the Virginia Department of Emergency Management (VDEM), the Red Cross, or with any other charitable organization is NOT the same as registering with FEMA or having a homeowner’s or flood insurance policy.

If you have dual insurance, you need to contact both your homeowners insurance and your NFIP flood insurance agent as well as register with FEMA to initiate individual recovery assistance. The deadline to register with FEMA is January 3, 2017. The deadline to file a flood-loss claim is February 7, 2017.

The deadline date for filing an NFIP flood insurance claim has been extended from 60 to 120 days from the date the flood damage occurred. After contacting your flood insurance agent, the claims process begins with your sending in ‘proof of loss’ paperwork. The flood claim process commonly follows this timeline: 

  • An adjuster will usually call you within 24 to 48 hours after you notify your agent about the flood damage.

  • Once contacted, a claims adjuster will visit to open the claim. In disasters such as Virginia, some adjusters may have hundreds of policy holders to service.

  • Policyholders have 120 days after the date of the loss to file proof of loss paperwork. This sworn statement may have to be notarized.

    • For instance, if you send in your proof of loss at 28 days, it can take at least 14 to 20 days more after that to review and process for payment.

    • It can take another 20 days to process the claim for payment—and at times only a partial payment can be made.

  • If you have a mortgage, regulations require that homeowner payment checks be issued in both the lender and homeowner’s name. Usually a bank or lender will require a construction contract or proof of pending repairs before releasing the money to you.

To date, NFIP in Virginia has received 2,231 claims with an estimated payout of nearly $25 million due to Hurricane Matthew.

Some damages not covered by your NFIP insurance may be eligible for coverage under your homeowners insurance, FEMA individual assistance program, or the U.S. Small Business Administration (SBA). You must be registered with FEMA to find out if you are eligible for additional assistance not covered by your insurance policies.

If you receive an SBA loan application, complete and submit it to the SBA, even if you don’t want a loan. Sometimes unanticipated expenses come up as your recovery process nears conclusion.

Information about claims, what to do, how to file, and what proof of loss is needed can be found in the NFIP online booklet “The NFIP Flood Insurance Claims Handbook” at http://go.usa.gov/x89kz. In most cases, there is a 30-day waiting period for a new flood insurance policy to take effect. To learn more about this program, contact your insurance agent or the NFIP at 888-379-9531, or visit www.floodsmart.gov.

Call the FEMA helpline to register, register online at www.DisasterAssistance.gov, or get additional information: 800-621-3362, or TTY at 800-462-7585. You can also visit your nearest Disaster Recovery Center (DRC). Location addresses can be found at www.FEMA.gov/DRC.

An unplanned outage is one of the worst things that can happen to a data center – and to your business  According to a 2016 Ponemon Institute study, a data center outage costs businesses an average of $8,851 per minute. The report also found that since 2010, the average total cost of a data center outage is up 38 percent – to $740,357. Although it’s impossible to completely eliminate outages, you can take steps to mitigate the consequences of downtime and ensure business continuity.

Here are nine ways to mitigate the risk of an extended data center outage and help ensure business continuity:



We know you know, but to save you the mental effort of fleshing these acronyms out into full-length descriptions, here’s what they stand for. BCM is business continuity management. ITSCM is IT service continuity management. And BIA is business impact analysis.

These three items are linked together by the need to keep organizations operational in adverse circumstances. You probably got that immediately.

But they are also linked by the need to trim expenses down to only what is necessary, a connection that is sometimes rather less obvious. Here’s how it works.

Let’s start with BCM. This is the overall management of continuity for the business, meaning the organization as a whole. As much of business is driven by IT, IT service continuity management is typically a major component of BCM



Would it surprise you to know that up to 90 percent of the U.S. workforce says they would like to telecommute at least part time? Some aren’t waiting for permission, but gradually changing the perception of what’s acceptable office protocol.

Plenty of companies are offering remote working options to their employees, but there are some stalwarts who believe the most productive employees “come” to work every day. Still, other companies draw the line at sales execs or field techs. IDC forecasts the U.S. mobile worker population will grow at a steady rate to nearly 106 million by 2020. Unless sales and field technician positions explode, this means many jobs will move from the traditional office locale to an alternative site or sites.

Some of the hesitation to open this can of worms is that employees will slack off if not under constant supervision. Data security and communication are other concerns, although these are becoming less of an issue thanks to modern technology, such as cloud computing and employee communication software. The key, however, is to leverage existing and emerging technologies, set expectations, communicate frequently, and devise a measurement benchmark to evaluate performance.



A survey of more than 1,400 risk professionals at large organizations in the U.S. or Canada that have purchased a commercial insurance policy from one of the profiled insurers or brokers throws up some interesting results.

It finds that as rates across the U.S. commercial property/casualty insurance market continue to decline, the key variables in driving overall commercial insurance customer satisfaction are insurer profitability and broker expertise.

The J.D. Power study, conducted in conjunction with RIMS (the risk management society), found a distinct correlation between customer satisfaction and insurer profitability, as measured by total commercial combined financial ratios.



The Business Continuity Institute - Dec 05, 2016 16:26 GMT

At the most recent meeting of the Business Continuity Institute's Board of Directors, James McAlister FBCI formally became the new Chairman of the BCI, taking over from David James-Brown FBCI whose two years in office has come to an end.

James is a former police officer with over 30 years of experience in business continuity, civil protection, emergency planning, security, firearms, public order and training. He has advised and contributed to many operations and exercises throughout the UK and internationally including political party conferences, major sporting events, VIP visits, counter terrorism operations, public order events and environmental / man-made emergencies. James has won a number of prestigious awards including the Public Sector Business Continuity Manager of the Year Award at the BCI European awards in 2014.

On taking up the post, James commented: "David James-Brown has left the Institute in a much better position than it has ever been in before. We are financially stable, have a wider global presence, offer more member services, and provide more research papers. Possibly his greatest legacy is yet to be realised in the Institute's new customer relationship management system which doesn't go live until next year. I would like to thank David on behalf of all the membership for his dedication, loyalty, hard work and leadership over the last two years and wish him well as he returns to his successful consultancy business."

As announced previously, Tim Janes Hon. FBCI now becomes the new Vice Chair of the BCI after being voted in by his fellow members of the Global Membership Council, and Roberto Grosso Ciponte MBCI becomes the new Membership Director, also voted in by those on the Global Membership Council.

To view the full Board of Directors at the BCI, click here.

RALEIGH, N.C.Survivors of the flooding that followed Hurricane Matthew should make or solidify a plan to move from temporary accommodations to more permanent housing as part of their recovery.

If you are living in a hotel paid by FEMA under the Transitional Sheltering Assistance program, remember this assistance is short-term. The program is scheduled to end Saturday, Jan. 7, 2017.

Two ways to search for housing online:

  • NCHousingHelps.org helps people displaced by Hurricane Matthew locate available, affordable rental housing. This free service can be accessed online 24 hours a day and through a toll-free, bilingual call center, Monday through Friday, 9 a.m. to 8 p.m., at 877-428-8844
  • The FEMA Housing Portal (https://asd.fema.gov/inter/hportal/home.htm) is intended to help individuals and families who have been displaced by a disaster find a place to live. The portal consolidates rental resources identified and provided by federal agencies, such as the U.S. Department of Housing and Urban Development, U.S. Department of Agriculture, U.S. Veterans Administration, private organizations, and the public to help individuals and families find available rental units in their area.

If you lived in public housing, or a multi-family Section 8 apartment, or had a Housing Choice Voucher before Hurricane Matthew:

  • You may be eligible for disaster assistance from U.S. Housing and Urban Development (HUD). Contact the housing provider that assisted you before the disaster and contact HUD at 336-851-8058 or email at hudhelpingu@hud.gov.

If you need homeowner information and assistance from HUD regarding foreclosure or questions about the next steps with your home:

  • Contact a HUD-approved housing counseling agency by calling 800-569-4287. You do not have to have a FHA loan to meet with a HUD-approved housing counseling agency, and there is never a fee for foreclosure prevention counseling.

The deadline for registering for FEMA’s Individual Assistance is Monday, Jan. 9, 2017. If you have not yet registered, you are urged to do so as soon as possible.

There are three ways to register with FEMA:

  • Online at DisasterAssistance.gov.
  • Call the FEMA Helpline at 800-621-3362 for voice, 711 and Video Relay Service. If you are deaf, hard of hearing or have a speech disability and use a TTY, call 800-462-7585.
  • Download the FEMA Mobile App and apply.

After you register with FEMA, the U.S. Small Business Administration may contact you. SBA is the primary source of funds for property repairs and replacing lost contents following a disaster. The deadline to apply for a low-interest disaster loan from SBA is also Monday, Jan. 9, 2017.

  • There is no requirement to take out a loan if one is offered from SBA. If you are approved for a disaster loan, you have 60 days to decide whether to accept the loan. If you are not approved for a loan you may be considered for certain other FEMA grants and programs that could include assistance for disaster-related car repairs, clothing, household items and other expenses.

Voluntary organizations in your community may be able to help you find a more permanent place to live. You may seek referrals for unmet needs by calling United Way at 211. You can find a list of organizations currently assisting survivors at North Carolina Voluntary Organizations Active in Disaster.

For more information on the North Carolina recovery, visit fema.gov/disaster/4285 and readync.org. Follow FEMA on Twitter at @femaregion4 and North Carolina Emergency Management @NCEmergency.

Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-3362 or TTY at 800-462-7585.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. Follow FEMA on twitter at @femaregion4. Download the FEMA app with tools and tips to keep you safe before, during, and after disasters.

Dial 2-1-1 or 888-892-1162 to speak with a trained call specialist about questions you have regarding Hurricane Matthew; the service is free, confidential and available in any language. They can help direct you to resources. Call 5-1-1 or 877-511-4662 for the latest road conditions or check the ReadyNC mobile app, which also has real-time shelter and evacuation information. For updates on Hurricane Matthew impacts and relief efforts, go to ReadyNC.org or follow N.C. Emergency Management on Twitter and Facebook. People or organizations that want to help ensure North Carolina recovers can visit NCdisasterrelief.org or text NCRecovers to 30306.

The U.S. Small Business Administration (SBA) is the federal government’s primary source of money for the long-term rebuilding of disaster-damaged private property. SBA helps homeowners, renters, businesses of all sizes, and private non-profit organizations fund repairs or rebuilding efforts and cover the cost of replacing lost or disaster-damaged personal property. These disaster loans cover losses not fully compensated by insurance or other recoveries and do not duplicate benefits of other agencies or organizations. For more information, applicants may contact SBA’s Customer Service Center by calling (800) 659-2955, emailing disastercustomerservice@sba.gov, or visiting SBA’s Web site at www.sba.gov/disaster. Deaf and hard-of-hearing individuals may call (800) 877-8339.

RALEIGH, N.C. – North Carolina survivors who registered with FEMA for disaster assistance after Hurricane Matthew are encouraged to stay in touch with the agency to resolve issues, get updates on your application or provide additional information.

It is especially important for you to update FEMA with any insurance documentation information or settlements. FEMA disaster assistance covers only basic needs and cannot duplicate insurance payments.

You can also call the helpline to:

  • Receive information on the home inspection process

  • Add or remove a name of a person designated to speak for you

  • Find out if FEMA needs more information about your claim

  • Update FEMA on your housing situation

  • Get answers to other questions about your application

To update your status call the FEMA Helpline at 800-621-3362 for voice, 711 and Video Relay Service. If you are deaf, hard of hearing or have a speech disability and use a TTY, call 800-462-7585.

If you are changing addresses, phone numbers or banking information you should notify FEMA. Incomplete or incorrect information could result in delays in receiving assistance.

When calling the helpline you should refer to the nine-digit number you were issued at registration.  This number is on all correspondence you receive from FEMA and is a key identifier in tracking assistance requests.

For more information on the North Carolina recovery, visit fema.gov/disaster/4285 and readync.org. Follow FEMA on Twitter at @femaregion4 and North Carolina Emergency Management @NCEmergency.


Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-3362 or TTY at 800-462-7585.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. Follow FEMA on twitter at @femaregion4. Download the FEMA app with tools and tips to keep you safe before, during, and after disasters.

Dial 2-1-1 or 888-892-1162 to speak with a trained call specialist about questions you have regarding Hurricane Matthew; the service is free, confidential and available in any language. They can help direct you to resources. Call 5-1-1 or 877-511-4662 for the latest road conditions or check the ReadyNC mobile app, which also has real-time shelter and evacuation information. For updates on Hurricane Matthew impacts and relief efforts, go to ReadyNC.org or follow N.C. Emergency Management on Twitter and Facebook. People or organizations that want to help ensure North Carolina recovers can visit NCdisasterrelief.org or text NCRecovers to 30306.

The U.S. Small Business Administration (SBA) is the federal government’s primary source of money for the long-term rebuilding of disaster-damaged private property. SBA helps homeowners, renters, businesses of all sizes, and private non-profit organizations fund repairs or rebuilding efforts and cover the cost of replacing lost or disaster-damaged personal property. These disaster loans cover losses not fully compensated by insurance or other recoveries and do not duplicate benefits of other agencies or organizations. For more information, applicants may contact SBA’s Customer Service Center by calling 800-659-2955, emailing disastercustomerservice@sba.gov, or visiting SBA’s Web site at www.sba.gov/disaster. Deaf and hard-of-hearing individuals may call 800-877-8339.

How could all those precisely formulated Information Technology Infrastructure Library recommendations lead to anything but success? Well, we can give you six possibilities right now.

They fall neatly into two categories with half of them being problems that could affect any organizational change, and half of them being issues more specific to ITIL.

First, let’s tackle the specific issues. Number one on our list is trying to implement ITIL as though it was a standard like ISO 27002 for security.



Thursday, 01 December 2016 00:00

An Orchestrated Cloud Is an Effective Cloud

In the old days, IT was tasked with managing infrastructure, primarily by controlling the physical devices that moved, processed and stored data. In the abstract cloud era, the name of the game is orchestration of the disparate systems and platforms that data invariably encounters as it makes the journey from raw information to valuable knowledge.

But while many of the actual orchestration processes will be automated using increasingly intelligent algorithms, IT still has a job to do in not only crafting the policies that will govern data and application movement but in selecting and provisioning a robust orchestration platform from an increasingly diverse set of vendor solutions.

According to Markets and Markets, the cloud orchestration sector is on pace to nearly triple by 2021, growing from $4.95 billion today to $14.17 billion, with a compound annual growth rate of 23.4 percent. The key driver, of course, is to craft the most efficient, effective use of cloud resources, although demand for self-service provisioning and high-speed application support is also part of the mix. As the digital economy unfolds, service fulfillment will come to dominate the IT landscape and companies that can provide rapid, reliable infrastructure at a moment’s notice will derive greater profitability with tighter margins and foster stronger brand loyalty among users.



Thursday, 01 December 2016 00:00

Atlantic Hurricane Season: The Long View

As the 2016 Atlantic hurricane season officially draws to a close just days after Hurricane Otto became the latest calendar year Atlantic hurricane on record to make landfall, the question on everyone’s lips is: are the seasons growing longer?

For if Otto, which struck southern Nicaragua as a Category 2 over Thanksgiving, is the last hurricane of the 2016 season, it will mark the end to the longest hurricane season on record the Atlantic Ocean has seen, according to NOAA.

The 2016 season had an early beginning—well ahead of its June 1 official start—when Hurricane Alex became the first Atlantic hurricane in January since Hurricane Alice in 1955.



The Business Continuity Institute - Dec 01, 2016 16:24 GMT

We have recently seen two significant cyber attacks on big businesses hitting the news, and these are just the ones we know about. The ability for hackers to gain access to systems through technical means is not to be underestimated, and specialists work tirelessly to build and maintain secure systems that are now integral to our business and personal lives.

What is often forgotten is the vulnerability of the very people who use and operate these systems, who by definition are often the easiest way for a hacker to secure the information they need to profit from their activity. People are the biggest weakness when it comes to cyber security and how many of us are regularly trained and updated on methods and the importance of protecting information?

Data security is vital to the success of your business, yet working practices in many organisations still demonstrate a lack of awareness and understanding:

How many of us have seen the ‘Post-it note’ approach to ensuring we don’t forget that important password stuck to the very computer terminal holding all the company data?

How many of us really understand the capability of hackers to contact our call centres and encourage our staff to release that extra bit of customer information?

There is no complete solution to this and we must all work on the basis that we will at one point or another be subject to a cyber attack, this is just a reality of the world we now live in and the risk versus reward for those who engage in this activity. To protect ourselves both personally and professionally, we must ensure that our organisations remain up to date and strong in terms of technical resilience, but just as important is ensuring our people are aware of the types of methods used by hackers to illicit information and build the resources for an attack.

We must have strong control measures in place for passwords and other access information and ensure our staff fully appreciate the potential impact if we get this wrong, but equally we must ensure our people understand the many other methods used, some of which are incredibly clever. The damage caused can be fatal for a business with complete loss of confidence from your hard earned customer base.

Chris Regan AMBCI is the Director of Blue Rock Risk Limited, a specialist crisis and risk management consultancy which runs a programme called Cyber Aware that focuses completely on the people side of cyber security. Chris works with both private and public sector clients to help them plan, prepare and respond effectively to a wide range of crisis and risk issues. Chris can be contacted by email at info@bluerockrisk.com or by telephone 0117 2440154.

Wednesday, 30 November 2016 00:00

BCI: The maturing world of business continuity

The Business Continuity Institute - Nov 30, 2016 16:31 GMT

It’s been two years since winning the BCI Global Newcomer of the Year Award, and just as long since I featured in the Business Continuity Institute’s '20 in their 20s' publication, so I’ve decided to re-read my contribution to see what’s changed.

In 2014 it was clear to me that the academic world of business continuity was rapidly maturing. My undergraduate degree had a BC-specific module much like many other courses at the time. The BCI was also developing its very own diploma, and you only had to do a quick search online to realise the growing number of universities offering BC-dedicated postgraduate courses, and see just how popular the subject was becoming.

Add to this the emergence of the Business Continuity Management Academic Journal and it’s easy to see how some individuals were embarking on an exclusively theoretical BC journey for several years before ever even working a single day in the field. As a junior professional at the time I was becoming concerned about not having the right skills to take the next step in my career.

Professional immaturity and hindsight

So what has changed? On a personal level, my views on the development of junior professionals in our field has matured and I certainly see things differently now. At the time I remember being particularly frustrated by what felt like a lack of structured development and clear direction available to me. The BCI mentoring scheme was in its infancy at the time and I was probably one of the first to sign up along with the available mentors. My BC mentor wasn’t really sure what to do with me as the process was meant to be 'self-driven' by the mentee, and I wasn’t sure where to take it so I didn’t get very far with that. I’m pleased to say the mentoring framework by the BCI has made steady progress over the last couple of years and I have now signed up to the Mentor-Match scheme as a mentor should anyone wish to have me!

In 2014 I was also desperate for a competency self-assessment to help me understand exactly where to improve. I had already passed the CBCI with merit, but I still wasn’t any clearer on personal strengths and weaknesses other than that I could remember the contents of the Good Practice Guidelines. It’s because of this perceived lack of support, validation and long term development goals that I started to wonder if becoming a BC professional was even a real career.

I realise now of course that I rather naively expected the industry to mark out every inch of my career path and to explain to me at checkpoints how I was doing. I’ve since spoken to many undergraduates during my guest lectures over the last two years and I’ve come to realise that I’m not alone in this assumption. In fact, I get the impression that a number of people out there still have this level of expectation which I think needs to be levelled. This is a very self-driven process!

However, before even embarking on a career in BC/resilience, many students and graduates are looking to the industry for a solid step by step development structure, providing them with a warm cosy feeling that they have long term career journey ahead of them. I think this expectancy is partially driven by the current wealth of graduate recruitment schemes available which clearly offer this kind of structure (just take a look at the PwC, KPMG schemes etc). Although I’m yet to see any major firms offering a scheme specifically involving BC.

I also think the universities are partly responsible. They all look to reassure their students of life beyond the books by suggesting that there is a structure in place for them to develop which isn’t always the case. I’ve had some conversations with students who genuinely believe they will be guided by the hand through their career, which we all know simply doesn’t happen in the way they think.

I also expected too much from the BCI, senior colleagues and mentors. Their time and resources are extremely limited and so their efforts are essentially wasted if not used in the right way. Again, I fell into the trap of assuming the seasoned veterans would tell me exactly what I needed to do. I still believe we need to think smart and redesign the development journey for our members but that also requires us spell out what a BC professional actually looks like and how to get there. I think this alone is a major challenge given the emergence of popular concepts such as organizational resilience and cyber. We are still very much in the process of finding our place in that particular evolution so it might be a touch too difficult to fully define what is essentially a moving target.

More recently, there were some worthwhile discussions at BCI World 2016 during the #hire2retire session which looked at the business continuity career path. I would urge everyone to take a look. A very good insight from these discussions was captured by PwC’s Rebecca Robinson who recognises the need to remain flexible, but also to get out there and broaden your experience. Again this goes back to being a sell-driven professional.

Self-driven career positioning

If anything, the last two years have taught me the importance of self-driven career development. I needed to undertake some self-evaluation and decide on what direction I needed to take. My main aim for the future is to become a highly effective resilience manager with a good understanding of the threat landscape for the business in which I work. It’s because of this approach that I started to identify some seriously worrying knowledge gaps (namely IT security or cyber). I started to notice that more and more of my business disruptions/major incidents at work specifically related to IT/data breaches or threats thereof. I found myself constantly at the whim of the Chief Technology Officer and other technical staff to assure me that controls were in place, which of course found to be lacking when incidents really did occur.

I’ve spent the last year being immersed into cyber security so I can get ahead of the game. I’ve retrained in, CompTIA Security +, CSX – Cyber Security Fundamentals and CRISC and I now work closely on new and emerging technology in banking networks. I’m already stronger for the experience and I can comfortably challenge the views expressed by those in the business who are deemed technical who often try to bamboozle other management with 'tech-speak'. Ultimately this will make me a more effective resilience manager in the future when the right role comes my way. 

Luke Bird MBCI received the 2014 BCI Global Award for Best Newcomer and is a self published author in business continuity and has several articles published on the BCI and Continuity Central websites. He has successfully delivered and maintained a full programme of ISO 22301 certification and fully completed a series of major Work Area Recovery rehearsals around the UK . Luke is also widely known for his 'BlueyedBC' brand where he uses his online presence to share learning and experience among professionals in the industry and often attends universities to provide guest lectures to undergraduates studying the discipline.

Risk avoidance is the elimination of hazards, activities and exposures that can negatively affect an organization’s assets. Whereas risk management aims to control the damages and financial consequences of threatening events, risk avoidance seeks to avoid compromising events entirely.

When determining your risk mitigation strategies, don’t confuse the strategies of risk avoidance or risk acceptance with risk ignorance. Risk ignorance is a situation where the knowledge about the risk (and any underlying phenomena and processes) is poor. Just because there are no remediation strategies currently in place does not mean that a conscious decision has been made to accept the risk.

We perform assessments regarding risk and risk impact on a daily basis. We then use those assessments to determine our choice of action. A good example is wearing a seat belt. We might observe that experienced drivers are more likely to understand the risks inherent in car travel, and thus choose to wear seat belts, whereas the less experienced driver (think teenagers) may have to be reminded constantly of those risks– at least in my house. These are contrasting examples of risk avoidance (seat belt use) and risk ignorance (no seat belt use). Neither should be confused with risk acceptance (car travel is dangerous, but I don’t want to wrinkle my clothes, so I’m not going to wear my seat belt).



Today, many organizations are taking a look at cloud from a new lens. Specifically, organizations are looking to cloud to enable a service-driven architecture capable of keeping up with enterprise demands. With that in mind, we’re seeing businesses leverage more cloud services to help them stay agile and very competitive. However, the challenge revolves around uptime and resiliency. This is compounded by often complex enterprise environments.

When working with cloud and data center providers, it’s critical to see just how costly an outage could be. Consider this – only 27% of companies received a passing grade for disaster readiness, according to a 2014 survey by the Disaster Recovery Preparedness Council. At the same time, increased dependency on the data center and cloud providers means that overall outages and downtime are growing costlier over time. Ponemon Institute and Emerson Network Power have just released the results of the latest Cost of Data Center Outages study. Previously published in 2010 and 2013, the purpose of this third study is to continue to analyze the cost behavior of unplanned data center outages. According to the new study, the average cost of a data center outage has steadily increased from $505,502 in 2010 to $740,357 today (or a 38 percent net change).

Throughout their research of 63 data center environments, the study found that:



As the Atlantic, eastern Pacific and central Pacific 2016 hurricane seasons end today, NOAA scientists said that all three regions saw above-normal seasons.

For the Atlantic, this was the first above-normal season since 2012. The Atlantic saw 15 named storms during 2016, including 7 hurricanes (Alex, Earl, Gaston, Hermine, Matthew, Nicole, and Otto), 3 of which were major hurricanes (Gaston, Matthew and Nicole). NOAA’s updated hurricane season outlook in August called for 12 to 17 named storms, including 5 to 8 hurricanes, with 2 to 4 of those predicted to become major hurricanes.

Five named storms made landfall in the United States during 2016, the most since 2008 when six storms struck. Tropical Storm Bonnie and Hurricane Matthew struck South Carolina. Tropical Storms Colin and Julia, as well as Hurricane Hermine, made landfall in Florida. Hermine was the first hurricane to make landfall in Florida since Wilma in 2005. 

Atlantic hurricane season

Several Atlantic storms  made landfall outside of the United States during 2016: Tropical Storm Danielle in Mexico, Hurricane Earl in Belize, Hurricane Matthew in Haiti, Cuba, and the Bahamas, and Hurricane Otto in Nicaragua.

The strongest and longest-lived storm of the season was Matthew, which reached maximum sustained surface winds of 160 miles per hour and lasted as a major hurricane for eight days from Sept. 30 to Oct. 7. Matthew was the first category 5 hurricane in the Atlantic basin since Felix in 2007.

Matthew intensified into a major hurricane on Sept. 30 over the Caribbean Sea, making it the first major hurricane in that region since Poloma in 2008. It made landfall as a category 4 major hurricane in Haiti, Cuba and the Bahamas, causing extensive damage and loss of life. It then made landfall on Oct. 8 as a category 1 hurricane in the U.S. near McClellanville, South Carolina.

Matthew caused storm surge and beach erosion from Florida through North Carolina, and produced more than 10 inches of rain resulting in extensive freshwater flooding over much of the eastern Carolinas. The storm was responsible for the greatest U.S. loss of life due to inland flooding from a tropical system since torrential rains from Hurricane Floyd caused widespread and historic flooding in eastern North Carolina in 1999.

“The strength of Hurricane Matthew, as well as the increased number of U.S. landfalling storms this season, were linked to large areas of exceptionally weak vertical wind shear that resulted from a persistent ridge of high pressure in the middle and upper atmosphere over Caribbean Sea and the western Atlantic Ocean,” said Gerry Bell, Ph.D., lead seasonal hurricane forecaster at NOAA’s Climate Prediction Center. “These conditions, along with very warm Caribbean waters, helped fuel Matthew’s rapid strengthening.”

Eastern and central Pacific Hurricane Seasons

The eastern Pacific hurricane basin, which covers the eastern Pacific Ocean east of 140 degrees West, produced 20 named storms during 2016, including 10 hurricanes of which 4 became major hurricanes. July through September was the most active three-month period on record for this basin. NOAA’s eastern Pacific hurricane season outlook called for 13 to 20 named storms, including 6 to 11 hurricanes, 3 to 6 of which were expected to become major hurricanes.

Pacific hurricane season

The central Pacific hurricane basin covers the Pacific Ocean west of 140 degrees West to the International Date Line. This basin saw seven tropical cyclones (includes tropical depressions and named storms) during 2016. All seven became named storms, and included three hurricanes of which two were major hurricanes. Tropical Storm Darby made landfall on the Big Island of Hawaii, marking the first time in recorded history that two storms in three years struck the Big Island (Darby in 2016 and Iselle in 2014). NOAA’s central Pacific hurricane season outlook called for 4 to 7 tropical cyclones. That outlook did not predict specific ranges of named storms, hurricanes and major hurricanes.

NOAA's mission is to understand and predict changes in the Earth's environment, from the depths of the ocean to the surface of the sun, and to conserve and manage our coastal and marine resources. Join us on Twitter, Facebook, Instagram and our other social media channels.

In Henry IV Part 1, Owen Glendover, the leader of the Welsh rebels, joins the insurrection against King Henry. Glendower, a man steeped in the traditional lore of Wales, claims to command great magic. Therefore, mysterious and superstitious, he sometimes acts in response to prophecies and omens. In the play, Glendover boasts to Hotspur, “I can call the spirits from the vastly deep.” Hotspur deflates Gelendover with, “Why, so can I or so can any man; But will they come when you call them?”

Any business owner or senior leader can call the same spirits of strategy from the vastly deep, but business outcomes tattle. They tell us that too often the spirits don’t come. Or, they come, but no one knows what to do with them once they’re there. Successful leaders realize they can’t command magic, but they can create a magical alchemy to turn the raw materials of a strategy into gold and then tie the succession plan to it. Here’s how:



Can these two items coexist? Business continuity is about keeping things going, whereas business transformation is often about breaking things (figuratively, if not literally) to get out of a rut and into a new, more competitive mode of business.

The quick answer is to go beyond the superficial meaning of the word “continuity” and apply business continuity in a context of change, not stagnation. In practice, this means watching out for a number of challenges.

Because business transformation is seldom an option (every enterprise must go through it at some point), let’s consider four steps to making it happen and see how business continuity gets involved at each step.



(TNS) - As Ohio State University students and faculty dealt with a campus attack today, the Ohio Senate this week could pass a bill that would reduce the penalty from a felony to a misdemeanor for carrying a gun on a college campus.

House Bill 48, which passed the Republican-controlled House a year ago, 68-29, also would allow universities to adopt policies permitting people to carry concealed handguns on campus.

According to authorities, the man who unleashed an attack at Ohio State today used his vehicle to run people over, and then wielded a butcher knife. He was killed by a campus police officer.

The bill was already scheduled for a possible Senate committee vote on Wednesday morning, prior to the attack at Ohio State. It is set for two hearings this week, and the full Senate could take up the bill as early as Wednesday afternoon, if leaders so choose.



The Florida Keys Mosquito Control District voted to approve the use of genetically modified mosquitoes in a trial that will examine whether releasing the mosquitoes in Monroe County will reduce the area’s Aedes aegypti population.

I must confess, this makes me think of all of the “great” ideas that have gone bad over the years….invasive plants introduced in order to curb some other plant ( remember Kudzu??) or Eucalyptus trees in the west planted for railroad ties and now are major fire risks in many locations.  Not good….so what about a genetically modified mosquito…what could possibly go wrong?!?!?

The genetically engineered mosquitoes, referred to as self-limiting Friendly mosquitoes (Oxitec), are male mosquitoes modified to produce offspring that do not survive past the late larval or early pupal stage. A small survey conducted in 2015 showed that most respondents in Monroe County did not support the insect control method; however, residents voted on Nov. 8 to approve its use in the area.



A recent CTERA survey of 400 IT decision makers and IT specialists found that 36 percent of respondents said the loss of data in the cloud would be more catastrophic than their data center crashing, and 14 percent said it would cost them their jobs.

At the same time, 67 percent of respondents deploy more than 25 percent of their applications in the cloud, and 37 percent plan to grow their cloud use by 25 percent or more.

Fifty-four percent of respondents are using a hybrid cloud strategy that leverages both on-premises and cloud services.

Still, 66 percent of respondents say there's less focus on backing up cloud data due to an assumption that the cloud is inherently more resilient than on-premises applications.



(TNS) - Though there have been no reported cases of disaster relief money being used fraudulently in Brunswick, the Georgia Emergency Management and Homeland Security Agency (GEMHSA) issued a statement this week cautioning Hurricane Matthew survivors to use recovery assistance only for its intended purposed.

“FEMA and GEMHSA work together all year round in preparedness, response, recovery and mitigation,” said Robert Porreca, a FEMA spokesperson.

According to Porreca, officials are reminding Georgia Hurricane Matthew survivors that improperly using the money could be a violation of the declaration survivors sign to receive the grants and could result in denial of future assistance.

Once approved for disaster grants, those who apply and are approved for disaster assistance receive FEMA aid by way of a check or direct deposit to their checking account. The money is accompanied by a letter from FEMA about the grant and how it can be spent.



SAVANNAH, Ga. – Georgia disaster survivors living in the 10 counties affected by Hurricane Matthew do not have to wait for an insurance settlement to apply for federal assistance.

Survivors have until Dec. 16, only three weeks away, to register with FEMA.

Registration is encouraged even if survivors are uninsured or have policies that don’t cover temporary housing while they’re repairing or rebuilding their homes. Waiting for an insurance settlement could mean missing out on federal grants or other resources.

Even if a survivor is insured, the policy may not cover everything. Providing FEMA with insurance information could mean consideration for additional assistance.

Federal assistance is available to eligible individuals and households in Bryan, Bulloch, Chatham, Effingham, Evans, Glynn, Liberty, Long, McIntosh and Wayne counties. Damage or losses from Hurricane Matthew must have occurred Oct. 4-15.

Many of those with Hurricane Matthew damage have already filed claims through their insurance carriers. Recovery officials suggest they register with FEMA even while waiting for an insurance settlement.

Once registered, applicants with insurance policies covering storm-related loss and damage are mailed a "Request for Information" as part of FEMA’s verification process to avoid duplicating insurance payments. By law, federal assistance cannot duplicate assistance provided by other sources.

Applying for disaster assistance is a two-step process that ensures consideration for all FEMA programs and the U.S. Small Business Administration disaster loans. First, register with FEMA. Second, complete and return the SBA loan application, if one is offered. There is no charge to apply for the loan and if approved, no obligation to accept it.

Disaster survivors may register the following ways:

For updates on Georgia’s Hurricane Matthew response and recovery, follow @GeorgiaEMA and @FEMARegion4 on Twitter and visit gemhsa.ga.gov and fema.gov/disaster/4284

# # #

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Wednesday, 23 November 2016 00:00

FEMA: Coping with Holiday Stress after a disaster

TALLAHASSEE, Fla. – The holiday season can be a stressful time. For individuals and families looking to rebuild from recent disasters, the approaching holiday may be especially difficult. 

Taking care of yourself and staying in touch with your family and friends during the holidays is an important part of maintaining your physical and mental health as you continue to recover from the Florida hurricanes. 

Some signs of disaster-related stress may include: 

• Feeling sad during a holiday season when you are seeking a new home or dealing with memories of a lost loved one. 
• Feeling lonely, especially when holiday activities are reminders of happier times with those who will be missing from this year’s festivities. 
• Feeling physically and mentally drained. 
• Having difficulty making decisions or concentrating on tasks at hand. 
• Experiencing changes in appetite or sleep patterns. 
• Increasing alcohol or substance abuse. 
Establishing a comfortable routine is helpful, but takes time. Here are some actions to undertake: 
• Ensure that you have a safe place to stay. 
• Maintain a balanced diet and drink plenty of water. Too much holiday "cheer" can increase your stress. 
• Get adequate sleep and rest. 
• Stay positive. Remind yourself of how you have dealt successfully with difficulties in the past. 
• If you have children, be patient and give them extra time and affection. 
• Take each day one day at a time. Live in the present without burdening yourself with the things that you need to do in a week or a month. 

Ways to ease stress include: 

• Talk with someone about your feelings of anger, sorrow or other emotions, even though it may be difficult. 
• Seek help from professional counselors who deal with post-disaster stress.
• Do not hold yourself responsible for the disastrous event. 
• Use existing support groups of family, friends and religious institutions. 
• Honor your holiday traditions, but be flexible and prepare for new activities. 

Help can be found by visiting the Substance Abuse and Mental Health Services Administration (SAMHSA) Disaster Distress Helpline website at http://www.samhsa.gov/find-help/disaster-distress-helpline/contact-us, or by calling 1-800-985-5990 (press for Spanish). The national hotline is dedicated to providing year-round immediate crisis counseling for individuals experiencing emotional distress related to any natural or human-caused disaster. You can also Text "TalkWithUs" to 66746 (Spanish speakers, text Hablanos to 66746) to connect with a trained crisis counselor. 

For more information on Florida’s disaster recovery, visit fema.gov/disaster/4280, fema.gov/disaster/4283, twitter.com/femaregion4, facebook.com/FEMA, and fema.gov/blog, floridadisaster.org or #FLRecovers. For imagery, video, graphics and releases, see fema.gov/Hurricane-Matthew. 


FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. 

Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-3362 (voice, 711/VRS - Video Relay Service) (TTY: 800-462-7585). Multilingual operators are available (press 2 for Spanish

There’s saving money, and there’s really saving a lot of money.


The distinctions aren’t always clear to budget enthusiasts who may sometimes enjoy drilling a little too deep to achieve arbitrary percentages of cost reductions by only trying to make the tiniest of trims here and there.

For instance, it’s not hard to thinly slice away at a few employee perks, maybe not send as many people to conferences/networking events, or switch from occasional catered employee lunches to less frequent potlucks. Some companies have considered minor cuts to hours, based on the hope that productivity won’t change drastically at 32 hours a week instead of 40, and they won’t have to pay as much in benefits.



If your data recovery plans are lengthy, detailed, and/or “bare metal” based, requiring comprehensive operating system, database and application recovery steps, then they are almost certainly out of date and not functional. If that is the case, then you should probably revisit your recovery strategy and ensure that it meets your business needs (that is a topic for a different blog). Even if your plans are not “bare metal” based recovery, they are probably not functional.

With the current technologies (e.g., virtual servers, virtual storage, storage-based replication, application-based replication, disk to disk backup), data recovery plans should be very different from what they were even 10 years ago when these technologies were first becoming more common.

To make your data recovery plans functional, you should ensure that the following are items are included:



Tuesday, 22 November 2016 00:00

FEMA: How to Get Prepared for the Holidays

I don’t know about you, but right now all of my social media feeds are full of photos of early holiday decorations, descriptions of many communities’ first snows, and chatter over what stores are going to have the best sales on Black Friday. It’s the week before Thanksgiving and so these things have essentially become tradition.

That first snow? That just happened in places like my hometown in New York and in the southeast. Schools were closed or had delayed openings. It’s served as a rude awakening that it’s not summer anymore. (I know that I was definitely one of the people that were in denial about winter coming.)

With that inevitably happening and the holiday season about to start in just a matter of days, there are a few simple things that you can do right now to get yourself ready.

  1. If you’re heading out to visit family or friends, pack a few extra things like a first aid kit, a flashlight, and a spare charger for your phones or tablets. Those could come in quite handy in case of any kind of weather or delay in travel.
  2. If you’re the one preparing a delectable feast for Turkey Day (or any of the other upcoming holidays), make sure you’re being safe by keeping kiddos away from sharp objects and hot surfaces and cooking your bird all the way through. (Pro Tip: Our friends over at foodsafety.gov have some really helpful advice for making sure your meal is not only safe, but delicious as well.)
  3. Check out the Holiday Social Media Toolkit to help your friends and family be in the know about how they can have a safe and great holiday too.

This time of year is a wonderful one (even though many of us aren’t quite fans of the drop in temperatures) to spend with your friends, family, and loved ones. We would love to encourage you to do three more things: Be safe, eat well, and have a lovely holiday season.

--Jessica Stapf, Digital Storyteller at FEMA

https://www.usfa.fema.gov/prevention/outreach/cooking.htmlThanksgiving safety tip graphic

The Business Continuity Institute - Nov 22, 2016 17:03 GMT

The Business Continuity Institute is delighted to announce that Tim Janes Hon. FBCI will be the new Vice Chair of the Board of Directors at the Institute, as voted for by his fellow members of the Global Membership Council. Tim takes over from James McAlister FBCI who becomes Chair following the end of David James-Brown FBCI’s two years in charge.

Tim, a Director at Risk Management Design in Australia, has previously served as one of the Membership Directors on the BCI Board, and as the representative for Australasia on the BCI's Global Membership Council.

On taking up the new role, Tim commented: "This is an exciting time to be elected as the new Vice Chair of the BCI. We have a new Executive Director and great plans for enhanced member services and international growth. Recent world events have shown how political, social and economic ‘certainties’ can be overturned. I think these conditions together, will present many opportunities for our profession to show how we help organisations to manage through unfamiliar, disruptive challenges. My goal is to help the BCI to provide practical and effective support for all members in this dynamic global environment."

Sixty-six percent of the general population has been traumatized at some point. Eighty percent of workers feel stressed on the job. When you combine a traumatic experience and stress, the risk for adverse workplace behaviors can be high. To combat this, emergency managers can collaborate with leadership and human resources to improve resiliency components and decrease stress among their teams.

There are different definitions of trauma. For example, the University of Maryland defines trauma as “an experience that causes physical, emotional, psychological distress or harm. It is an event that is perceived and experienced as a threat to one’s safety or to the stability of one’s world.” The Substance Abuse and Mental Health Services Administration (SAMHSA) defines trauma as “experiences that cause intense physical and psychological stress reactions, which could be a single event, multiple events, or a set of circumstances experienced by an individual as physically and emotionally harmful or threatening, and have long lasting effects to the individual.”



Tuesday, 22 November 2016 00:00

Ethics and Your IT Sourcing Strategy

IT servers, enterprise applications, data centres and cloud services might seem world away from other sectors traditionally attracting attention in terms of a ethical sourcing strategy.

Yet many of the same issues like bribery, coercion, extortion, favouritism, and illegal sourcing are also potential risks in IT sourcing, both directly and indirectly.

Apple’s problems with Foxconn, its manufacturer of iPhones, illustrates the problem. Riots and suicides in the Taiwanese company’s workforce also tarnished Apple’s reputation. An IT sourcing strategy has to take ethical procurement into account if it wants to avoid similar problems.



An Example of What Not to Do

More organizations are realizing the benefits of mass communications and have implemented at least some type of solution to enable instant notifications with their  employees. With so many people using mobile phones, it’s obvious that these notifications must involve mobile communication. Text alerts are gaining in popularity but not all text notifications are helpful. In fact, some can be detrimental to public safety.

Take, for instance, the New York City and New Jersey bombings that occurred earlier this year. Kudos to the states for having an emergency alert system in place to notify its residents of such threats, but instead of celebrating its success, it has become a case study in how NOT to send out mass notifications.

The FCC’s Wireless Emergency Alert (WEA) system was used to send short text messages to cell phone users in the NYC area alerting them to watch out for a bombing suspect named Ahmad Khan Rahami. Can you spot why this text was completely ineffective and even dangerous?



Successful IT project teams require a good balance of resources with different skills and perspectives. The best technical SME’s are creative problem solvers with experience operating in complex and nuanced environments. Great business PMs foster trusted relationships with stakeholders and ensure that their technical counterparts are supported. A powerful business tool is created when a unified team dynamic is fostered between the two skillsets.

A poorly aligned team can not only be stressful to manage; it also exposes the business to higher levels of risk. In these situations, organizations are susceptible to the following negative outcomes, among others.

  • Rushed changes that don’t fully factor in people or technology impacts
  • Delayed delivery because risks are too high and ownership is unclear
  • Products that don’t focus on quality or usability



It's hard to believe Cyber Monday is only a week away. For many traditional and ecommerce retailers, Cyber Monday is the most significant online shopping day of the year. And it won’t stop there. Online shopping over the next few weeks will provide a significant boost to many companies’ bottom lines.

Monitoring and communicating information about IT outages and failures associated with online retail shopping can be a daunting task. At any time of the year, IT professionals are under intense pressure to safeguard the security of their organization’s data and physical facilities, and to ensure information continues flowing in the event of a disruption.



According to PhishMe Inc.'s 2016 Q3 Malware Review, the proportion of phishing emails that deliver some form of ransomware reached 97.25 percent in the third quarter of 2016.

Locky ransomware executables were the most commonly-identified file type in the third quarter, PhishMe found. "Locky will be remembered alongside 2013's CryptoLocker as a top-tier ransomware tool that fundamentally alterered the way security professionals view the threat landscape," PhishMe CTO and co-founder Aaron Higbee said in a statement. "Not only does Locky distribution dwarf all other malware from 2016, it towers above all other ransomware varieties."

And while just 2.75 percent of phishing emails delivered non-ransomware malware, the diversity of malware samples in those emails far exceeded that of the ransomware campaigns.



Monday, 21 November 2016 00:00

BCM & DR: Know Your Requirements!

Have you ever been in the situation where you ask your significant other what they want for dinner but receive the response that sounds non-committal and open ended?  They don’t care what it is; they’ll eat whatever you make only to say they weren’t in the mood for what it was you made for them?  It happens allot I’m sure, just as it happens in the BCM / DR world. 

Some IT groups (those responsible for IT Technology Recovery) just start throwing around ideas and thoughts of what they believe they need or want and start making determinations and decisions without fully investigating what it is they really need.  They start speaking for the clients and customers – their business – and moving forward based on what they believe if required only to get further down the path and find out that what they set up or have started in progress, doesn’t and won’t meet the need of their business.  They didn’t investigate the requirements; the very things that will determine what path they need to take in setting up a Technology Recovery Plan (TRP).



The Business Continuity Institute - Nov 21, 2016 16:35 GMT

Two thirds of organizations aren’t prepared to recover from a cyber attack, according to a new study by the Ponemon Institute on behalf of Resilient (an IBM Company), and only a third of organizations feel they have a high level of cyber resilience.

The Cyber Resilient Organization Study found that 75% of respondents admit they do not have a formal cyber security incident response plan (CSIRP) that is applied consistently across the organization. Of those with a CSIRP in place, 52% have either not reviewed or updated the plan since it was put in place, or have no set plan for doing so. Additionally, 41% say the time to resolve a cyber incident has increased in the past 12 months, compared to only 31% who say it has decreased.

"This year’s cyber resilience study shows that organizations globally are still not prepared to manage and mitigate a cyber attack," said John Bruce, CEO and co-founder of Resilient. “Security leaders can drive significant improvement by making incident response a top priority – focusing on planning, preparation, and intelligence.

The study also uncovered common barriers to cyber resilience. The majority – 66% – say “insufficient planning and preparedness” is the top barrier to cyber resilience. Respondents also indicate that the complexity of IT and business processes is increasing faster than their ability to prevent, detect, and respond to cyber attacks – leaving businesses vulnerable. This year, 46% of respondents say the “complexity of IT processes” is a significant barrier to achieving a high level of cyber resilience, up from 36% in 2015. 52% say “complexity of business processes” is a significant barrier, up from 47% in 2015.

It is perhaps this lack of preparedness that contributes to cyber attacks and data breaches featuring as the top two concerns for organizations according to the Business Continuity Institute's latest Horizon Scan Report. This report revealed that 85% and 80%, respectively, of respondents to a global survey expressed concern about the prospect of these two threats materialising.

The Cyber Resilience Report, also published by the BCI, revealed that two thirds of organizations experienced a cyber security incident during the previous year and 15% experienced at least 10. This shows that the cyber threat is very real and organizations must take it seriously and prepare themselves to combat against it more effectively.

While companies are seeing the value of deploying an incident response plan, there is still a lag in having the appropriate people, processes, and technologies in place,” said Dr. Larry Ponemon. “We are encouraged that this is becoming a more important part of an overall IT security strategy.

The Business Continuity Institute - Nov 21, 2016 09:49 GMT

This news item contains embedded media. Open the news item in your browser to see the content.

That unmistakable feeling that the world just got unstable is becoming a way of life in NZ, but you never get used to the nightmare that is an earthquake. It seems almost comical to chuck a Senior Business Continuity Consultant into an earthquake, then be evacuated due to a tsunami risk - exactly what we preach daily!

The one that hit our two-story house at Waikuku Beach just after midnight on Monday 14th November, felt like it was never going to stop. As a Crisis Management Consultant, I frequently talk about my experiences in the Christchurch 2010/11 earthquake and the stress that each aftershock brings, because you never really know how long it's going to last. This was no aftershock, this was the real deal and it just wouldn’t stop, 40 seconds of the ground turning to jelly then, 2-3 minutes of it trying to settle into its new bed beneath our feet. Remember in the 80's when those water beds came out and destroyed everyone's backs? Well, it felt like my home had been placed on one of those and we were told to brace.

Survival mode kicks in, following the standard drill; drop, cover, hold. A quick inspection for damage, a couple of broken ornaments but no rushing water, no cracks in the walls. Initial impact assessment complete. Time to get the incident team together, me and the wife! Sorry old habits die hard, processes just kick in and stuff gets done, yes I'm an incident nerd!

Things are not good, but are we in a crisis yet? If we are then this definitely has the characteristics of a sudden crisis:

  • Unpredictable, unexpected: Fast asleep in dreamland this was certainly unexpected.
  • High degree of instability: we were certainly all over the place for the first five minutes, is this really happening again after the five years of torment already?
  • The immediate potential for extreme negative results: Things seem OK in our world but we had no idea that most of NZ were feeling this one. My flight to wellington later in the day was looking doubtful.
  • Immediate management attention, time and energy: With the realisation of a real threat of tsunami, my attention was now focusing on our escape plan.
  • Often brings about organisation change: Living at the beach is losing its charm, my wife is looking for higher ground!

Being in the business and being an earthquake veteran the 'grab bag' is always ready to go. The basics in tow - torch, gas cooker, first aid kit, water, tins of beans, battery charger, sleeping bag etc, and of course, dog food! So when the tsunami alert was given we were ready to go. We had a plan and we were just about to put it into effect.

But planning and doing are two different things, again something I've spent many years trying to teach. The realisation when we drove out of our drive joining the rest of the fleeing villagers, that we might not see our house again, can't be simulated in an exercise. Not that I have made my wife practice our evacuation procedures, I'm not that much of a nerd! But I was working hard to recall my training on the human impact of a crisis. Magnified by the fact that our animal family was one short, the cat was nowhere to be seen! Despite trying to follow what you've been taught and what we know as professionals, emotions start to sink in. Driving away in the pitch black with our lovely, peaceful house fading into the background in my rear view mirror, not knowing whether it would handle the night ahead.

Impact assessment complete, the team assembled, communications complete to my son in Wellington and our recovery strategy initiated, we relocate to an alternate location. Classic 5 initial steps to managing your crisis.

Of course, these actions relate to recovering your business, but why not relate them to your own preservation too? Having a plan, any plan is always a good idea. In a night of unknowns and real stress, it certainly helped to focus my mind. After seven hours of sitting in our truck on a hill with the dogs, not knowing if the five-meter wave predicted was coming, it was a relief when we got the all clear to head home.

Time now to put my business continuity for my business into action. My clients in New Zealand (Wellington, Christchurch, Nelson and Tauranga) were dealing with their own issues, so our meetings were put on hold. But my Australian clients would still need attention. My Maximum Allowable Outage (MAO) 24 hours, for my critical process Respond to client enquiries and issues, was not under threat.

Lessons learned:

Every incident is different, this was real - not a test, but we can still learn from it. We can always do things better. My fuel tank on the truck had dropped below half full. Always keep it above half.

Don’t panic, it really doesn’t help. Your employees or your wife won't appreciate it, people need to be led by a strong confident leader.

Make a decision. The tsunami alarm didn’t work, some people stayed. The radio said leave because that was the advice from Civil Defense. Better to get ahead of the game, you can always come back if it’s a false alarm.

Have a good plan for the pets, they have to come and they don’t always want to. The cat needs a cat box, he will run off the first chance he gets.

Have your grab bag ready to go. Check it frequently, stuff can go out of date.

Have a plan, any plan. Remember the 7 Ps. Prior preparation and planning, prevents piss poor performance!

The gas cooker was on full noise on the tailgate of the Hilux 4x4 for the first brew of the day and I have internet connectivity, we are literally 'cooking on gas'. Normal business has resumed, even if I am standing in a paddock of cows overlooking the Canterbury Plains!

Until next time, Plan, do, check, act… (I should know!)

Brad Law MBCI is a Senior Business Continuity Consultant working for Risk Logic.

Friday, 18 November 2016 00:00

BCI: Political risks are on the rise

The Business Continuity Institute - Nov 18, 2016 16:36 GMT

There has been a dramatic increase in political risks according to a new study carried out by Sword Active Risk, and this has largely been attributed to the outcome of the UK Brexit vote and the US Presidential election.

In the UK, 44% of organizations cited the political situation, and subsequent implications, as the biggest potential challenge or unknown to their business, in stark contrast to last year when supply chain and cyber security were the most significant risks being faced by companies. In the US, this year a third of companies saw the domestic political situation and supply chain as the biggest risk, when last year it was geopolitical, and physical/construction risks that were seen as more important.

Keith Ricketts, Vice President of Marketing at Sword Active Risk commented; “While both of these events were on the horizon last year, no one predicted that they would turn out quite as they have done, with the UK voting to leave the EU, and Donald Trump becoming US President. After the financial challenges of 2008 and the global recession, there was a feeling that many markets were getting back to a more even keel. This is a stark reminder that unexpected events beyond the control of companies can come out of the blue and have a dramatic impact.

Political change featured as an emerging trend in the latest edition of the Business Continuity Institute's Horizon Scan Report, with 42% of respondents to a global survey identifying it as something for business continuity professionals to watch out for. However, this report was published prior to either of these events occurring so it will be interesting to see where it features in the 2017 report, the survey for which is currently live.

(TNS) - More than a month after Hurricane Matthew’s winds and waves sunk boats and destroyed docks and marinas, questions remain as to who is responsible for cleaning up debris in local waterways and marshland areas.

While Beaufort County, S.C., is partnering with local municipalities and state agencies on efforts to remove storm debris from roadways, that’s not yet the case for debris in the water.

“For marine debris, we are not as far along in the removal process as we are with debris along the roads,” county stormwater manager Eric Larson said earlier this week. “We are working with state agencies trying to determine who is going to take the lead on this.”



Friday, 18 November 2016 00:00

Is Data the New Oil?

Intel CEO Brian Krzanich recently made the controversial statement that data is the new oil. The implication is that data is trending and gaining in power. However, I’d argue that data has always had the potential to be more powerful than oil and that what is changing isn’t its value but our ability to make use of it. Regardless of how you approach this argument, Intel is in a good position to benefit from this change, but likely needs to play an even bigger role to assure its survival, and ours.

Let’s chat about that this week because I don’t think we talk about the downside of data enough to prevent it.



If you really want to be prepared for a cyber incident, you need to establish a response team (CIRT) ahead of time. Your team should be made up of everyone you can think of that can help detect, diagnose and isolate a incident. Your team members should be identified beforehand, but as each event is unique, your team may change depending on the type of incident. Your cyber-response team is different than your broader incident management team, though they do work together.

Members of your team should include:



Friday, 18 November 2016 00:00

BC & DR Pros, We Need Your Help!

Posted by Stephanie Balaouras on November 17, 2016


Each year, Forrester Research and the Disaster Recovery Journal team up to launch a study examining the state of business resiliency. Each year, we focus on a particular resiliency domain: IT disaster recovery, business continuity, or overall enterprise risk management. The studies provide BC pros, DR pros, and other risk managers an understanding of how they compare to the overall industry and to their peers. While each organization is unique, it's helpful to see where the industry is trending, and I’ve found that peer comparisons are always helpful when you need to understand if you’re in line with industry best practices and/or you need to convince skeptical executives change is necessary.

This year’s study will focus on IT disaster recovery or resiliency (my preferred term). We’ll examine the overall state of DR maturity including organizational trends, reporting lines, staffing levels, progress towards active-active data center configurations, adoption of advanced technologies for application failover and data replication, current recovery time and recovery point capabilities, and the most common causes of downtime. In our last three surveys, the number one cause downtime has been power outages, let’s see if the trend holds or if will see a new emperor of downtime like DDoS attacks.

For DRJ readers, the results and a summary analysis will be available on their website in January, and if you attend the upcoming DRJ Spring World 2017, I'll be there to deliver the results in person. For Forrester clients, myself and Naveen Chhabra will write a series of in-depth reports that will examine each of the survey topics in depth during the next several quarters. If you feel this data is valuable to the industry and you’re a DR, BC, or ERM decision-maker or influencer, please take 15 to 20 minutes to complete the survey. All the results are anonymous. We don’t even need your email address unless you’d like a complimentary Forrester report (and I promise we won’t use your email address for any other purpose).

Click here to take our survey.

The Business Continuity Institute - Nov 18, 2016 09:11 GMT

Incredible as it may seem to your average, dyed-in-the wool business continuity professional, the fact is that the majority of 'normal' business people don't find the subject of business continuity management particularly enthralling.

Why is this? There are, after all, some elements of the business continuity process that are, at the very least, vaguely interesting and, in some cases, actually quite challenging or thought-provoking.

One reason may be the way that it's usually packaged. How often do we see the person leading the process begin by a) spouting doom and gloom about all the terrible things that might befall our organisation and b) spending hours describing the business continuity lifecycle? You know the one. It usually comes with a diagram comprising a circle surrounded by words like analysis, strategy, plans, testing, maintenance and so forth. And many a seasoned business continuity professional has been known to rattle on about this process for hours on end.

Then there's the business impact analysis, usually the first activity, other than sitting through the aforementioned presentation, that the business people are asked to participate in. Unfortunately, most business impact analyses are about as exciting as watching paint dry. And when you consider that most people have an awful lot of other things vying for their time and attention, is it really any wonder that they don't fully engage with a programme that starts like this?

But it doesn't have to be like that. Whilst the various elements of the business continuity lifecycle have to be addressed in some form if the resulting capability is going to be worth anything, they don't have to be approached in a way that makes people switch off from the outset.

There are a number of things that can be done to make the business continuity programme more interesting and engaging. Examples include :

  • Starting with an exercise rather than a business impact analysis. And maybe using a format for the exercise that's entertaining or light-hearted, rather than doom-laden and pressurised. It might, for instance, include an element of competition, or the event might be structured like a game or a quiz show, rather than yet another meeting or navel-gazing session.
  • Using such games and competitions throughout the programme to stimulate discussions about important issues. You might, for instance, pit teams against each other and award points or prizes for the winners or those who correctly identify whatever it is that you want them to.
  • Engaging with the creative people in your marketing team to come up with some interesting, thought-provoking awareness materials or to create a 'brand' for the programme.

There's no law that says business continuity management has to be dull - it just happens that way in many organizations. Whilst the above suggestions won't necessarily result in a laugh-a-minute romp that people shun their other day-to-day activities to participate in (and, let's face it, what other business activities are like that?), it might make them more inclined to get involved.

So why not give it a go in your organization? All it requires is a bit of creativity. And, yes, there may be a bit more effort involved in the planning and preparation, but if you can engage people that effort will be repaid many times over in results compared with the more typical, same-old-same-old, dull-as-dishwater business continuity approach.

Andy Osborne is the Consultancy Director at Acumen, and author of Practical Business Continuity Management. You can follow him on Twitter and his blog or link up with him on LinkedIn.

Listen carefully. Do you hear it? That eerie hissing noise? It’s not a plumbing issue. It’s the sound of your data — growing exponentially by the nanosecond. With every breath and every blink of an eye, your data continues to grow, subtly yet inexorably. Think snow: The flakes fly, first one, and then another, and another, then grow to a torrent seemingly before your eyes. What was a clear, clean sidewalk has swiftly become a mountain of white stuff. It’s a lot like data: You know it’s collecting, yet when you turn your concentration to other things, suddenly you find you’re buried in information.

Whatever business you run, product or service you provide, data growth is a fact of your life. How it affects your life and your bottom line has everything to do with how you assess your data storage needs, and how effectively you respond to data expansion within your organization. Like snow, even the most accurate forecast won’t solve your shoveling problem unless you’re proactive about handling it.

How did it ever get this way with data? It’s simple, and it isn’t. First, almost every organization has an insatiable appetite for data. We crave it, create it, store it, scrutinize it, and continue to make more of it. In fact, the prestigious research company Gartner, Inc., points out that the average IT department’s data grows at the incredible rate of 40% per year. By this accounting, your storage capacity will need to double over the next year to 18 months!



Are you weighing the benefits of cloud storage versus on-premises storage? If so, the right answer might be to use both–and not just in parallel, but in an integrated way. Hybrid cloud is a storage environment that uses a mix of on-premises and public cloud services with data mobility between the two platforms.

IT professionals are now seeing the benefit of hybrid solutions. According to a recent survey of 400 organizations in the U.S. and UK conducted by Actual Tech, 28 percent of firms have already deployed hybrid cloud storage, with a further 40 percent planning to implement within the next year. The analyst firm IDC agrees: In its 2016 Futurescape research report, the company predicted that by 2018, 85 percent of enterprises will operate in a multi-cloud environment.

Hybrid has piqued interest as more organizations look to the public cloud to augment their on-premises data management. There are many drivers for this, but here are five:



Thursday, 17 November 2016 00:00

12 Reasons Risk Management Fails

Risk management has gained increased attention and interest in recent years, both from industry professionals and academics. The main focus of thorough risk management is the continuous identification and treatment of the potential risks. Its objective is to add maximum continual value to all the activities within the organization. In addition, in developed and emergent countries, capital markets have become more significant and as a result, nonfinancial corporations and banks have recognized that the number, type and extent of their threat landscape and inherent risks have increased significantly. Finally, a wave of unpredictable payment-related enhancements can be considered both a source of risk and a method to mitigate.

Risk management has also gained attention considering the ongoing and widely publicized failures having roots in its erroneous implementation. Risk management failures prohibit organizations from meeting their goals, thus determining repetitive – and sometimes of exponential magnitude – business and project failures. Although the risk management approach varies among firms, enterprise risk management is an organizational pivot point in achieving corporate goals. Risk and performance are inevitably connected. By establishing a reliable and controlled process for managing risks, organizations can determine the predictability of their outcome. Enterprise risk management enables enhanced decision-making, consequently enabling significant cost savings. Additionally, if properly implemented, risk management connects risks across various levels in the organization and, in leveraging other processes such as program management, enables threat-to-opportunity conversion.



Thursday, 17 November 2016 00:00

Your Incoming Text Messages Are Going to Change

Think you get a lot of emails? Your text messages are about to explode as well, at least that’s what I’m predicting. Why? Because more and more organizations are beginning to understand what you and I have known all along: texting is the quickest and easiest way to communicate.

Texting personal messages between friends, groups, and colleagues have become an American mainstay. I say “American” because countries like Japan and Korea rarely text. Instead, they prefer instant messaging apps. But that’s another blog for another time. The purpose of this blog is to help you understand that these interpersonal texts are most definitely going to become a little less personal.



Thursday, 17 November 2016 00:00

The Functional Business Impact Analysis (BIA)

Creating a functional Business Impact Analysis (BIA) can be a daunting task for any organization.  As a foundational requirement of any continuity program, it must be completed in order for you to understand risk and drive the development of plans, identification of recovery strategies, and implementation of solutions. 

As a company, MHA has conducted well over 2,000 BIA interviews. Our goal is to make sure that the information gathered and the process used are built around ensuring the functionality of the BCM Program.  Over the years, we have developed a highly-refined process to plan, conduct and report the results of a formal BIA.  That process allows for 3.5 to 4.0 hours of a business unit’s time to complete the BIA.  This includes 45 minutes to complete the pre-work, 2.5 hours or less for the interview, and 0.5 hours to validate the results.   Often, organizations are now asking us to finish interviews in as little time as possible – often in the 1 – 1.5 hours time frame!

We have learned that while it is possible to perform a BIA efficiently, it is still a time consuming process, especially when the data is significantly out of date ( > 2 years). Your questionnaire should be in compliance with best practices, but be tightly focused, have limited questions, and be objective. The goal is always a functional outcome, not just “checking the box.”



Stakeholders demand that companies grow, but at the same time, they expect growth to be managed to make sure the brand is not tarnished. That means enabling value as well as protecting value, which comes down to striking the appropriate balance between risk agility and risk resiliency.

For many years, risk management has focused on protecting the brand and keeping the company out of trouble. But if it’s done right, risk management is about playing not only defense but offense as well—it’s about value protection and value enablement.



The human and economic costs of extreme natural disasters on poverty are much greater than previously thought and insurance is one of the resilience-building tools that could help, according to new analysis from the World Bank.

In all of the 117 countries studied, the report finds that the effect of floods, windstorms, earthquakes and tsunamis on well-being, measured in terms of lost consumption, is larger than asset losses.

It estimates the impact of disasters on well-being in these countries is equivalent to global annual consumption losses of $520 billion, and forces 26 million people into poverty each year. This outstrips other estimates by 60 percent.



The Business Continuity Institute - Nov 17, 2016 11:33 GMT

How time flies, I cannot believe it’s been two years since I contributed to the Business Continuity Institute’s20 in their 20s’ publication. I’ve been in my current role for just over a year, working as a Payments Risk Manager. Whilst I no longer work with the business continuity team in Operational Resilience, BC still features as part of my remit and I am accountable for BC to the Payments Division. This includes ensuring our testing capabilities are mapped, mission critical activities are documented but also, starting to consider the resiliency of our payment services we offer as an organization.

I’d say my outlook on BC remains unchanged in the sense that I entirely value the importance of a good BCM framework and the responsibilities that support it. Equally, culture is something I massively champion in my current role and needless to say, ‘always on’ is the expectation which helps culture to evolve and mature. In my opinion, the financial services industry has responded brilliantly to the challenges faced by customer expectation, and resiliency is a key factor to ensuring we always meet those needs. Whether it be bolstering third party relationships with robust governance, to installing huge change programmes to improve IT and value chain resiliency, every financial services organization is switched on to protecting their corporate objectives as we move swiftly into the arena of innovation and digital payments.

I’ll always have a fond place in my heart for business continuity and maybe one day, I’ll find myself in a BC exclusive role again… but for now, I’m having too much fun in Payments!

Within an organization of size, you’re always going to struggle to get culture right for different initiatives. The general top down approach works well, but there’s a lot to be said for cross collaboration over different divisions and peer level interdependencies. The market also has a great stake in the corporate objectives, be it throwing the light on conduct and good customer outcomes or a competitor experiencing a widespread incident. Those ‘big ticket items’ will always prompt activity and focus and, in a way, the culture of the organization has no choice but to move with the times.

For BC in particular, it can be tough to get traction if the business has experienced calm waters for a while. The problem with that is, it doesn’t necessarily bring a call to action to the forefront of people’s minds and culture can suffer as a result. However, we’re in a different world now to where we were as an industry five years ago – IT estates are not only crucial but expectant to be fully resilient to ensure the customer expectation is met, and businesses have been purposefully carving out strategies to evolve business and IT resilience; within which, BC is a core component. In doing so, embedding the culture of business continuity becomes less cumbersome, more like a business-as-usual activity and a key part of everyone’s role.

Scarlett Morgan has worked for Nationwide Building Society for many years and in that time has worked in operations, transformation, business continuity, payments risk and technical services. In her new and current role, Scarlett works as a Development Specialist in Payments, driving process improvements and embedding corporate governance into the functions of the team.

Wednesday, 16 November 2016 00:00

Three Trends Driving Digital Business Innovation

The conventional paradigm for value creation is being abandoned, and IT organizations are struggling in the face of three major challenges. We need to look at how to extract value from an ever-growing mass of data spread across disparate sources. We must find strategies to cope with the impact and opportunity that the Internet of Things (IoT) brings. And, we need to adapt to evolving work habits and a mobile workforce.

The Promise of Big Data Analytics

This is the third generation of transformative change in IT in recent years. There’s been a shift from bespoke applications serving specific business purposes to enterprise resource planning (ERP) ushering in an era of more integrated software that helped us to better manage the execution of our businesses.

Now, with big data analytics, we’re looking for insights in all the wonderful transactional data we’ve been gathering for years. Failures in data governance and data model definition are making it difficult for analytics. In many cases, the data is simply too diverse and disparate. The full potential benefits will only be realized when we connect it together.



This week I read an article about Canada’s struggle to unify its emergency alert system. Major Canadian cities frequently use differing systems and often those systems are unintegrated, causing the mass alert system to be inefficient and even dangerous with its omissions. As the author put it, “…the audiences for those warning are often scattered across a vast region, and the organizations that broadcast them can differ as much as the methods they use to communicate.”

While this is speaking about Canadian cities, it struck me how similar their challenges are to just about any organization worldwide. Organizations, too, struggle to find an emergency alert system that works not just for some, but for all. With so many companies comprised of a dispersed workforce that use differing devices and channels, the issue becomes less about the emergency message and more about how to get it to every employee, near and far. Leaving even one employee in the dark could mean the difference between life and death.



According to a recent study, more than 40% of businesses have experienced a ransomware attack in the last year. Of these victims, more than a third lost revenue and 20% had to stop business completely.
Unfortunately, the news continues to go from bad to worse. Ransomware developers are now going after the crown jewels of many organizations - their production databases. For the uninitiated, let’s explain why this is such a big deal. In today's digitalized world, massive amounts of data are being gathered every day and stored in production databases, such as Oracle, Microsoft SQL Server, and MySQL. They are so ubiquitous, that they really form the bedrock for most web applications -- sending and fetching data about customers, purchases, traffic, and website movements to and from the database. These databases are so critical that it's common for businesses to hire professional, certified database administrators just to manage these systems and keep them operational.
So, when these production databases get infected by ransomware, it can threaten an organization on a number of levels. The business costs fall into a few categories and they typically far outweigh the cost of the actual ransom, including:

SAVANNAH, Ga. – Officials urge Georgia’s Hurricane Matthew survivors to use their federal disaster aid for its intended purpose.  Improperly using the funds could be a violation of the declaration survivors sign to receive the grants and could result in future assistance being denied.

Once approved for disaster grants, Georgia survivors receive FEMA aid via check or an electronic direct deposit to their checking account. They receive a letter from FEMA providing information about the grant and how the money can be spent.

Before survivors receive their grants, they must sign a declaration and a release certifying that all funds will be spent on the expenses for which they are intended.

These grants are for repairs, temporary housing and other approved, essential disaster-related costs. Disaster recovery officials are available to help survivors understand the way grants should be spent after they receive the funds. Georgia survivors who have questions about their grants should call FEMA’s Helpline at 800-621-3362.

Federal officials caution that the funds may be deposited into bank accounts before letters announcing the grants are delivered to survivors.

Housing funds may be used for:

  • Rental assistance. Applicants who have a continuing need for temporary rental assistance must turn in valid lease and utility receipts to receive additional assistance.

  • Reimbursement for lodging expenses directly related to the disaster.

  • Repairs to windows, doors, water and ventilation systems or other structural elements to return a home to a safe and functional condition.

  • Rebuilding a disaster-damaged home.

    Recipients of FEMA’s Other Needs Assistance program grants may use the funds for:

  • Essential personal property, specialized tools for employment, household items, appliances and vehicle repair or replacement.

  • Disaster-related medical, dental, moving and child-care expenses.

    Applicants should be sure to update their personal information including addresses, phone numbers and bank accounts. If FEMA does not have the correct contact information, disaster survivors may miss letters or phone calls about their applications for assistance or payment status.

    FEMA grants cannot duplicate payments from other sources. For example, if a grant recipient receives an insurance settlement covering expenses already paid for by FEMA, those duplicated funds must be returned to FEMA.

    Federal assistance is available to eligible individuals and households in Bryan, Bulloch, Chatham, Effingham, Evans, Glynn, Liberty, Long, McIntosh and Wayne counties. Damage or losses from Hurricane Matthew in Georgia must have occurred Oct. 4-15.

    Survivors are encouraged to keep their information updated by logging into their account:

  • Online at DisasterAssistance.gov (also in Spanish).
  • Download the FEMA mobile app (also in Spanish).
  • Call the FEMA Helpline at 800-621-3362 (FEMA). Persons who are deaf, hard of hearing or have a speech disability and use a TTY may call 800-462-7585. Toll-free numbers are open daily from 7 a.m. to 11 p.m. Help is available in most languages.

For updates on Georgia’s Hurricane Matthew response and recovery, follow @GeorgiaEMA and @FEMARegion4 on Twitter and visit gemhsa.ga.gov and fema.gov/disaster/4284

# # #

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Tuesday, 15 November 2016 00:00

Have No Fear, Notification Systems are Here!

How well does your organization communicate?  If the answer is not too great, then let me share a solution that could help you.  Notification software is a rapidly growing area in business continuity.  These dynamic structures allow you to reach your employees by personal or work contact information, fax, and even SMS text. Notification software includes a plethora of features, such as reaching employees based on geographic location, if a specific population is impacted by regional events.  Time is of the essence when your organization is critically impacted.  These advancements in communication not only allow companies to locate and confirm their employees safety but enables anytime, anywhere communication.

There are endless benefits to having emergency notification systems implemented within your organization.  A few of those benefits include:



Yes, building risk culture is that easy! Before I explain, let me first clear up a few weird misconceptions about risk culture that have been floating around in nonfinancial companies:

Making decisions under uncertainty is not natural

Back in the 1970s, scientists had a breakthrough in understanding how the human brain works, what influences our decisions, how cognitive biases impact on our perception of the world and so on. Daniel Kahneman and Vernon Smith received a Noble prize in Economic Sciences back in 2002 “for having integrated insights from psychological research into economic science, especially concerning human judgment and decision-making under uncertainty.” I am amazed at how many risk managers and consultants continue to simply ignore this research. Identifying, analyzing and dealing with risks is against human nature. Stop kidding yourself. The sooner we, as a professional community, accept this, the easier it will be to integrate risk management into decision-making.



VIRGINIA BEACH, Va. —Even if you have homeowners’, renters’ or flood insurance, you are urged to register with the Federal Emergency Management Agency (FEMA). Registering with FEMA is a primary step in qualifying for disaster assistance after contacting your insurance agent to see if disaster damage is covered.

In the aftermath of Hurricane Matthew, FEMA is advising survivors who live in Chesapeake, Newport News, Norfolk or Virginia Beach with property damage to contact both their insurance company and FEMA. Tuesday, Jan. 3, 2017 is the last day to apply to FEMA for disaster assistance.

If you are a homeowner or renter with insurance and your home or personal property was damaged by the storm:

  • You must contact your insurance agent to file a claim with your insurance company.

  • You should be prepared to fully describe to your agent the damage caused by the storms.

  • You should keep a record of all contact you have with the agent and the insurance company.

  • You should keep a record of the claim number and the date you called to make the claim.

  • Always keep all damage repair receipts.

  • FEMA will send you a letter requesting insurance claim documentation, such as a decision letter (settlement or denial) from your insurance company, in order to further process your application.

FEMA cannot duplicate benefits that are covered by insurance, but you may be eligible for help with losses not covered or those in excess of your insurance coverage. However, you will not be considered for this assistance until FEMA receives a decision letter from your insurance company.

Homeowners and renters may be eligible for FEMA Other Needs Assistance (ONA) grants to help with uninsured or underinsured expenses and serious needs caused by the disaster, including:

  • Medical

  • Dental

  • Child care and

  • Funeral cost

Survivors who register and receive a Small Business Administration (SBA) low-interest disaster loan application should return the application. SBA applicants are not obligated to accept a loan; however, completing the application may make available additional FEMA assistance. Applicants who may not qualify for a SBA loan may be eligible for Other Needs Assistance.

FEMA encourages both insured and uninsured survivors who sustained disaster-related damage or losses to apply by phone (voice, 711 or relay service) at 800-621-3362 (TTY users should call 800-462-7585) or online at DisasterAssistance.gov. The toll-free lines are available from 7 a.m. to 11 p.m., seven days a week. Multilingual operators are available. Jan. 3, 2017 is the last day for survivors to file an application.

The Business Continuity Institute - Nov 14, 2016 00:01 GMT

Organizations exposed to significant risk due to lack of workplace recovery arrangements

Caversham, UK – A disconnect exists between business continuity professionals and end users when it comes to workplace recovery, according to a report published by the Business Continuity Institute and supported by Regus Workplace Recovery. The global study showed that, while only 12% of business continuity experts confirm their organization lacks a workplace recovery arrangement, 31% of end users claimed their employers don’t have any arrangements in place, or they are unaware of what they are.

The Workplace Recovery Report noted that even organizations with workplace recovery arrangements in place face risk and uncertainty when it comes to actual recovery plan implementation. One of every five experts feel uncomfortable that their organization’s employees will execute their work area recovery solution as planned, while 17% of end users are not comfortable they can carry on services in the case of an area-wide event.

Other findings of the report include:

  • 37% of end users are either unaware or unable to provide feedback on their organization’s workplace recovery arrangements
  • 26% of end users and 16% of experts feel that their organization’s business continuity priorities are not fully consistent with end user priorities
  • Three quarters of end users consider themselves critical, while 64% of experts believe only 20% of employees fall in this category
  • Nearly four out of every five end users believe that there is a workplace recovery plan for them in the case of a disruption
  • Work-from-home received less consideration as a workplace recovery approach from experts than from employees (26% vs 44%)
  • 45% of end users are not happy to work from home for more than two weeks
  • When deciding whether to work from an alternative location or from home, 32% of employees base their decision on ease of reaching alternative sites, while 20% focus on access to key enterprise systems, and 15% on having appropriate office infrastructure

The success of a chosen strategy such as workplace recovery depends on its proper implementation by staff, led by a capable business continuity or resilience team. The results reveal that experts have a basic level of confidence in the capability of staff to effectively execute workplace recovery during disruption. However, there are still gaps in awareness and implementation that need to be addressed.

The safety of employees remains a key priority for both workplace recovery experts and end users. This needs to be articulated by practitioners as it can facilitate staff buy-in into workplace recovery and enable embedding of business continuity throughout the organization. While priorities among experts and end users differ down the line, it is useful to communicate the importance of workplace recovery as a chosen strategy in appropriate language and along staff priorities.

Many employees also reveal a preference for working from home during an incident. This may be related to their desire to be close to their families during a crisis – a fact that should be strongly considered prior to selecting a single recovery facility that is a long distance from where the employee lives. This also carries significant implications to organizations such as ensuring that employees’ homes are conducive to such an arrangement from a business continuity, risk or health and safety perspective.

Patrick Alcantara DBCI, Senior Research Associate at the BCI and author of the report, commented: “When executed properly, in line with a holistic business continuity programme, workplace recovery can help build resilience within organizations. As part of business continuity strategy for many organizations, it is important to benchmark workplace recovery leading to better planning and implementation. The BCI Workplace Recovery Report aims to respond to practitioner demand and provide much needed insight in this subject, and we would like to thank Regus for supporting this work.

Joe Sullivan, Managing Director for Workplace Recovery at Regus, commented: “With natural disasters impossible to predict and an increased risk from other world events, the need to have an established workplace recovery plan is greater than ever. We feel that when disaster strikes, ensuring your people have a secure and productive work environment is harder than recovering your IT. We need to understand how employees will react in the aftermath of a crisis – this research starts to take a look at these behaviours and it is the first of its kind to do so.

Download a copy of the Workplace Recovery Report by clicking here.

About the Business Continuity Institute

Founded in 1994 with the aim of promoting a more resilient world, the Business Continuity Institute (BCI) has established itself as the world’s leading Institute for business continuity and resilience. The BCI has become the membership and certifying organization of choice for business continuity and resilience professionals globally with over 8,000 members in more than 100 countries, working in an estimated 3,000 organizations in the private, public and third sectors.

The vast experience of the Institute’s broad membership and partner network is built into its world class education, continuing professional development and networking activities. Every year, more than 1,500 people choose BCI training, with options ranging from short awareness raising tools to a full academic qualification, available online and in a classroom. The Institute stands for excellence in the resilience profession and its globally recognised Certified grades provide assurance of technical and professional competency. The BCI offers a wide range of resources for professionals seeking to raise their organization’s level of resilience, and its extensive thought leadership and research programme helps drive the industry forward. With approximately 120 Partners worldwide, the BCI Partnership offers organizations the opportunity to work with the BCI in promoting best practice in business continuity and resilience.

The BCI welcomes everyone with an interest in building resilient organizations from newcomers, experienced professionals and organizations. Further information about the BCI is available at www.thebci.org.

About Regus

Regus is the world’s largest provider of flexible workspace solutions and workplace recovery services, with a mission to enable individuals and businesses to work where they want, when they want, how they want, and at a range of price points. Leveraging a global network of 3000 business centres in 900 cities across 120 countries, their solutions are designed to meet the needs of today’s global, mobile and remote workforce.

The Regus Dynamic Workplace Recovery solution has revolutionised workplace recovery by enabling businesses to choose where and how to recover after an event, and was awarded the 2016 BCI European and Asia Awards for Continuity and Resilience Innovation.

Regus was founded in Brussels, Belgium, in 1989 and is based in Luxembourg. It is listed on the London Stock Exchange and is a constituent of the FTSE 250 Index. To learn more about how we are changing the world of workplace recovery, please visit


There’s no question that there is a need for solid cybersecurity awareness training. Yet, how effective is it, really? A couple of studies I’ve seen recently make it seem like you can provide all of the cybersecurity education you want, but it won’t make any difference if your employees are ignoring whatever they are taught.

Research from CEB found that 90 percent are not following cybersecurity policies that are meant to prevent data breaches and other security threats, and doing so willingly. One of the biggest rule breakers is the use of shadow IT, with employees using their own devices and applications without company permission or approvals. For the employees, it’s about convenience, familiarity and better productivity. For IT and security staff, it’s a potential cybersecurity nightmare. As Brian Lee, Data Privacy practice leader with CEB, told Infosecurity Magazine:

Employees will often work around controls — especially ones they feel are onerous — as a way to make their job easier. This 'rationalized noncompliance' can not only increase privacy risks, but even jeopardize corporate strategy and ultimately growth.



On October 21, 2016, the U.S. was the victim of a massive, malicious and blindsiding assault—without a foreign machine gun, grenade launcher or tank so much as touching American soil. How is that possible? Because we’re not talking not about a physical attack, but about a cyber attack. And here’s the worst part: While this recent event might have been the largest of its kind to date, it’s not going to be the last.

Understanding the Attack

So how did cyber attackers manage to take down the internet? That’s where it gets really scary. They used malware to infect the personal devices of hundreds of thousands of unsuspecting people, then used them to flood a middleman website, Dyn, with so much traffic that users were unable to access their online destinations, including prominent websites like Spotify, Amazon, Twitter, PayPal and Netflix. A Dyn spokesperson described the attack, which was conducted in three waves throughout the day and involved “tens of millions of IP addresses all hitting Dyn servers at the same time,” as “well-planned and sophisticated.”

The disruption wasn’t just inconvenient, it was also costly. According to CNN, the attack may have amounted to as much as $110 million in lost revenue and sales for the impacted businesses.



What is your company’s level of Active Shooter Preparedness? How ready are you for the unthinkable?

With active shooter incidents on the rise, it is more important than ever that companies are prepared for this threat. However, recent research from Everbridge and Emergency Management and Safety (EMS) Solutions shows that is not the case, with 69 percent of organizations viewing active shooter as a top threat, yet only 23.1 percent responding that they’re fully prepared. How can you ensure your organization is prepared for this significant evolving threat?

It doesn’t matter whether you are a business continuity, security, crisis manager, crisis communications or human resource professional…this narrative has something for everyone. Everyone has skin in the game.



Key Drivers

I recently saw an article from Campus Safety magazine that discussed how college campuses are attempting to maximize the ROI of their alert systems. This isn’t a surprise, as it has become mandatory for schools to have some sort of mass communication system in place for emergencies. Sadly, school campuses from elementary through college have lost their sense of security after so many stories of campus violence. We’ve all mourned the tragedies of Sandy Hook, Columbine, and Virginia Tech. There have been 142 school shootings in the U.S. since 2013 and nearly every state has been affected…see the above map.

On top of everything schools have to contend with each year , these horrific crimes have quickly placed campus security at the top of the priority list. The mass notification system market is responding and is expected to grow to nearly 10 billion USD by 2021, due in part to the growing demand for public safety and increased awareness for emergency communication solutions.



Master data and Big Data sit on opposite ends of the data spectrum. They look different, are managed differently, and ultimately serve different purposes. However, with the proper enterprise data practices in place, these two seemingly unrelated data sets working in tandem can add value to each other, thus becoming greater than the sum of their parts.

Master data is slow changing data. Master Data refers to attributes such as name, address, phone number, emails, contacts of your customers or attributes and features of a product. Master data can also be used to slice and dice transactional data, in order to better understand a company’s business operations and opportunities. Master data is typically small – the largest online retailers may have a master customer list that is a few millions rows of data, but for the most part, master data is much smaller in scale. Master data is also significantly cleansed and is scrubbed periodically to ensure its accuracy. On the opposite end of the spectrum is Big Data. Known for its massive volume, variety and velocity, big data is generally acquired from external sources with little or no room for cleansing or scrubbing it.

Master data and big data do share one important similarity – They can both serve as great assets for those organizations that pay close attention to them. More and more companies are expanding their horizons by exploring the vast world of unstructured data from external sources, such as social media, mobile, chats and other online interactions. As a result, there is a growing challenge within these organizations to monetize the benefits, and thoroughly understand what the data is telling them beyond insights at an aggregate level.



Friday, 11 November 2016 00:00

Automation And Sharing Are Common Themes

After years of shunning automation and information sharing efforts, the security industry is now embracing them. Every vendor conference I attended this fall talked about the need to automate some security functions in order to increase security teams' efficiency and ability to quickly detect and respond to incidents. The vendors also focused on the need to break down the silos and share information across the security and IT organizations, between vendors, and throughout the security community.

Why the change? The pace of attacks along with the continued stress of resource-constrained organizations are forcing security leaders to find new solutions.

Automating some security processes helps to fill the infamous cybersecurity skills gap and provides faster threat response. Most of the automation comes in the form of orchestrating processes which support threat investigation and hunting. Automated mitigation functions like process stopping, user quarantining, IP blocking, etc. are also possible through integrations between security analytics solutions and security controls.

After years of shunning automation and information sharing efforts, the security industry is now embracing them. Every vendor conference I attended this fall talked about the need to automate some security functions in order to increase security teams' efficiency and ability to quickly detect and respond to incidents. The vendors also focused on the need to break down the silos and share information across the security and IT organizations, between vendors, and throughout the security community.

Why the change? The pace of attacks along with the continued stress of resource-constrained organizations are forcing security leaders to find new solutions.

Automating some security processes helps to fill the infamous cybersecurity skills gap and provides faster threat response. Most of the automation comes in the form of orchestrating processes which support threat investigation and hunting. Automated mitigation functions like process stopping, user quarantining, IP blocking, etc. are also possible through integrations between security analytics solutions and security controls.



The Business Continuity Institute - Nov 11, 2016 15:20 GMT

Winning a BCI Award, whether regional or global, is a considerable achievement. It demonstrates your dedication to the industry and reflects the effort you have put in, either as an individual or as an organization. BCI Award winners act as a shining light to those around them, giving them something to aspire to and work towards. To win a BCI Award on a regular basis however, that takes something extra special.

The Business Continuity Institute is pleased to announce that the latest inductee to the Hall of Fame is ContinuitySA, the winners of three consecutive Business Continuity Provider of the Year Awards at the BCI Africa Awards.

"Winning this award for three consecutive years was a huge honour for ContinuitySA because it represents affirmation not only from our peers but also our clients. Becoming members of the BCI's Hall of Fame provides a welcome, permanent record of that achievement, and we are most grateful to the Institute for this accolade," says Michael Davies, CEO of ContinuitySA. "I wish to recognise the fact that our place in the Hall of Fame is testimony to the fantastic people of ContinuitySA past and present – this is recognition of the massive contribution they have made to our success and to the industry as a whole."

The BCI’s Hall of Fame, set up in 2015, is for those who have not only displayed a high standard of achievement, but have done so consistently. As such, only those who have won three BCI Awards within the same category will be permitted to enter.

The Business Continuity Institute - Nov 10, 2016 16:27 GMT

At a Gala Dinner at the Novotel London West Hotel, the Business Continuity Institute presented its annual Global Awards to recognise the individuals and organizations who have excelled throughout the year.

The BCI Global Awards consist of nine categories – eight of which are decided by a panel of judges with the winner of the final category (Industry Personality of the Year) being voted for by their peers.

The BCI hosted regional awards throughout 2016 with the best in business continuity and resilience from different regions across the world being celebrated in front of their peers. The Global Awards ceremony is the culmination of the awards calendar with each of the regional winners competing to be crowned the global winner. Those celebrating at the end of the evening were:

Continuity and Resilience Consultant
Paul Trebilcock FBCI, Director, JBT Global

Continuity and Resilience Professional Private Sector
Linda Laun AFBCI, Chief Continuity Architect, IBM

Continuity and Resilience Professional Public Sector
John Ball AFBCI, Business Continuity Coordinator, Surrey and Sussex Police

Continuity and Resilience Newcomer
Tamara Boon AMBCI, Business Continuity Manager, Adidas Group

Continuity and Resilience Team
Belfius Bank Belgium Business Continuity and Crisis Management Team

Continuity and Resilience Provider (Service/Product)
Fusion Risk Management Inc and the Fusion Framework BCM Software

Continuity and Resilience Innovation
Westpac Group Protective Services, Education and Awareness Team

Most Effective Recovery
VTB Capital Plc

Industry Personality
Brian Zawada FBCI, Director of Consulting Services at Avalution Consulting

In my two years as Chairman of the BCI it has been a great privilege to present the Global Awards, and to celebrate the strength and depth of talent we have in the industry," said David James-Brown FBCI, Chairman of the BCI. "The entries this year were again of an extremely high calibre and all the winners can justifiably be proud of their achievement. Those who didn't win their category are still global finalists and should be rightly proud of their achievement. The awards demonstrate that we are graced with talented people striving for excellence in what they do. There is no higher accolade in Resilience than a BCI Global Award. Thank you and well done to all the 2016 finalists.

Others celebrating on the night included Jane Grey CBCI who won the Alan Reid Education Award for achieving the highest score out of the 1284 people who sat the CBCI exam during the previous year, while Christopher Lewis DBCI won the Gold Award for being the top BCI Diploma student.

Merit Awards went to Mohan Menon AFBCI and Jim Barrow MBCI, while Achievement Awards went to Gianna Detoni AFBCI and Howard Kenny FBCI - all in recognition of the work they have done on behalf of the Institute in their local communities.

James Crask became an Honorary Member of the BCI, while Peter Power and Lesley Grimes both became Honorary Fellows - all three being awarded for the commitment they have shown to the Institute throughout their distinguished careers.

Enhanced focus on internal controls by corporate boards and regulators sometimes appears to be a post-financial crisis phenomenon. Those tasked with designing, executing and assuring the resiliency of a corporation’s internal control infrastructure sometimes struggle with articulating the business case for it, as well as defining the business need for internal controls. It is, hence, important to recognize and understand what “controls” are and their value in achieving desired outcomes.

Controls have been utilized for millennia as a means to assure that objectives are met within a range of tolerable outcomes. They have been developed and deployed to reduce uncertainty (or unwanted deviations) within a process or system to achieve a desired outcome. In the third century B.C., Ktesibios’s water clock in Alexandria, Egypt kept time by controlling the water level in a vessel. Today, internet protocol thermostats are available to remotely regulate and control temperature in our homes. There are applications of controls all around us that have become a ubiquitous part of our daily lives. Without effective and reliable controls, it is difficult to ensure outcomes, and this is particularly true for complex processes and systems in the exchange-listed options space.



Wednesday, 09 November 2016 00:00

Earthquake Spike in Oklahoma Linked to Fracking

A magnitude 5.0 earthquake that rocked Cushing, Oklahoma, on Nov. 6 damaged part of the city’s downtown district, but left no major damage to bridges or highways.

Early reports indicate the damage is not insignificant. A 16-block area in the hard-hit downtown has been cordoned off because of the danger posed by unstable structures and broken glass. No serious injuries or fatalities have been reported, however. Power in Cushing was out for less than an hour following the quake, and several gas leaks were attended to.

The city, which has a population of 7,900, is noted as the world’s largest oil storage terminal and has experienced 19 earthquakes in just the past week, raising safety concerns. As of last week, the town’s tank farms held 58.5 million barrels of crude oil, according to the U.S. Energy Information Administration. The number of earthquakes in the area has also risen exponentially. During the first half of this year, 618 temblors of M2.8 or greater have shaken Oklahoma.



In developing functional disaster recovery strategies and plans, planners should consider these 10 ideas to ensure effectiveness:

  1. Don’t confine yourself to traditional methods or thoughts. For example, you may develop the documentation during an exercise while the individuals are performing the tasks. Participants can note the steps and take screen shots while performing the actions.
  2. Maintain risk management, conduct risk assessments, and develop a risk management culture. Your risk profile will drive changes to the defined strategies and requirements. Mitigation of risk may allow for less complex or lower cost solutions. It also creates a “risk and continuous improvement” environment vs. a “recovery is a project with an end” based culture.



Wednesday, 09 November 2016 00:00

Four Ways to Simplify Your Performance Management

Using the newly released SteelCentral solutions

I don’t know if you’re like me, but twice year—spring and fall—I declutter. I go through my closets, garage, and basement and clean up, donate, give away, recycle, and throw away everything that no longer belongs. For example, I donate clothes that no longer fit, I haven’t worn in a year or more, or I just don’t like any more. It’s liberating.

Riverbed SteelCentral has had a fall cleaning of sorts, only it’s much, much bigger and better than my annual fall cleaning. We’ve consolidated and integrated several products. Actually, we’ve rebuilt several of them from the ground up, and that is going to allow you to simplify your performance management significantly.



Tuesday, 08 November 2016 00:00

What Now for the Hybrid Cloud?

It may have taken a little while, but a critical mass of enterprises has now developed private cloud architectures at sufficient scale to start thinking about tying them to public resources to create the so-called hybrid cloud.

And in traditional IT fashion, it turns out that the reality of this moment is quite a bit different from the expectation. Not only are hybrids more complicated than originally thought, there is growing suspicion that the rationales for creating them in the first place are not all they were cracked up to be.

In the first place, it is becoming clear that cloud architectures – whether public, private or hybrid – will not follow the standard generic infrastructure model of legacy infrastructure. Rather, hybrids will be built from the ground up with specific use cases in mind, which means they will differ in both form and function depending on the applications and processes they are to support.



Tuesday, 08 November 2016 00:00

CDC: This is Your Brain on Emergencies

There’s a fire in your building. Your plane is about to crash. A woman beside you on the street suddenly collapses.

What do you do?

Well, that depends. Every one of us is at risk for these kinds of unexpected intrusions into our day-to-day lives. What you do about it depends on whether or not you’re prepared – not just physically, but also mentally.

In any situation, some things are likely to be out of your control: the size of the fire; who’s flying the plane; what’s wrong with the woman. Some things, however, are up to you. Being aware of how you might react can go a long way toward making a bad situation better.

Know thyself

In a crisis, your brain is going to want to make decisions, and not always the best ones. The good news is there are steps you can take to be a better decision-maker in emergencies. There is science behind the way people react to stressful situations, and we can use it to our advantage.

Science tells us that people behave in high stress incidents in certain ways. What you do will be dependent in large part on what your stress level is. If your heart rate soars above about 175 beats per minute, you’re more likely to go into shutdown mode and not be able to think clearly or act. A technique called “combat breathing” (inhale through your nose, hold, exhale through your mouth, hold) has been shown to reduce your heart rate by 20-30 beats per minute. Controlling your emotion and stress level will help as you go through the decision-making process.

A Perfect Stranger FEMA video‘A Perfect Stranger’ tells the story of Kinneil and Angelia and the event that brought the two women together.

During the decision-making process, your mind will most likely move through three stages:

  • Denial
  • Deliberation
  • Decisive action

Knowing these stages – and preparing for them ahead of time – can help you recognize and deal with what’s going on around you more effectively.

Denial: This is not happening

Have you ever heard gunfire in your neighborhood and blamed it on a firecracker? That’s denial. And it’s perfectly normal. We don’t want to believe bad things are happening. We don’t want to panic or look silly.

In emergencies, we often look to people around us for cues about what we should do. (Is everyone else running and screaming, or are they sitting quietly in their chairs? Are others stopping to help?) This is known as social proof. Social proof is a psychological phenomenon that happens whenever people aren’t sure what to do. We assume others around us know more about the situation, and so we do what they do, whether it’s the right thing or not.

We also know that a person is less likely to take responsibility when others are present. We assume that other people are responsible for taking action, or that they’ve already done so. This is called diffusion of responsibility, and it means you’re actually more likely to get help when you’re with a single person than when you’re in a large group of people.

We are all susceptible to believing these things, which make it easy to deny that 1) an emergency is really happening, or 2) we need to do something about it.

Deliberation: What are my options?

Once you’ve recognized the emergency, you’ll begin to consider your options. If you’re smart, you’ve already started this process before the emergency happens. Maybe you participated in a fire drill at work, or you counted exactly how many rows there are between you and the emergency exit on the plane, or you took a first aid class in your community. The more you’ve prepared, the more options you’ll have to work with.

One thing you can do to prepare everywhere you go is called scripting. All it requires is a little bit of imagination. Pay attention to your surroundings and see what’s available to you. Check for exits (and consider windows as possible exits). Be nosy, especially when it concerns your safety. Then run different scenarios in your head. Where would you go if you had to get out? Who would you call if you needed help? What will you do if there’s a fire? A robbery? A bomb threat? Think about the possibilities ahead of time.

Everybody hates the idea that we practice for emergency events. Fire drills… ugh. But it’s practice, and practice helps you understand what to do or how to react when you don’t have a lot of time. Not only can practice save your life, but if you know how to save yourself, emergency responders on the scene can use their time and effort to save others. You’re one less person who needs saving, and that saves lives.

Decisive action: It’s go time!

You’ve acknowledged there’s a problem. You’ve considered your options. The next step is to take decisive action. With all the information you have, what are you going to do next?

Before you take action:

  • Calm yourself
  • Shift your emotion. If you do get mad, use that anger as energy.
  • Stay fit – if you’re more fit, you’re likely to be more rational

Now is the time to put your plans into motion. Go to the exit, call for help, take cover, give CPR… whatever you’ve decided to do.

In most crisis situations, there is no definite right or wrong. There is no perfect way – only the best we can do. The most important thing is to do something. In almost every case, an imperfect plan is better than no plan, and action is better than inaction.

Remember, if you depend on everyone else to take care of you, you’re leaving the most important person out. Don’t wait to make a plan. Know yourself, know your situation, and be prepared to save your own life.

References and Resources

  • Advanced Law Enforcement Rapid Response Training, Texas State University, Civilian Response To An Active Shooter Event (CRASE).  
  • Ripley, Amanda (2008).  The Unthinkable: Who Survives When Disaster Strikes And Why. New York. Three Rivers Press.
  • Video: “A Perfect Stranger” (FEMA)
  • Video: The Bystander Effect
  • Podcast: Stress Response

Complacency puts them at legal and professional risk, LeClairRyan attorney Christopher Wiech says in recent blog post

ATLANTA, Ga. — When cyber criminals attack retailers and other businesses – potentially placing the data of millions of people at risk – C-level executives like CEOs and CIOs may lose their jobs and could be exposed to crippling lawsuits, warns Christopher A. Wiech, a partner in national law firm LeClairRyan’s Atlanta office.

There may be a lack of understanding and communication across the C-Suite when it comes to cybersecurity practices, says Wiech, a member of LeClairRyan’s Privacy and Data Security Practice who explores these issues in a recent blog, The C-Suite’s Perspective on Cybersecurity and Liability. His post appears in the firm’s Information Counts blog, which focuses on privacy, data security, information technology, e-commerce and other digital issues.

A good defensive plan begins with an understanding of how your organization gathers, stores, accesses and utilizes its data, Wiech notes. “Also be aware of any government regulations that apply, as well as industry or other standards that address data gathering, storage, protection and use, like PCI (Payment Card Industry) data compliance standards,” he advises. “You need to be diligent, because your actions will be closely scrutinized in the event of a hack or other data breach.”



Tuesday, 08 November 2016 00:00

Don’t Ignore Winter’s Fury: Back Up Now

As the end of year nears, businesses typically revise their fourth-quarter plans, check their progress in accomplishing annual goals, and start working on budget proposals for the following year.

Fall is a time of reflection, and MSPs should capitalize on this by bringing up business continuity strategies with clients. Winter isn’t far off and, as we reminded you in the spring, businesses will take weather patterns into consideration when planning budgets and reviewing business continuity plans.

It’s the perfect time to ask clients: “If a snowstorm shuttered your business tomorrow, how confident are you that you’ll recover your data?”



The Business Continuity Institute - Nov 08, 2016 13:32 GMT

Tea. Biscuits. Gin. Tonic. Ant. Dec.

Some things are just made for each other.

They fit together. They are seamless. And they just plain work.

That is the concept at the heart of Daisy Group’s next generation business continuity offering, ‘Continuum’ – which is putting always-on infrastructure and service availability front and centre in UK’s digital transformation journey.

Business continuity has its roots in IT disaster recovery; recovering technology after fire, flood or other such disastrous events. Recovery was often measured in days and hugely reliant on manpower and deep technical expertise to succeed;

Then it became more holistic. More about the business. The people. The buildings. The detailed plans required to recover the processes and services needed to ensure the business could continue; and yet still it was focused on recovery, more than achieving truly continuous operations.

Organizational resilience became the next iteration; the ability of an organization to anticipate, prepare for, and respond/adapt to change and sudden disruptions. Many perceive resilient as ‘cannot fail’ and have abandoned the concept of planning for recovery, or securing a failsafe. For others, achieving and maintaining resiliency is a huge task – where do you start? And at what cost?

‘Continuum’ from Daisy changes everything.

No longer an insurance type approach to disasters; this next generation of BC is more resiliency meets business agility; each aspect operating above a safety net of all that is good from years of IT disaster recovery and business continuity expertise and experience.

Daisy’s Managing Director of Business Continuity - Mike Osborne - explains: “I like to think of it as joining the dots between the need to build a resilient, digital organization, whilst still maintaining the discipline of planning and testing for recovery that provides an ultimate backstop.

Continuum takes into account resilient system design using IT/Cloud dependency mapping; cyber protection and proactive monitoring; always-on connectivity; critical data protection and workplace availability. All of which support normal operations and fully functional recovery in the event of the worst case scenario. It blends modern resilient technology solutions and traditional business continuity assets to allow for a seamless transfer between businesses as usual and business during an incident.

It means one organization owning the entire SLA – whether day to day or in a disaster - all of a business’ digital components are umbrellered beneath the cohesive infrastructure of a single, capable, reliable, service availability partner.

Daisy Group – the UK’s largest independent provider of converged B2B communications and IT infrastructure services and a leading UK provider of business continuity services - launched the new offering this week at BCI World in London, the global event for business continuity professionals.

It represents a seismic shift in the way business continuity has been traditionally provisioned. Whilst the technology and workplace infrastructure delivered by Continuum includes the support of operations in a disaster, it can also flex to support peaks in demand and changing work patterns. Continuum moves away from the insurance mentality of planning and investing solely to recover from disasters; instead placing the investment emphasis on end-to-end digital resilience and increased business agility.

Osborne concludes: “Embracing the relentlessness of technological change is a prerequisite for businesses wishing to grow. Yet in doing so they also introduce new risks, new competitors and heightened customer expectations.

They have to be connected and protected. They have to be always on. And they have to have an agile workforce. But, more than ever today, they have to ensure that all of their inter-dependent digital components are seamlessly joined up, available and when necessary, recoverable.

In short, whether triggered by disaster or not, when one component stops working, the others kick-in to support the whole. That is what ‘Continuum’ is all about.

Daisy are Platinum Sponsors of the BCI World Conference where you can visit them on Stand 47 to find out more about ‘Continuum from Daisy’. The BCI World Conference and Exhibition takes place on the 8th and at the Novotel London West Hotel. The largest business continuity conference and exhibition in the UK, BCI World has a packed programme as well as an exhibition hall promoting all the BC products and services you need.

The Business Continuity Institute - Nov 08, 2016 00:01 GMT

Ineffective management of supply chains is leaving organizations open to severe disruptions and the high financial costs incurred as a result

CAVERSHAM, UK – One in three organizations has experienced cumulative losses of over €1 million during the last year as a result of supply chain disruptions. That is according to a report published today by the Business Continuity Institute and supported by Zurich Insurance Group.

The report showed that, despite a decrease in the percentage of organizations that experienced at least one disruption (70% from 74%), those organizations suffered more of them, with the percentage of organizations that experienced at least eleven disruptions during the year increasing from 7% to 22%.

The increased cost of disruption could be attributed to significant increases in the loss of productivity (68% up from 58% in 2015), cost of working (53% up from 39%) and damage to brand or reputation (38% up from 27%), all as a result of supply chain disruptions. 43% of organizations do not insure these losses meaning that they are bearing the full brunt of the cost themselves.

Arguably one of the reasons for the increase in the number of disruptions for many organizations is that fewer of them are maintaining adequate visibility over their supply chain, with the percentage of organizations that do so decreasing from 72% in 2015 to 66% this year. This could have major consequences when it comes to managing the supply chain and ensuring that disruptions are minimised.

The report concludes that ensuring supply chain visibility remains one of the biggest challenges to organizations with the data showing increased dependencies between suppliers and downstream organizations, reinforcing the need for organizations to understand their supply chain in more depth, identify key suppliers and improve reporting of disruptions.

The report also highlights that top management commitment is required in driving supply chain resilience and performance. The findings affirm how leadership input can significantly influence good practice and help build an appropriate organizational culture and structure.

Other findings of the report include:

  • 41% of disruptions occur with the immediate supplier, compared to 50% last year, however 40% of respondents report that they do not analyse the source of disruption.
  • The percentage of organizations reporting losses in excess of €1 million from a single incident remains static at 9%.
  • Unplanned IT and telecommunications outage remains the top cause of disruption with loss of talent/skills moving up to 2nd place from 6th in 2015. The remaining members of the top five causes of disruption were outsourcer failure, transport network disruption and cyber-attack/data breach.
  • The top five consequences of disruption are loss of productivity, increased cost of working, customer complaints received, service outcome impaired and damage to reputation/brand.
  • Only a little over a quarter of respondents (27%) report high top management commitment to supply chain resilience, a worrying decrease from 33% last year.
  • Just under three quarters of respondents (73%) report having business continuity arrangements in place to deal with supply chain disruptions.

Patrick Alcantara DBCI, Senior Research Associate at the BCI and author of the report, commented: “Our study reinforces observations about the growing cost of supply chain disruptions and its negative impact on an organization’s reputation. More than ever, it is important to focus on supply chains, identify areas of risk, and deploy appropriate arrangements which increase resilience. Business continuity has an essential role to play in this. Our research abundantly shows how business continuity professionals, working with their supply chain counterparts, can build supply chain resilience and direct management efforts in this area.

Nick Wildgoose, Global Supply Chain Product Leader at Zurich Insurance Group, commented: “Adequate supply chain resilience is a prerequisite for improving organisational performance. You need senior management support to achieve this, in terms of breaking down the organisational silos and providing appropriate resources. The businesses that invested in this area have recognised there is a compelling business case to do this and are seeing the benefits.

For the last eight years, the BCI Supply Chain Resilience Report in partnership with Zurich Insurance Group has provided valuable insight into supply chain disruption and benchmarked the business continuity arrangements of organizations in this area. It has also demonstrated how specific key behaviours reinforce good practice and build an organizational culture contributing to supply chain resilience and performance.

Download a copy of the Supply Chain Resilience Report by clicking here.

About the Business Continuity Institute

Founded in 1994 with the aim of promoting a more resilient world, the Business Continuity Institute (BCI) has established itself as the world’s leading Institute for business continuity and resilience. The BCI has become the membership and certifying organization of choice for business continuity and resilience professionals globally with over 8,000 members in more than 100 countries, working in an estimated 3,000 organizations in the private, public and third sectors.

The vast experience of the Institute’s broad membership and partner network is built into its world class education, continuing professional development and networking activities. Every year, more than 1,500 people choose BCI training, with options ranging from short awareness raising tools to a full academic qualification, available online and in a classroom. The Institute stands for excellence in the resilience profession and its globally recognised Certified grades provide assurance of technical and professional competency. The BCI offers a wide range of resources for professionals seeking to raise their organization’s level of resilience, and its extensive thought leadership and research programme helps drive the industry forward. With approximately 120 Partners worldwide, the BCI Partnership offers organizations the opportunity to work with the BCI in promoting best practice in business continuity and resilience.

The BCI welcomes everyone with an interest in building resilient organizations from newcomers, experienced professionals and organizations. Further information about the BCI is available at www.thebci.org.

About Zurich Insurance Group

Zurich Insurance Group (Zurich) is a leading multi-line insurer that serves its customers in global and local markets. With around 55,000 employees, it provides a wide range of general insurance and life insurance products and services. Zurich’s customers include individuals, small businesses, and mid-sized and large companies, including multinational corporations, in more than 170 countries. The Group is headquartered in Zurich, Switzerland, where it was founded in 1872. The holding company, Zurich Insurance Group Ltd (ZURN), is listed on the SIX Swiss Exchange and has a level I American Depositary Receipt (ZURVY) program, which is traded over-the-counter on OTCQX. Further information about Zurich is available at www.zurich.com.

Tuesday, 08 November 2016 00:00

Office 365, at Warp Speed

Beam me up Scotty, the Internet is so slow on this insurgent planet I can barely make any headway on this SharePoint presentation that I am collaborating on with my crew. That crazy transporter, and those crazy little flip communicators. I was always filled with wonder watching the Star Trek crew materialize out of thin air. One second about ready to get pummeled by some wild interplanetary beast, then the next second transported back on the starship with Captain Kirk making a beeline to the cocktail lounge and understandably so, having your molecules optimized like that must have been a tad uncomfortable.

Although the transporter is something that has not made it mainstream, those little flip communicators are now part of our everyday lives. There were plenty of intermittent problems with those communicators over the course of the show however. Transport to 2016, the reality of our current world is that we transport data (and lots of it) over our own galaxy, also known as the internet and just like the problems with those communicators, we have plenty of issues transporting voice and data communications over distances.



Bullish IT decision makers are migrating their data to the cloud in record numbers. But in their enthusiasm, are they also underestimating the magnitude of the challenges that lurk over the horizon?

Until now, any such concern hasn’t slowed down the momentum of cloud adoption. Lingering holdouts are moving off the sidelines in droves to engineer the cloud-based digital transformation of their operations. Nowadays the argument that the cloud should be an essential part of an enterprise’s business model isn’t controversial; it’s the conventional wisdom.

But at the same time, many companies still struggle to prepare for a range of potential obstacles they will need to hurdle when it comes to building digital organizations. For example, when Gartner surveyed IT professionals in 30 nations, it found that most IT departments remain unprepared for sundry digital business challenges.



As recent as last week, the California DMV suffered a 17 hour power outage which shut down business for two days across most sites. Many companies are unprepared for business disruptions caused by power outages, and are often unaware of the true costs and impact on their operations.

For added business continuity safeguards, take advantage of disaster recovery workspace and multi-data center platforms to ensure complete nationwide redundancy of IT systems.



(TNS) — As the one-month anniversary of Hurricane Matthew's brush with Volusia and Flagler counties approaches on Monday, more than $18 million in assistance has been provided to residents and businesses through two federal programs.

Local and federal agencies are reminding businesses, non-profits and local governments that a variety of assistance is available, but at least one application deadline is quickly approaching.

So far, FEMA has provided more than $11 million to Florida homeowners and renters who have registered for help after Hurricane Matthew.



Three years after Target missed alerts warning them about a massive data breach, the amount of threat information coming in from security systems is still overwhelming for many companies, according to new reports, due to a lack of expertise and integration issues.

Seventy percent of security pros said that their companies have problems taking actions based on threat intelligence because there is too much of it, or it is too complex, according to a report by Ponemon Research released on Monday. In particular, 69 percent said that their companies lacked staff expertise. As a result, only 46 percent said that incident responders used threat data when deciding how to respond to threats, and only 27 percent said that they were effective in using the data.

"There's too much data to really make sense of if you have a limited resource staff of security operations center analysts or threat analysts," said Travis Farral, director of security strategy at Anomali, which sponsored the report. "It can be overwhelming to sit and figure out which of these 100,000 things to look at first."

It takes a special kind of person to be able to do this, he added.



Monday, 07 November 2016 00:00

Cookbook for Successful Cloud Adoption

There is a fundamental change in thinking that's needed if you want to succesfully adopt the cloud. What is it and how do you make it happen? Let's find out...

In my last blog, I talked about cloud being the forcing function to break down silos in IT. It’s an aspiration for any organization—and I speak from experience. To reiterate, cloud agility and cloud workflow will leave you in the dust if you are not ready. The business units have the ability to completely circumvent traditional IT when it comes to adopting cloud workflows. So, it’s keep up or die. The good news is that technology and ease of use in the form of SD-WAN is finally here. The days of banging away on keyboards to make the change are gone.



By Jeff Ton, EVP of Product & Service Development at Bluelock

Ton JeffOver the past few years, the cloud computing marketplace has grown exponentially. Spending on cloud services has increased and the industry has grown more than traditional IT, and it only continues to move in that direction.

While many cloud computing organizations see these rising industry trends as a positive outlook for the future of their business, at Bluelock, we realized that such fast growth in the market was going to create some major challenges for us in the future — good challenges that we were excited about, but obstacles to overcome, nonetheless.

Bluelock began to evaluate the playing field and came to the conclusion that, in order to continue our growth as intended, we needed to carve out a niche for ourselves and hone our expertise in a smaller segment of the marketplace. While competition in an industry often means you're doing something right, setting yourself apart from competition is key when it comes to major growth and establishing industry authority.

To establish our niche, we didn't simply sit down one day and announce, "From this point forward, Bluelock's niche is fill-in-the-blank." Instead, we took a look at our clients, to whom we were providing quality IT service, and asked ourselves, "Where are we offering up the most value? What problem are we solving for them that they can't find anywhere else?"

The importance of finding a niche in the market came to light for the Bluelock team while I was actually still in leadership at Goodwill Industries of Central Indiana. Like any business in today's day and age, Goodwill had been needing a backup and disaster recovery solution for our data. As a nonprofit company with a tight budget and a small IT staff, we had been spending a lot of money on a service that required several of our key administrators to be frequently off-site for testing, patches or updates to our recovery systems.

While our first year and initial tests with a traditional DR plan had been successful, the next year, we experienced changes in personnel which added two additional months of preparation for recovery tests. The year after that, the same thing occurred, leaving our Goodwill team straddled between two different working environments and unable to work on other strategic initiatives that were key to the business's growth.

When Goodwill came to Bluelock, the Bluelock team was able to provide us with Disaster-Recovery-as-a-Service (DRaaS) that could be administered by an IT professional, was compatible with VMware environments and allowed for scalable automated performance. By switching from a physical DR solution to a DRaaS solution with Bluelock, we saved $25,000 — a significant sum when you're in the nonprofit sector.

Through working with clients like Goodwill and many others, the Bluelock team learned that their unique selling point was also their niche — affordable DRaaS services that help free up IT teams to do the work that truly matters. Since my transition from my role at Goodwill to my current role at Bluelock, I've truly seen a continued emphasis on surveying clients and honing in on their greatest impacting solutions. Through this focused attention, we've established our niche in a market where differentiation is the key to survival.

If you're considering shifting your organization into more of a niche-driven business, there are a few questions you should ask yourself:

Is there an element of our business that customers and clients gravitate towards?
Think about your different product or service offerings. If there's one that clients and customers buy or request more often than the others, that's a good place to start. Unfortunately, your most popular product or service is not always the product or service you want to spend your time working on. Try not to let any personal bias get in the way of the hard numbers and facts when it comes to deciphering your niche.

Is your most popular product or service also your most expensive?
If so, it may make focusing on that particular niche easier. However, you need to look at the competition. Is your offering at a price point that is equivalent to your competitors? If not, you need to understand why. Can you articulate clearly the value difference between your product and the others in the market? Is it a market being commoditized? If so, you may need to consider offering a more commoditized version in addition to your premium version.

Even if the product or service is not among your most expensive, you will need to address the competition question and the market questions. If the market for the product or service truly is becoming commoditized, you have to ask if you can still be profitable in that segment as you scale. In the end, you have to answer "do I want to be the Walmart or Nordstroms in this space", both successful, but entirely different markets.

Does your niche align with the overall vision, goals and values of your organization?
Carving out our niche in DRaaS made sense for us at Bluelock for many reasons, but one of the main reasons was because it fully aligned with where we were headed and wanted to go as a company. Keep your long-term vision in mind when selecting a niche and unless you've done heavy research and planning, don't select a niche out of left field.

Once you've landed on your niche, or at least what you think your niche might be, test it. By focusing on a smaller segment of the market, you might open the flood gates to more business, or you might find that business is drying up and it's time to pivot once again. Either way, focus on providing as much value as possible to your clients and customers and you'll set yourself apart in a saturated market.

I’d like to imagine that one day my grandkids will be reading about artificial intelligence (AI) in their digital history books or via cranial implants or whatever the equivalent is in the future. Just few chapters after Newton’s apple or Apollo 13, they’d scour details about the early days of AI. Future generations will likely look back at early AI efforts with a wiser, aged perspective. Because, and let’s not lie: making AI commonplace will take a lot of work. And nobody will feel this pressure more than IT’s back-end folks.

First, consider the scale of this new era, which, by the way, is upon us now. Gartner has ranked AI among 2017’s top strategic trends. In everything from self-driving cars to virtual assistants, AI will have an increasingly important role. But it’s not only consumers who will be affected. Gartner also believes 50% of all analytics in 3-5 years will be AI-powered. Any decision that requires business intelligence can benefit—that’s certainly plenty of enterprise use cases! Just look at customer service, where businesses can use natural language processing to facilitate better interactions, and also analyze user patterns to create better customer profiles. There’s also talk of enterprise resource planning (ERPs) solutions, the most legacy of applications, being revolutionized and rendered more efficient. And while I believe near-term AI efforts will focus on “augmentation” rather than pure “replacement” of business decisions, it’s critical for businesses to look beyond just the near-term.



When hackers breached the networks of Kansas Heart Hospital in Wichita last May, locked data files and demanded payment for decryption keys, hospital administrators decided it most expedient to just buy some Bitcoin, pay the modest ransom and get the facility back to work.

But after paying off the perpetrators of the May 18 ransomware attack, the criminals released only part of the records, then demanded more money for the rest.



Product recalls can go one of two ways. In the first, worst-case scenario, a product is determined to be dangerous or defective; its manufacturer ignores or reacts sluggishly to the issue; people are unnecessarily put at risk; and consumer trust is irreparably damaged. In the best-case alternative, meanwhile, the manufacturer assumes responsibility; takes quick action; and minimizes harm to both consumers and its reputation alike.  What one thing can ensure that your company ends up in the latter category, not the former? A product recall communication plan.

Product Recalls on the Rise

While product recall problems are not exactly new, they’re rising in number. So why don’t companies have plans in place to deal with them when they arise? As a Harvard Business Review article on recall management pointed out more than a decade ago, “In the frenzy of a product launch, the last thing most managers think about is how to get a new product back if something goes wrong.”

Unfortunately, things can and do go wrong—to the tune of 6.5 recalls a day in this country, according to USA Today.  And when they go wrong in our digital, social era, they do so in a far more catastrophic way than they did 50 or 20 or even 10 years ago.



The Business Continuity Institute - Nov 04, 2016 15:41 GMT

When it comes to assessing an organization’s ability to recover from a disaster, a significant disconnect exists between C-Suite executives and IT professionals. While nearly 7 in 10 CEOs, CFOs or COOs feel their organization is very prepared to recover from a disaster, according to a study by Evolve IP, less than half of IT pros (44.5%) are as confident.

The Disaster Recovery and Business Continuity Survey found that DR compliance was a clear driver of confidence in the ability to recover IT and related assets in the event of an incident. In fact, 67% of respondents in banking, 58% in the government sector and 55% at technology companies feel very prepared. Of these, DR compliance was noted as a requirement by 97%, 73.5% and 71% respectively. The healthcare industry remains an outlier however: despite a high percentage of respondents noting DR compliance requirements (89%), just over half of respondents at healthcare organizations feel very prepared to recovery from an outage or incident.

The report also highlights that organizations need to expect the inevitable as approximately one third (33%) of companies reported having suffered from at least one incident or outage that required disaster recovery. Hardware failure / server room issues remain the leading cause of an outage, reported by 48% of respondents.

Deliberate attacks being the cause of an incident or outage were cited twice as often compared to the 2014 survey. This year, 13% of respondents noted attacks as the cause of an outage, up from 6.5%, while other top causes include power outages (28%), environmental disasters (25.5%) and human error (19%).

It is perhaps the reality of the threat, as experienced by the IT professionals, that have consistently placed cyber attack, data breach and IT/telecoms outage as the top three concerns for business continuity professionals according to the Business Continuity Institute's Horizon Scan Report.

In the years Evolve IP has conducted the survey, we’re assured by the fact that companies are becoming increasingly aware of the need to protect critical business assets from a major outage: malicious or unintentional, human error, hardware failure or a natural disaster,” said Scott Kinka, Chief Technology Officer and Founding Partner of Evolve IP. “More companies are avoiding risky backup policies considered “good enough” in years past, using backup tape or replicating data to a secondary mirror site less than 50 miles from their main data center, for instance. Instead, we’ve seen notable growth in the number of companies developing a disaster recovery plan and educating themselves to the benefits of new DR approaches like DRaaS.

By Liz Bardetti

Extensive preparations were made in the wake of Hurricane Matthew, and many victims are still suffering from this natural disaster. The storm was labeled a Category 3 hurricane, meaning winds reached nearly 130 mph, causing significant damage. Hurricane Matthew took the lives of 500 people in Haiti, and at least 22 known victims in the U.S. There is still substantial flooding throughout Florida, Georgia and both Carolinas, with thousands of people still without power.

The nation watched the disaster of Hurricane Matthew unfold, and many people are trying to find ways to help the victims. As an employer, you have the ability to bring your employees together and help support the victims in need. The main steps to remember when trying to find ways your team can give back to Hurricane Matthew victims are to realize money is the best donation for this circumstance, do your research and keep on giving.

Give Cash via a Payroll Deduction Campaign (and match it!)
It’s important for people to note that they should resist the urge to go to the disaster site. It’s dangerous to go into the aftermath, and people rushing to the site can cause problems. If everyone decides to go to the disaster site it will cause traffic, also noting that gasoline supplies in the area are already hindered.

Instead of immediately offering physical volunteer help (which will be needed at a later time, after everything has cleared), encourage your team to offer monetary donations. Food, clothing and supplies are all generous donations, however, volunteers will have to divert their attention to sort through supplies. Monetary donations are flexible and available for use immediately upon the disaster. A small contribution from everyone on your team can make a big difference to someone who has lost their home or is suffering from medical issues. As an employer, you can double or even triple the contributions using our corporate philanthropy software.

For example, the Bristol-Myers Squibb Foundation partnered with organizations to provide relief and support to the impacted communities using corporate philanthropy software. The Foundation is using their employee giving program to match gifts made to disaster relief programs in aid of Hurricane Matthew victims. See how these internal portal pages align employees with their employers to make a bigger impact.

Do your research
The shared value your employees can create with your leadership needs to be properly accounted for and go to an organization that is really helping.  Following Hurricane Sandy, many donations were sent to disaster relief scams. You can contact the Better Business Bureau, or simply head to their website, and determine if an organization is legitimate. Below is a list of some credible organizations already assisting with the Hurricane Matthew efforts:

There are many other credible organizations out there, and to make the process easier many employers are turning to corporate philanthropy software. To make the most of your team’s giving resources, it’s easiest to have a platform in which team members can contribute uniformly.

For instance, the Anthem Cares Fund has teamed up with the American Red Cross in response to this time of need. Anthem associates have been donating through the Associate Giving Program that CyberGrants offers, and donations are 100% matched!

CyberGrants offers a user-friendly platform in which team members can donate specifically for Disaster Relief. Your team can donate to Hurricane Matthew efforts within minutes. CyberGrants also offers real-time giving to your team, so you can each submit monetary gifts via PayPal and give money straight to an organization’s bank account!

Keep on giving ... and giving ... and giving!

Hurricane season started in May, and continues through November. This year is expected to be one of the most active hurricane seasons due to warmer sea surface temperatures around the world. As there may be more hurricanes for the Caribbean and Southeastern United States ahead, your team can help make an impact by continuing to give.

CSR Software can be helpful when trying to improve team contribution. CyberGrants offers a mobile optimized platform, which can be personalized and improves employee participation. Features include Matching Gifts, Payroll Campaign (can pull “selected amount” from paycheck on a recurring basis, or can be a one time deal), and even searching events that your team could participate in once the disaster of Hurricane Matthew has cleared.

Hurricane Matthew has taken a great toll on the Southeastern United States and the caribbean, and it’s important for these victims to receive the assistance they need. It’s necessary that before you jump right into something that you may not intend, its best to remember: give cash, do your research, and keep on helping.

About Liz Bardetti:
Seasoned advertising and marketing professional with 15+ years experience, including work for Gatorade, Welch’s and most recently, CyberGrants. CyberGrants is the preferred CSR software provider to the best philanthropic corporations around the globe. Our clients represent over 50% of the Fortune 100 and nearly one-third of all corporate giving. In the last twelve months alone, CyberGrants helped 250 customers give $6.5 billion plus more than 50 million volunteer hours to over 400,000 non-profit organizations.

Thursday, 03 November 2016 00:00

Rethinking Security – Never Assume

I’ve been thinking back on my conversation with a cybersecurity pro named Stuart that I covered earlier in “The Frightening State of Unseen Security Breaches,” and his approach to not just protect the file and email servers but wrap everything with monitoring. The one thing that I’ve seen kill companies over and over again -- the thing he was addressing -- is the assumption that everything you aren’t looking at is OK. It actually cost me a job once.

We can actually see assumptions working against the presidential candidates as I write this. Someone in Hillary Clinton’s camp evidently thought a way around a disclosure demand was to use their husband’s computer, and Donald Trump seems to assume that what is said “off the record” is off the record. Had either of these assumptions not been made, the race for the White House would be very different at the moment.

What made Stuart’s approach with Varonis unique is that he wasn’t assuming anything; he created a solution that was comprehensive enough that he never has to. And I think there is an important lesson here that I’ve learned a number of times.



Data is the lifeblood of business. So a slow data transfer rate makes it harder to analyze, back-up, and restore data. Many organizations have to battle data latency on a daily basis, hampering their ability to deliver new digital products and services, be profitable, handle customer relationships, and retain operational efficiency. Data latency is a serious business issue that needs to be addressed. In contrast, network latency is a technical issue; but they both correlate with each other.



What does it take to keep your clients' information and infrastructure safe today? Part of the answer involves understanding "dumb" cybersecurity threats, meaning those that don't rely on sophisticated hacks to steal data or take control of devices.

In the popular imagination, the malicious hackers who wreak havoc on computer networks and data are unshaven geniuses. They invent brilliant, sophisticated solutions for defeating the mechanisms that are supposed to keep information safe.



The man in question is Nassim N. Taleb. He coined the term “black swan” in risk management to describe events that are unforeseeable, even highly unlikely, yet that happen and in doing so change the course of history.

World War One was such a Black Swan; so was the arrival of the Internet. Now, Nassim Taleb may not have looked at the specific case of IT risk management, but observations he made with his colleagues Daniel Goldstein and Mark Spitznagel carry over well from the general to the particular.



Thursday, 03 November 2016 00:00

An Urgent Need – Deep Learning In The C-Suite

A character in Ernest Hemingway’s novel The Sun Also Rises is asked “how did you go bankrupt?”, he replied, “gradually and then suddenly”. Just the same, many C-Level executives become irrelevant in the age of smart machines “gradually and then suddenly”.  The pace of technology advancement, propelled by boundless low cost computing and storage resources, is accelerating at a velocity that far surpasses previous decades. This rapid advancement in technology is instigating change across many, if not all, corporate functions, from sales to operations. Smart machines are progressing from early stage infancy to adolescence, promising to take the place of not only the labor force population that performs routine jobs, but also knowledge workers – a segment of the workforce that has historically been immune from such disruption.

The potential benefits of technology acceleration are now becoming evident in our everyday lives. We need to look no further than our highways and financial institutions. Uber just completed its first self-driving truck shipment that included 50,000 cans of Budweiser. Bank of America just announced their introduction of an artificial intelligence-based chatbot named Erica, that has both cognitive and predictive analytics capabilities to help customers pay debt, check balances and save money.

A responsible C-Suite leader has an obligation to understand the bearings the smart machine era will likely pose to their business and workforce.  Ignoring or avoiding the tidal wave of change may very well be the ultimate career limiting move (CLM). Thus, C-Level executives should undergo deep learning. In general, a machine’s deep learning approach mimics how humans learn: First, by ingesting general concepts and then by using experiences (data), cultural surroundings and training to build knowledge and insight over time. Through employing some of the principles used in deep learning, the modern executive can remain relevant and ultimately, gainfully employed in the smart machine age.



Thursday, 03 November 2016 00:00

The Data Center in the IoT Era

The Internet of Things is poised to make major changes to enterprise infrastructure, not only to deal with staggering volumes of information but to foster the dynamic connectivity to, from and between legions of digital devices.

While much of the load will be handled by dedicated analytics engines and so-called “data lakes,” the impact will be felt on the traditional data center as well, given that the insights gleaned from all this information must be incorporated into ongoing digital processes.

So exactly how will the data center need to evolve in the IoT era?



COLUMBIA, S.C. (Saturday, Oct. 29) — Following initial application review by the Federal Emergency Management Agency (FEMA), South Carolina survivors who have applied for disaster assistance will receive a “letter of eligibility.” Applicants may be told they are eligible for disaster assistance or that they have been determined ineligible.

If you are eligible, the letter explains the amount of your grant and how it is to be used. If the letter says you are ineligible, the grant amount reads “0”, but in many cases that is not the last word.

FEMA officials in South Carolina report that the most common reasons for denial of assistance in Hurricane Matthew are:

  • Insufficient storm-related damage to affect the habitability of the damaged home. FEMA will provide assistance to assure your home is habitable – that it is safe, functional and sanitary.
  • Survivors have chosen to remain in their damaged homes while repairs are being made. In these cases they may be eligible to receive assistance for repairs, but are ineligible for housing assistance.
  • Duplication of applications. Two people (husband and wife, for example) have applied for assistance for the same damaged home. Only one application per household is allowed.

A letter may indicate your application is missing information such as verification of occupancy or proof that the damaged property was your primary residence at the time of the Hurricane Matthew storms and flooding that began Oct. 4, 2016.

If you are instructed, you can simply submit missing documentation to FEMA online, by mail or fax, or by visiting a Disaster Recovery Center (DRC). You can find the location of the nearest DRC by visiting  DisasterAssistance.gov .

Applicants who do not receive a letter or who have questions about their determination of denial should call the FEMA Helpline at 800-621-3362 for an explanation, or visit their FEMA account at DisasterAssistance.gov.

A copy of “Help After a Disaster” will be included with your letter of determination. The booklet explains additional assistance that may be available to survivors and answers questions about filing an appeal.

Any applicant that has been denied assistance may file an appeal. Call the FEMA Helpline at 800-621-3362 or visit a DRC for more information about the appeal process. You can submit your appeal and the required documentation online at DisasterAssistance.gov.

In South Carolina, the “One SC Fund” supports and directs funds to nonprofit organizations providing disaster relief & recovery assistance. For more information, visit  yourfoundation.org/community-impact/one-sc-fund-sc-flood-relief/. Survivors in the state who need food, clothing, and shelter are urged to call 2-1-1, and for storm clean up to call 800-451- 1954.

For more information, visit the South Carolina Emergency Management Division at  scemd.org/recovery-section/ia .

All FEMA disaster assistance will be provided without discrimination on the grounds of race, color, sex (including sexual harassment), religion, national origin, age, disability, limited English proficiency, economic status, or retaliation. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-FEMA (3362). If you have a speech disability or hearing loss and use a TTY, call 800-462-7585 directly; if you use 711 or Video Relay Service (VRS), call 800-621-3362.

You can  receive weather alerts, safety tips and learn about disaster resources by downloading the free FEMA App, available for Apple, Android, and Blackberry mobile devices. Visit  fema.gov/mobile-app  for more information.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. Follow us on Twitter at  https://twitter.com/femaregion4 and the FEMA Blog at http://blog.fema.gov.

The SBA is the federal government’s primary source of money for the long-term rebuilding of disaster-damaged private property. SBA helps businesses of all sizes, private non-profit organizations, homeowners and renters fund repairs or rebuilding efforts and cover the cost of replacing lost or disaster-damaged personal property. These disaster loans cover losses not fully compensated by insurance or other recoveries and do not duplicate benefits of other agencies or organizations. For more information, applicants may contact SBA’s Disaster Assistance Customer Service Center by calling 800-659-2955, emailing disastercustomerservice@sba.gov, or visiting SBA’s website at www.sba.gov/disaster. Deaf and hard-of-hearing individuals may call 800-877-8339.

Thursday, 03 November 2016 00:00

FEMA: By the Numbers

COLUMBIA, S.C. (Thursday, Oct. 27) – In the three weeks since Hurricane Matthew struck South Carolina spawning damaging storms and floods, the Federal Emergency Management Agency (FEMA) and U.S. Small Business Administration have approved more than $21.8 million in disaster assistance grants, loans and flood insurance payments.

As of the close of business Oct. 26, FEMA had approved $15.2 million through its Individuals and Households Program, and nearly $5 million in National Flood Insurance Program payments.

Additionally, the U.S. Small Business Administration has approved 42 low-interest disaster loans for


Survivors have until Dec. 13, 2016 to complete the FEMA application process. The State of South Carolina and FEMA encourage anyone with housing needs caused by the devastating storms and floods of Hurricane Matthew to register for disaster assistance.

  • Visit DisasterAssistance.gov.
  • Call toll-free 800-621-3362 (voice, 711 or video relay services) or 800-462-7585 (TTY). Lines are open daily until further notice.
  • Visit a Disaster Recovery Center (DRC) for help. Eight DRCs are operating in Orangeburg (2), Marion (2), Williamsburg, Dorchester, Horry and Florence counties. Representatives from FEMA, SBA and various state agencies are on hand to answer questions.

All FEMA disaster assistance will be provided without discrimination on the grounds of race, color, sex (including sexual harassment), religion, national origin, age, disability, limited English proficiency, economic status, or retaliation. If you believe your civil rights are being violated, call 800-621-3362 or 800-462-7585(TTY/TDD).

You can  receive weather alerts, safety tips and learn about disaster resources by downloading the free FEMA App, available for Apple, Android, and Blackberry mobile devices. Visit fema.gov/mobile-app for more information.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. Follow us on Twitter at https://twitter.com/femaregion4 and the FEMA Blog at http://blog.fema.gov.

The SBA is the federal government’s primary source of money for the long-term rebuilding of disaster- damaged private property. SBA helps businesses of all sizes, private non-profit organizations, homeowners and renters fund repairs or rebuilding efforts and cover the cost of replacing lost or disaster-damaged personal property. These disaster loans cover losses not fully compensated by insurance or other recoveries and do not duplicate benefits of other agencies or organizations. For more information, applicants may contact SBA’s Disaster Assistance Customer Service Center by calling 800-659-2955, emailing disastercustomerservice@sba.gov, or visiting SBA’s website at  www.sba.gov/disaster. Deaf and hard-of-hearing individuals may call 800-877-8339.

According to the results of a recent survey of 1,072 security industry professionals, 73 percent of respondents admit they aren't using threat data effectively to pinpoint cyber threats.

The top reasons for that lack of effectiveness include lack of staff expertise (69 percent of respondents), lack of ownership (58 percent), and lack of suitable technologies (52 percent).

The survey, sponsored by Anomali and conducted by the Ponemon Institute, also found that just 46 percent of respondents are using threat data at all in deciding how to respond to malicious activity.



(TNS) - On a March evening in 1933, the Newport-Inglewood fault ruptured violently along the Huntington Beach coast. The quake brought down scores of buildings from Santa Ana to Compton, with Long Beach hit particularly hard.

The Long Beach quake, the deadliest in Southern California history, focused attention like never before on the seismic dangers the region faces.

But a new study suggests that the quake may have been caused by another factor: Deep drilling in an oil field in Huntington Beach.



Wednesday, 02 November 2016 00:00

High Density Compute is Here; Are You Keeping Up?

The connected lifestyle is here, and whether you are reaching consumer or business users, the growth in the use of devices and data is staggering.  In the U.S., the number of devices and connections is expected to grow from 7.3 per person in 2015 to over 12 per person in 2020. Video continues to grow according to Cisco’s VNI with business internet video growing 4.2 fold between 2015 and 2020 reaching 4.8 exabytes, and consumer video 3.1 fold to reach 29.1 exabytes by 2020.  This will have a big overall impact on the data center as more than 83 percent of all data center traffic will be in the cloud by 2019.

To meet the rapid growth in data usage, high-density data centers will be critical in order to scale to support cloud, big data IT and new data-intensive technologies.  And since data centers are all about power and cooling, high density is how you maximize the usage of both of these.



After you have spent the time needed to develop Business Continuity and Disaster Recovery plans, training and testing are your next steps. Training those who will use the plan, especially secondary resources who may not have participated in its development, is critical to the success of your efforts, as is the validation of the functional capability and accuracy of your plans.

Training for business continuity is used to familiarize people with the plan elements and processes, and to reinforce basic knowledge of the plan. Having a team well versed in the initial steps of the BC/DR plan will help to ensure an effective and early response. Regardless of how you implement training and testing, there are specific elements that must be covered:



SAVANNAH, Ga. – Georgia disaster survivors who suffered damage or loss from Hurricane Matthew and were referred to the U.S. Small Business Administration could lose some income-based FEMA grants if they don’t complete and submit SBA’s loan application.

FEMA’s Other Needs Assistance grants may cover uninsured losses for furniture, appliances and other essential personal property, even vehicles. Survivors will not be considered for this type of assistance unless they complete and return the SBA loan application. The information on the application is used to determine eligibility for income-based assistance.

Disaster survivors in Bryan, Bulloch, Chatham, Effingham, Evans, Glynn, Liberty, Long, McIntosh and Wayne counties are encouraged to register with FEMA and, if referred, complete and submit an SBA loan application, even if they don’t want a loan. The application is used to check eligibility for additional grants.

SBA is the federal government’s primary source of money for the long-term rebuilding of disaster-damaged private property. The SBA offers low-interest disaster loans to businesses, private nonprofit organizations, homeowners and renters.

Survivors should start the loan process as soon as possible, and those who qualify for an SBA loan are under no obligation to accept it.  If approved and the loan is not accepted, the survivor may be ineligible for additional federal assistance.

Submit an SBA loan application even if you are waiting for an insurance settlement. Survivors do not have to wait for an insurance settlement. A survivor’s insurance policy may not cover all the replacement, repair and rebuilding costs. A disaster loan is available to cover the difference.

To repair or help rebuild a primary residence, a homeowner may borrow up to $200,000 from SBA. Homeowners and renters may borrow up to $40,000 from SBA to replace personal property.

Businesses may borrow up to $2 million for any combination of property damage or economic injury. SBA offers low-interest working capital loans (called Economic Injury Disaster Loans)

to small businesses and most private nonprofit organizations of all sizes having difficulty meeting obligations as a result of the disaster.

Damage from Hurricane Matthew must have occurred Oct. 4-15. Survivors can register with

FEMA the following ways:

The filing deadline to return SBA loan applications for physical property damage is Dec. 16. The deadline to return economic injury applications is July 17, 2017.

For more information about SBA loans, call SBA’s disaster assistance customer service center at 800-659-2955, email disastercustomerservice@sba.gov or visit sba.gov/disaster. TTY users can call 800-877-8339.  Applicants may also apply online using the electronic loan application via SBA’s secure website at disasterloan.sba.gov/ela.

Disaster survivors may also visit any disaster recovery center where SBA customer service representatives can answer questions, help complete loan applications and close loans. For the nearest location go to asd.fema.gov/inter/locator/home.htm.

For updates on Georgia’s Hurricane Matthew response and recovery, follow @GeorgiaEMA and @FEMARegion4 on Twitter and visit gemhsa.ga.gov and fema.gov/disaster/4284.

Wednesday, 02 November 2016 00:00

The Frightening State of Unseen Security Breaches

I get a semi-regular update from Varonis on what it’s seeing in accounts, and this last briefing was particularly frightening. So much so that I asked to speak to one of the firm’s customers, which had uniquely moved its implementation of Varonis’ tool, from IT management and compliance and email and file servers, to every server the company had in order to assure compliance and catch breaches that other firms were missing.

What I think is particularly concerning is that breaches are now being identified that most companies aren’t even aware are happening. This suggests that a lot of you may be on the verge of a Yahoo-level event that may have actually already occurred. And, like Yahoo, once that kind of a breach is discovered, the whole “ignorance is bliss” thing that most firms seem to be operating on will be proven false.

Let’s talk about some of the discoveries.



Wednesday, 02 November 2016 00:00

CDC: Tips on Cleaning Mold After a Flood


moldReturning to your home after a flood is a big part of getting your life back to normal. But you may be facing a new challenge: mold. What can you do to get rid of it?  How do you get the mold out of your home and stay safe at the same time? CDC has investigated floods, mold, and cleanup, and offers practical tips for homeowners and others on how to safely and efficiently remove mold from the home.

In 2005, thousands of people along the Gulf Coast were faced with cleaning up mold from their homes after Hurricanes Katrina and Rita. One of our first concerns was to let homeowners and others know how they could clean up mold safely. After Hurricane Sandy in 2012, we teamed up with other federal agencies to provide practical advice on mold cleanup. This guidance outlines what to do before and after going into a moldy building, how to decide if you can do the cleanup yourself or need to hire someone, and how you can do the cleanup safely.

Prepare to Clean Up

It isn’t necessary to identify the type of mold in your home, and CDC doesn’t recommend routine sampling for mold. If you are susceptible to mold, there may be a health risk; therefore, no matter what type of mold is present, it needs to be removed.

Before you start any cleanup work, call your insurance company and take pictures of the home and your belongings. Throw away, or at least move outside, anything that was wet with flood water and can’t be cleaned and dried completely within 24 to 48 hours. Remember – drying your home and removing water-damaged items is the most important step to prevent mold damage.mold_infographicv3

Protect Yourself

We offer specific recommendations for different groups of people and different cleanup activities. This guidance educates people about the type of protection (think: gloves, goggles, masks) you need for different parts of your mold cleanup. It also identifies groups of people who should and should not be doing cleanup activities.

Be Careful  With Bleach

Many people use bleach to clean up mold. If you decide to use bleach, use it safely by wearing gloves, a mask, and goggles to protect yourself. Remember these four tips to stay safe:

  • NEVER mix bleach with ammonia or any other cleaning product.
  • ALWAYS open windows and doors when using bleach, to let fumes escape.
  • NEVER use bleach straight from the bottle to clean surfaces. Use no more than 1 cup of bleach per 1 gallon of water when you’re cleaning up mold. If you are using stronger, professional strength bleach use less than 1 cup of bleach per gallon of water.
  • ALWAYS protect your mouth, nose, skin, and eyes against both mold and bleach with an N-95 mask, gloves, and goggles. You can buy an N-95 mask at home improvement and hardware stores.

You can take steps to keep yourself and others protected while cleaning up mold after a flood. Make sure to follow CDC’s recommendations so you can return home safely.


Every fall Forrester’s Security & Risk team comes together to make a set of predictions on the issues that will have the greatest impact on our clients in the next year. We don’t make broad, Nostradamus-like predictions like “There will be a breach at a large company in a great city.”  Instead, we go out of our way to make detailed predictions that force us to take strong stances, can easily prove wrong or right and are actionable by security and risk professionals. Before we provide a sneak peek into our 2017 predictions, it’s worth looking back and grading our 2016 predictions. 2016 was a particularly tumultuous year for cybersecurity. News agencies kept themselves busy as companies and public figures struggled with breaches, companies experienced embarrassing downtime and individuals felt their privacy rights slip away. The result? Cybersecurity has now vaulted from the boardroom to the Senate floor and to the Presidential debate stage. So how'd we do?



Wednesday, 02 November 2016 00:00

BCI: The necessity of organizational buy-in

The Business Continuity Institute - Nov 02, 2016 09:37 GMT

In preparing to enter the business continuity industry, I could foresee that technological advances and organizational buy-in were going to be the greatest challenges for business continuity professionals. I interviewed at dozens of organizations across the United States before accepting a Business Continuity and Information Security position at one of the leading financial institutions.

I still firmly believe that organizational buy-in is paramount to a business continuity programme’s success. Lacking robust continuity plans will cause an organization to have difficulty recovering from an incident - if they can recover at all. By investing in business continuity professionals and programmes, an organization is providing the opportunity for thorough plans and recovery tactics. I have found that in my division, business continuity is heartily supported by senior management and that is essential to our success.

As a continuity planner, my job entails working with business areas to ensure they are meeting the continuity standards and requirements. Having a capable business continuity programme allows the business areas to understand and comply with the resiliency requirements. The business areas we support hold greater stock in our testing and resiliency requests knowing that senior management is backing our initiatives.

In my capacity working with both Business Continuity and Information Security I maintain that technological advances pose challenges for continuity professionals, though I concede that my views have changed based on my experience. While social media, the cloud, and virtualization are still very prominent challenges for organizations, I believe that automation of processes and appropriate and ethical use of access is of greater concern. Automated processes remove human error, though if systems are down, the business would need this issue resolved within their Recovery Time Objectives. Having manual workarounds in place to guarantee that recovery will be successful is imperative to ensure critical tasks are completed. Ethical and appropriate use of access can result in fines, legal issues, and public embarrassment. Ensuring that users are neither sharing passwords nor over-provisioning their access mitigates these risks.

While organizational buy-in is still a challenge for business continuity professionals, I am fortunate to be working in a division that has recognized the importance of this field, and encourages growth and understanding from its businesses. Our CEO has emphasized the importance of identifying and mitigating risk and as such seeks to limit human error and strictly control access. Interviewing at so many organizations throughout the country allowed me to see the varying emphasis companies place on business continuity programmes. As such, business continuity professionals may still need to fight for their place in an organization, though I hope that companies who are not fully invested in business continuity programmes are able to see the benefits of those who are leading their industries.

Tanya Fischer AMBCI currently holds a position as a Continuity Analyst at a financial institution in Eastern Massachusetts. As a Continuity Analyst, Tanya supports business continuity plans for numerous Business Units throughout North America and EMEA. Still fairly new to the field, she has an optimistic outlook for business continuity professionals! Tanya holds an MSc in Emergency Management with a concentration in Homeland Security from Adelphi University. Tanya was also an original contributor to the Business Continuity Institute's '20 in their 20s' publication.

Tuesday, 01 November 2016 00:00

FEMA: Help for Renters

COLUMBIA, S.C. – With so much attention given to businesses and homeowners, survivors who are renters may think they are not eligible for disaster assistance even though they suffered losses from the storms and floods spawned by Hurricane Matthew. But they are.

Like homeowners, renters must first register with the Federal Emergency Management Agency (FEMA):

  • Go online to DisasterAssistance.gov
  • Call toll-free 800-621-3362 (711, voice or video relay services) or 800-462-7585 (TTY). Lines are open daily from 7 a.m. to 10 p.m. until further notice.
  • Visit one of the nine Disaster Recovery Centers (DRCs) operating in Beaufort, Dorchester, Florence, Horry, Marion, Orangeburg and Williamsburg counties. Find the DRC closest to you at “Quick Links” on DisasterAssistance.gov. Representatives from FEMA, the U.S. Small Business Administration and various state agencies are on hand to answer questions.

Registering with FEMA is the first step toward qualifying for disaster assistance, which may include grants to help renters and homeowners pay for temporary housing, personal property replacements and other serious disaster-related needs not covered by insurance.

After registering with FEMA, renters may also be eligible for low-interest loans from the U.S. Small Business Administration (SBA). SBA offers such loans to businesses of all sizes, private non-profit organizations, and homeowners as well as renters. SBA loans to renters may cover the cost of repairing or replacing lost or disaster-damaged personal property.

For more information on SBA loans, call SBA’s Disaster Assistance Customer Service Center at 800 659-2955 or 800 877-8339 for TTY; email disastercustomerservice@sba.gov or visit  http://www.sba.gov/disaster. Applicants may also apply online at https://disasterloan.sba.gov/ela for the Electronic Loan Application on SBA’s secure website.

All FEMA disaster assistance will be provided without discrimination on the grounds of race, color, sex (including sexual harassment), religion, national origin, age, disability, limited English proficiency, economic status, or retaliation. If you believe your civil rights are being violated, call 800-621-3362 or 800-462-7585(TTY/TDD).

You can  receive weather alerts, safety tips and learn about disaster resources by downloading the free FEMA App, available for Apple, Android, and Blackberry mobile devices. Visit fema.gov/mobile-app for more information.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. Follow us on Twitter at https://twitter.com/femaregion4 and the FEMA Blog at http://blog.fema.gov.

The SBA is the federal government’s primary source of money for the long-term rebuilding of disaster- damaged private property. SBA helps businesses of all sizes, private non-profit organizations, homeowners and renters fund repairs or rebuilding efforts and cover the cost of replacing lost or disaster-damaged personal property. These disaster loans cover losses not fully compensated by insurance or other recoveries and do not duplicate benefits of other agencies or organizations. For more information, applicants may contact SBA’s Disaster Assistance Customer Service Center by calling 800-659-2955, emailing disastercustomerservice@sba.gov, or visiting SBA’s website at   www.sba.gov/disaster. Deaf and hard-of-hearing individuals may call 800-877-8339.

BSI has launched BS ISO 37001, ‘Anti-bribery management systems: requirements with guidance for use’, a standard to aid the prevention and detection of bribery in organizations.

BS ISO 37001 assists organizations with turning the legal requirements of the 2010 UK Bribery Act into practical measures, by providing guidance on how to put the right controls in place. The standard sets out the requirements for an organization or business looking to set up a management system to prevent and detect bribery within an organization – and how to confront bribery should it arise.

Managing the risks posed by bribery is high on the agenda of many organizations globally. BS ISO 37001 covers the many forms of bribery which can damage an organization, including bribery of individual personnel; bribery of the organization by another party; bribery by the organization itself; and indirect bribery from a third party.

The standard provides a system for organizations to use to avoid funds being misappropriated, and safeguards against projects being undermined and not carried out with due diligence. Critically, BS ISO 37001 sets out how to maintain an effective anti-bribery system once it is in place, and reviewing and improving these safeguards periodically.

Anne Hayes, Head of Market Development for Governance and Resilience at BSI, said: “In a 24 hours news cycle, any association with bribery can be fatal for the reputation of an organization. It’s critical for public and private sector organizations to be seen to have a strong system of leadership in place to weed out corruption, root and branch. BS ISO 37001 is a tangible way for organizations of all sizes to demonstrate to their employees, suppliers and the public at large that they are managed with integrity and have the necessary safeguards in place to tackle bribery if it arises.” 

Should an organization fall foul of a bribery scandal by a rogue employee, BS ISO 37001 can be used to demonstrate to clients and contractors that the organization is committed to a comprehensive anti-bribery policy.


According to some sources, only 10% of any business strategy plans are ever effectively implemented.

With IT becoming more closely aligned with business, it seems that statistic might apply to IT strategy too. If this prediction sounds just too gloomy, chin up because there could be a silver lining to the cloud of despondency that is fast settling upon you.

You can increase your chances of getting into that fortunate 10% (those whose strategy plans give results), by avoiding the IT planning mistakes that follow.



The recent hacking of software vendor Continuum sent shockwaves through the managed service provider (MSP) community and raised prickly questions about who’s liable when cyberattackers breach toolsets and gain access to the networks of MSPs and their clients.

In the Continuum attack – revealed to partners in early August and more broadly this month – hackers breached a legacy IP scanner tool, resulting in unauthorized administrative superuser accounts being created inside the networks of an undisclosed number of MSP customers.



To help security and risk professionals navigate the complex landscape of privacy laws around the world, Forrester created a data privacy heat map that highlights the data protection guidelines and practices for 54 different countries. Earlier today, we published the 2016 version to the tool, as well as a free version with access to only the U.K. and U.S. ratings. We have updated the map every year since it’s initial publication in order to keep pace with the constantly-evolving landscape of global data privacy laws.
As we roll out the 2016 update and reflect back on the past 5 years of annual assessments, three high-level trends emerge:
Tuesday, 01 November 2016 00:00

4 Essential IoT Security Best Practices

Securing the Internet of Things is an especially hot topic right now thanks to some bad botnets -- and, of course, some major IoT vulnerabilities.

This month the Mirai botnet waged the world's largest DDoS attack in history against Dyn, a major domain-name server. The attack wreaked havoc across the entire internet, taking down major sites, gaming networks and other online services over the course of three massive waves throughout the day before Dyn was finally able to beat the hackers back.



Tuesday, 01 November 2016 00:00

Cyberattacks a Growing Threat for Healthcare

Because of the high value of medical records and healthcare databases to criminals, they pose ever more attractive targets. In fact, a number of reports have shown that cyberattacks are costing the healthcare industry billions of dollars annually, with a median loss of $150,000 per incident. Cybersecurity risks in healthcare have also drawn attention to the vulnerability of hospitals, clinics and other healthcare providers.

The infographic below, which is part of a series by Advisen and Hiscox, looks at:

  • The frequency of Health Insurance Portability and Accountability Act (HIPAA) violations over the past five years
  • The median loss in healthcare cyberattacks
  • The percentage increase of protected health information (PHI) losses between 2006 and 2011 for printed records, servers, laptops, desktop, website, portable data storage devices, and other sources.



Tuesday, 01 November 2016 00:00

Next Colorado Threat: Erosion, Floods

(TNS) - Firefighters battling the Junkins Fire are getting the upper hand after firing operations have had “a major positive impact on the fire” and work is set to begin on assessing damage to the watershed. According to a Sunday update on the 18,403 acre fire, “The elimination of fuels close to the fire lines are now protected,” which led to a slight increase in acreage of the fire.

Aircraft operations made several reconnaissance passes over the fire throughout the burn period and only interior smokes were spotted. Fuels within the fire line will continue to burn, the statement said.

A Burned Area Emergency Response team, made up of officials from several federal agencies, is ready to start work to identify and manage potential risks to resources, such as erosion problems that could impact the watershed or increase flooding. Once the team determines whether there are imminent post-wildfire threats to human safety, property or natural resources, officials will take immediate action to manage the unacceptable risks, according to a report.



The Australian Red Cross Blood Service recently apologized after 550,000 blood donors' personal information was mistakenly exposed online.

The breach appears to be the largest in the country's history.

The information exposed included the names, genders, email addresses, mailing addresses, phone numbers, and birthdates of people who donated blood between 2010 and 2016. It also included answers to the question, "In the last 12 months, have engaged in at-risk sexual behavior?"

The data was accessible from September 5 to October 25, 2016, and was accessed on October 24, 2016 by someone scanning for security vulnerabilities, who notified Troy Hunt of the data breach notification service Have I Been Pwned of the flaw.



I’ve been in IT for over 25 years and spend much of my time rubbing elbows with IT pros that specialize in certain parts of the industry. So, when I talk a lot (and I do) about backups, there’s sort of an assumption that the IT pro I’m interacting with has the basics down.  

But, as those of you in SMBs know, it’s never that easy. You have so many hats (including backup) to wear, that you often need a little push in the right direction so that you don’t need to try and reinvent the wheel as it were.

So, what’s the right way to plan out your backup strategy for small business?



Monday, 31 October 2016 00:00

Turning Telcos into Cloud Providers

The world’s telecommunications carriers are set on becoming cloud providers as well, and the enterprise is the prime customer.

With abstract networking technologies like SDN, NFV and OpenStack on the table, telcos are quickly building the kind of flexibility into their networks that support agile delivery of a wide range of cloud services. At the same time, they are partnering with service providers, software developers, infrastructure vendors and anyone else who can round out their offerings to provide full software-defined data center (SDDC) platforms at scale.

In the U.S., both Verizon and AT&T are vying to become the dominant figure in cloud networking services. Verizon recently inked a deal with Oracle to provide interconnect services to improve latency across distributed hybrid architectures. According to ZDnet, Verizon will link its Secure Cloud Interconnect with Oracle’s FastConnect platform to provide pre-provisioned resources on-demand and enable the kind of rapid connectivity required of highly dynamic data environments. The system will be overseen by Verizon’s Dynamic Network Manager that maintains connectivity between traditional IT resources and public clouds from AWS, Microsoft, Google and others.



Monday, 31 October 2016 00:00

How the CIO's Role Is Changing--a Lot

Those in the role of chief information officer have seen a lot of changes in terms of roles, responsibilities and duties. This has been especially true in the last few years, as the cloud and its associated technologies have become more prevalent.

Indeed, the job title of the CIO is one that is morphing to meet new requirements from all areas of business. Overseeing everything from rogue cloud usage to business units developing their own cloud environments can be a lot to manage. At the same time, these groups, under increased pressure to improve business cost savings and do more with less, may not be aware of, or care about, the security issues they could potentially be exposing the company to in the pursuit of these goals.

This situation has culminated into a perfect storm of pressure for these business units. All areas of the company are being tasked with making things happen ahead of the competition, doing more with fewer resources and creating virtually instantaneous results. Each of the business units is responsible for its own budget and getting the most bang for the buck. Why consult outside the unit--with IT and the CIO?  The perception is that if they control their own budgets, they should control their own "IT Destiny."



BATON ROUGE, La. — Request funds to make your structure safer and stronger within 60 days after your community notifies you it is substantially damaged.

If you’re rebuilding or repairing a substantially damaged home or business, your community may require you to elevate or make other changes. Substantial damage applies when the cost of restoring a structure equals or exceeds 50 percent of its pre-damage market value, but some communities have more restrictive regulations.

Your National Flood Insurance Program (NFIP) policy may provide up to $30,000 to update your structure so it meets local floodplain management regulations. You must first submit a signed Increased Cost of Compliance (ICC) Proof of Loss form to your insurance company.

Provide a contractor’s estimate for the proposed ICC-eligible measures to your home or business and copies of construction permits. Your insurance company needs these to consider an ICC claim.

Structures that comply with floodplain management regulations have an enhanced ability to withstand storms and floods. Examples of ICC measures include elevation, relocation and floodproofing.

You have six years from the date of loss to complete the chosen and approved ICC measures.

Go online to the Louisiana Department of Transportation and Development’s website at www8.dotd.la.gov/lafloods/community_contacts.aspx to find your community’s floodplain administrator or permitting official if you want to learn more about the substantial damage determination process.

The U.S. Small Business Administration (SBA) may be another source of funds to make your home or business safer and stronger.

If your loan application is approved, you may be eligible for additional funds to pay for improvements that will protect your property against future damage. The funds would be in addition to the amount of the approved loan.

For more information, call the SBA at 800-659-2955 or TTY 800-877-8339. You may also go online to sba.gov/disaster.

Indegy Labs researchers recently discovered a vulnerability [PDF] in Schneider Electric's Unity Pro management software for industrial controllers. The flaw could be leveraged to execute code remotely on any computer running the software.

"Since Schneider Electric is one of the largest industrial control equipment providers, this vulnerability is a major concern," the researchers noted.

The researchers discovered the vulnerability almost six months ago, and disclosed it privately to Schneider Electric at the time, according to Kaspersky Lab.



Does your organization use risk management for its fundamental benefits, or has it been implemented more for regulatory or compliance reasons? Oliver Vistisen calls on organizations to make a reassessment of their risk management approach…

Risk management has come a long way since its origins as a financial instrument for the insurance industry. Now, it’s a mainstream corporate function – due in large part to regulations that have been brought in by various industrial and governmental institutions seeking to tackle some of the major calamities of recent times.  From the global financial crisis to BP’s Deepwater Horizon disaster, risk management and regulatory compliance play major roles in establishing why crises have happened, and how they can be prevented from occurring again.

As is the case with emerging technologies, there have been multiple early adopters and pioneers. However, the majority are jumping on the risk management bandwagon either because it’s become fashionable, or because they are being told to do so by industry bodies: not because they have an in-depth understanding of what risk management is; and how it could best be applied to their organization. Nor do many fully appreciate the benefits of doing so.



Monday, 31 October 2016 00:00

The Keys to Corporate Resiliency

One of the most critical responsibilities of an executive is building corporate resilience through an effective crisis management process. Corporate resiliency is derived from three specific processes: awareness, action and preparation. Most executives recognize the impacts of known events such as, fires, floods, cyberattacks, workplace violence, etc., and have developed plans for dealing with such events.

Crises arise from being faced with an unknown or unimaginable event for which there is no mitigation strategy. The inability to effectively deal with an event, known or unknown, subsequently impacts reputation, employee morale and company value. 

Corporate resiliency, in its simplest terms, is an organization’s ability to return to a normal operational tempo — including throughout its entire web of suppliers, manufacturers, distributors, retailers, transportation carriers and the other participating partners — after some period of time following an incident. Creating corporate resiliency contains two unknowns that are imperative to understanding and developing an actionable planning process: What constitutes normal operational tempo? What is the period of time?



Monday, 31 October 2016 00:00

Consider the Risks

On average, it takes just 82 seconds before a phishing campaign gets its first click; 23% of phishing recipient’s open messages and 11% open attachments, releasing malware and viruses or allowing hackers into the system to rob companies blind.

CyrusOne’s report examines six vulnerabilities in enterprise security, along with measures to protect it.

Download our recent executive report >
Are Your Own Employees Putting Your Business at Risk?

The Business Continuity Institute - Oct 31, 2016 12:37 GMT

By NASA Earth Observatory image by Joshua Stevens, using MODIS data from the Land Atmosphere Near real-time Capability for EOS (LANCE)

The ravages of Hurricane Matthew, the costliest Atlantic hurricane since Superstorm Sandy, are prompting businesses to rethink their natural hazards preparedness. More than one in four respondents to a survey of employees in the areas affected by the storm claimed they believe their companies will increase investment in this area.

The study, conducted by FM Global, also showed that, while respondents gave their companies mostly A’s and B’s for pre-storm preparedness, nearly two out of five employees (38%) said Hurricane Matthew interrupted normal business operations, and over a quarter (26%) of employees said their companies lost customers or orders as a result of the storm.

Adverse weather has consistently been a top ten threat for business continuity professionals, according to the Business Continuity Institute’s annual Horizon Scan Report. In the latest edition, more than half of respondents to a global survey expressed concern about the prospect of this type of disruptive event materialising. When you analyse the results further to only include respondents from countries where these types of events are relatively frequent, countries such as the United States, the level of concern increases considerably.

Horizon scanning is a fundamental part of business continuity planning,” said Patrick Alcantara DBCI, Senior Research Associate at the BCI and author of the Horizon Scan Report. “Investment needs to be put into preparing for disruptive events prior to them occurring, not after. Organizations need to assess the threats they could be exposed to in the future, and then put measures in place to ensure they can still function should they occur.

Hurricane Matthew was a catastrophic event of major proportions, and disruptions of all kinds were to be expected,” said Brion Callori, senior vice president of engineering and research at FM Global. “However, we do believe the majority of loss is preventable, and tools and solutions exist to both understand what might occur during a hurricane and be prepared to mitigate the effects. We applaud new investment in resilience since it could make all the difference in the fate of a business, including revenue, market share, shareholder value and reputation. It’s only a matter of time before the next severe storm strikes.

Whether you expect to witness a creepy clown in your neighborhood or have nightmares of Michael Myers chasing you, Halloween is a night to celebrate things that scare us and make the hair stand up on the backs of our necks. Disaster recovery testing reduces the number of things that can scare us – on Halloween and all through the year.

The Critical Role of Disaster Recovery Testing

For those of us responsible for anticipating the unexpected and keeping your business operations running no matter what, uncertainty over having an “accurate” disaster recovery plan in place and identifying critical applications really can haunt us. Like a character being followed in a slasher film, we’re always looking over our shoulder, stuck with a nagging suspicion that something critical may have been overlooked.



The Business Continuity Institute - Oct 28, 2016 09:51 BST

Ebola, Bird Flu, Swine Flu, SARS. There have been several times in recent years when the news headlines have been filled with stories of pandemics occurring in some part of the world, or at least are threatening to. Some never materialise into anything more substantial than a threat, but the fear of the potential impact still remains.

The latest Horizon Scan Report by the Business Continuity Institute put human illness in 13th place on the list of disruptive events that business continuity professionals are most concerned about. 38% of respondents to a global survey expressed concern about the prospect of this threat materialising, although this was a decrease from 2015 when it was in 8th place with 42% expressing concern.

So how prepared are we to deal with a pandemic outbreak and the impact it could have on our organizations. Do we know what impact it could have? In the latest edition of the BCI's Working Paper Series, Dezheng Yuan AFBCI uses three simplified financial models to elaborate on the impact of pandemic transmission speed to the business continuity of organizations and advised solutions. In his paper, Dezheng explains how slower pandemic transmission speed could enable more effective cross-region back-up plans of organizations which could reduce financial losses.

Among other things, Dezheng concludes that, even if the final morbidity and mortality rates remain the same, the efforts paid to delay the spread of the infectious diseases are still justified from the viewpoint of business continuity management.

"Concerns about the wholesale outbreak of disease are not that far-fetched considering the historical record which makes Dezheng Yuan’s paper relevant", says Patrick Alcantara DBCI, Senior Research Associate at the BCI and Editor of the Working Paper Series. "His methodology is relatively more technical than most of the works we have published in this series but lends itself well to practical solutions which he enumerates at the end of his piece. Indeed, his work demonstrates the depth of thinking in our professional community which we aim to feature in this publication."

Download your free copy of 'The effect of pandemic transmission speed on business continuity' to understand more about the potential impact a threat a pandemic could have on your organizations, and what you can do to mitigate against it.

ATLANTA, Ga. — As companies seek to cut costs and improve efficiency, a growing number of businesses encourage or allow their employees to use their own digital devices at work. “Navigating the IT, privacy, security and intellectual property issues was difficult enough before Bring Your Own Device (BYOD) became common,” says attorney and engineer Janine Anthony Bowen, a shareholder in national law firm LeClairRyan’s Atlanta, Ga. office. “But as the trend surges – and the law catches up with it – companies should carefully review their BYOD policies.”

Challenges range from liability for unpaid overtime to stiff legal penalties for failing to preserve data that may be subject to the eDiscovery process, adds Bowen, a member of LeClairRyan’s Privacy and Data Security Practice.



Friday, 28 October 2016 00:00

Hurricane Matthew: What Went Wrong?

When Hurricane Matthew swept through the Southeastern United States earlier this month, it left behind extensive debris, thousands without power, and many people living in shelters. In North Carolina, Florida, Georgia and South Carolina, meanwhile, a total of 17 people lost their lives.

Today’s storm forecast models are more advanced than ever before. So how is it that so many residents were caught unprepared when Hurricane Matthew swept into their towns earlier this month? The truth is that storms are notoriously unpredictable, and while forecasts can help, they ultimately only go so far. Let’s take a closer look at what went wrong with Hurricane Matthew, along with highlighting the single best way to protect yourself, your loved ones, and the members of your community when a storm is on its way.



Until recently, the conventional wisdom about data storage was that on-premise solutions don’t offer the flexibility or cost savings of the cloud. Enterprises may have concerns about handing over control of their data and IT infrastructure to a cloud provider because they worry about security, but they’re willing to put these concerns aside if they think they can get the scale and storage they need — at a good price.

Depending on your business, this might have been true in the past: If you weren’t dealing with big data sets, sought low latency, and wanted to save money, the cloud may have been the right choice. Spinning disks didn’t offer the performance needed, and flash drives were too expensive to use in bulk.

Recent changes in the storage market have weakened the argument that storage in the public cloud is the only cost-effective option. Your data center doesn’t necessarily have to be built in the cloud if you’re trying to get that magic combination of cost effectiveness and performance. Here’s what’s happening in the data storage market that should factor into your decision making:



There’s no longer any question that AI (artificial intelligence) is transforming the business world, and this is great news when it comes to successfully maintaining a corporate infrastructure modeled on the three pillars: governance, risk management and compliance (GRC).

Until now, the demands of GRC have been coupled with a spiraling need to increase productivity and cut costs in a hypercompetitive marketplace, turning this near impossible feat into a never-ending and often losing battle. But with the introduction of cutting-edge AI and NLP (natural language processing) technologies into the workplace, companies are discovering they can turn impossibility into reality.

Artificial intelligence has become an indispensable tool for humans to gain support in pretty much every aspect of running a business, and the methodology behind effective GRC is no exception. Much of a company’s compliance and regulatory measures center on the need for better decision-making; automating the processes that contribute to timelier, more informed decisions are a primary objective of emerging AI solutions.



Earlier this year, a ransomware attack shut down the Lincolnshire County Council’s computer systems. For a week, members were reduced to using pens and pencils after the council refused to pay the $500 ransom demanded by the attackers.

It was a vivid example of the disruption that ransomware can cause security executives, who are girding to contend with targeted ransomware attacks against current and planned cloud deployments.

No surprise there as malicious hackers, clearly creatures of habit, seek out the most promising targets. While the cloud has proven its security critics wrong up until now - it’s actually a lot more secure than many thought a few years ago  - targeted ransomware attacks against the cloud are on the increase.



Thursday, 27 October 2016 00:00

Is Our Business Continuity Program a Sham?

You test, you plan, and you document, but is your business continuity program a sham?

It’s a question a senior executive of a client recently asked me. Sadly, the answer to his question was a resounding “yes!” In many cases, we find that the pretty picture painted by the BCM team is not what it seems when you get up closer and pull the covers back.

Why are so many programs in this state?  Well, here are 10 reasons:



The recent DDoS attacks have shone a bright spotlight on the security problems within the Internet of Things. The attacks are also a reminder that cloud security is still a work in progress.

That’s not to say that the cloud isn’t secure; instead, the problem may be the way we think about security and the cloud, as InfoWorld explained:

With DDoS attacks, the tendency is to focus on organizations directly affected. Thus, when hacktivists target financial services or gaming sites, the victims are those trying to access those applications. The information is intact, albeit temporarily unavailable.

With Dyn, however, the target was core internet infrastructure, which means any organization that relies on Dyn or works with a service provider dependent on Dyn is affected.



Of all the ways in which advanced analytics and machine intelligence can impact the enterprise business model, perhaps none is more crucial than its effect on IT itself.

As infrastructure becomes more distributed and data loads become more complex, IT must become more adaptive, even to the point where it exceeds a technician’s ability to collect operating data, figure out what it all means and implement the required changes. So before organizations turn Big Data loose on functions like sales, marketing and compliance, it makes sense to implement it on the infrastructure and operational layers of the data environment itself.

This can be done in numerous ways. Power management firm Eaton recently launched the PredictPulse Insight platform that uses a cloud-based analytics engine to track power distribution throughout the data center to predict failures and optimize efficiency. The system ties into the PredictPulse remote monitoring service to produce a more predictive, proactive model of energy management. Users are provided with real-time data over an online dashboard that details alarm settings, performance metrics, service history and a host of other points, all of which can be accessed by either a traditional web portal or a mobile app.



Thursday, 27 October 2016 00:00

The Era of the Smart Data Center

What does it take to run a smart data center?

For many businesses, the data center is the heart of software technology—the “thing” enabling businesses to do more, efficiently expand their capabilities, and maintain the information necessary to run their business properly. A smart data center is needed to support the demands and application deployment models, such as the Internet of Things (IoT), cloud, platform-as-a-service, software-as-a-service, and other models on the verge of becoming mainstream. As business needs evolve, companies are demanding more from their data centers.

Are data centers up to the challenge?



Thursday, 27 October 2016 00:00

Preparing for Colder Weather

As some parts of the Northeast experience their first frost/freeze of the season, this is a good time to make some cold weather preparations.

NOAA’s recently issued U.S. Winter Outlook said the development of La Niña, the climate phenomenon and counterpart of El Niño, is expected to influence winter conditions this year.

La Niña favors drier, warmer winters in the southern U.S. and wetter, cooler conditions in the northern U.S. but because forecasters expect it to be weak and short-lived, we probably shouldn’t bet against snow.



U.S. regulators unveiled draft cybersecurity standards  aimed at protecting the U.S. financial system in the event of a technology failure or cyberattack. The plan, authored by the Federal Reserve, the Federal Deposit Insurance Corp. and the Office of the Comptroller of the Currency, would strengthen the way agencies oversee how large U.S. banks and foreign banks operating in the U.S. with $50 billion or more in assets manage and address threats to cybersecurity.

The draft plan would impose the toughest restrictions on firms considered to pose the greatest risk to the financial system. Those firms would have to prove they can get their core operations running within two hours of a cyberattack or major IT failure. The new rules also would apply to nonbank financial companies deemed systemically risky by a panel of regulators.



The Business Continuity Institute - Oct 27, 2016 09:41 BST

Clearly it is embarrassing, and we’ve all heard about the huge fines that have been imposed on some organizations following a data breach, but what is the long term impact of such an event? A study conducted by Thales e-Security has showed that the vast majority of people would reduce or eliminate the use of an organization’s products or services following a data breach, and only 16% of respondents would continue to use an organization’s products or services as usual.

According to the UK-based study, one in five people (20%) would withhold custom altogether from an organization that had been breached, while over a third (37%) stated they would only use their products and services if there were no other alternatives.

This major rejection of organizations that have been breached demonstrates why business continuity professionals are concerned about this type of threat. In fact, the Business Continuity Institute’s latest Horizon Scan Report identified data breach as the number two threat (after cyber attack) with 80% of respondents to a global survey expressing concern about the possibility of such an incident occurring.

It’s important for firms to recognise just how much of their customer base might be lost in the wake of breach incidents,” said Sol Cates, vice president of technology strategy at Thales e-Security. “With more than half of respondents saying that they would either immediately stop using an organization’s products or services altogether, or use them only if they have no other choice, effective security controls specifically placed around data to prevent and minimise damage from data breaches become an absolute requirement.

The survey also questioned respondents on what they would be most concerned about following a breach of their personal information. Nearly half (46%) stated that money being stolen from their bank account was the main concern, while two in five stated that it was having their identity stolen.

The theft of money from someone’s bank account as the result of a breach is a very tangible fear, but realistically it is much less likely than other outcomes,” continued Cates, “The implications of identity theft should pose far more of a concern, as they can be extremely painful and long lasting, with clean-up from incidents taking months or even years, and having long term effects on using and obtaining credit when it is really needed. Once your data is ‘in the wild’, your life is never the same.

Digital Realty Trust uses more renewable energy than any other data center provider, followed by Equinix, according to the US Environmental Protection Agency.

Companies that use providers like Digital and Equinix are increasingly interested in data center services powered by renewable energy, partly because of their own corporate sustainability programs and partly because energy generated by sources like wind and solar has gotten a lot cheaper in recent years. In response, the providers have been sourcing more renewables to address the demand.


recent survey of consumers of retail colocation and wholesale data center services by Data Center Knowledge, found that 70 percent of these users consider sustainability issues when selecting data center providers.



Wednesday, 26 October 2016 00:00

Field Tested and Ready

Bockistan lies in ruins.

A magnitude 7.8 earthquake has rocked the country, killing hundreds. Large apartment buildings have collapsed, communications are out, airports and seaports are closed, electricity is dead, and water isn’t flowing.

Into this situation come 42 Americans ranging in age from their early 20s to their late 50s, full of enthusiasm and determination to do good and carrying bags of gear. But they’re entering an unfamiliar world in a state of disaster, full of cultural pitfalls and government red tape.

What’s more, this is their final exam — not to add any pressure.



Wednesday, 26 October 2016 00:00

CDC: How We Decide What to Say in Emergencies

A few years ago, there was an outbreak of Salmonella infections among people who ate peanut butter and products containing peanut paste, like crackers and cookies. People were scared. They needed to know which products were affected. Were they in their grocery store, or worse, already in their kitchen? They also needed facts about Salmonellainfection: what are the symptoms, and how dangerous is it?

Fact: You can’t protect your health if you don’t know what to do and how to do it.

This is the reason I spend my days helping people get the right messages about their health at the right time. During the Salmonella outbreak linked to peanut butter, we worked to quickly gather information and science from lots of sources and get it to the people who needed it. But there’s more to communicating about health than just moving information around. There’s a science behind what we do.

First things first

Before I start writing, I take a minute to put myself in the audience’s shoes. Who are they, and what do they need to know to protect themselves? I begin with the what, why, and how – the basics everyone needs to take the first steps.

In an emergency, geography is also important. If there’s an outbreak or a flood, not everyone may be affected. People need to know if they’re close to the incident or far away, and what the likelihood is that it will affect them.

But we don’t just consider what we need to say. We also look at the best ways for people to hear it. We know that people with different backgrounds will take in health information differently. What people do about a threat depends on several things, including who they are, who we are, and how we talk about it. This is where the communication science comes in.

Applying the science7 things to consider when communicating about health

In my job, we apply a system where we look at the different aspects of getting health information to people who need it. There are seven things we consider when we communicate about health:

  • Trust: Will people trust the information? Who is the best source to put the information out?
  • Information: What information is necessary, and how will people find it? How much is enough, or too much?
  • Motivation: How relevant is the information is to the people we’re trying to reach?
  • Environment: What are the conditions that surround and affect the audience?
  • Capacity: What is people’s ability to act on the information? Are there barriers?
  • Perception: What will the audience think about the information? What will inspire them to act on it?
  • Response: How will people respond? What can we do to stay engaged with them and give them support as they take action?

We call this set of questions TIME-CPR. Answering all of these questions before we start communicating lets us make a plan that will help people take action and save lives.

What we know, as soon as we know it

Sometimes we get worried about communicating information before we have all the answers. But it’s okay to say that we don’t know yet, and we’re working on finding out. We’re all in this together, especially in emerging and evolving situations, and people need to trust that we will always share the latest and best information we have, even if we don’t yet understand or know everything. We’re not just experts, we’re expert learners.

When something first happens, we might not know right away exactly how many people or which products are affected. But we need to start talking about it anyway. The risk is too great if we don’t.

Let’s go back to that Salmonella outbreak. Because peanut paste is in so many products, and because those products were already in the hands of so many people, we had to act quickly. Many of the affected crackers had been sent to troops overseas or were foods that get sent as part of school lunches. We immediately reached out to veterans’ communities, daycares, and schools. We developed a searchable database and created a widget to help people figure out if their food had the peanut paste in it. In the end, the outbreak affected over 700 people in 46 states. But without fast communication, many more would have been sick.

Health literacy touches everyone

October is Health Literacy Monthhttps://blogs.cdc.gov/TemplatePackage/3.0/images/icon_out_v2.png), which is a time to focus on how we can help people better receive and understand information they need to stay safe and healthy. When we present our information in a way that makes it difficult for people to understand what they can do to protect their health, they may be more likely to get sick or die.

Health literacy affects everything from how and why medication should be taken, to reading nutrition labels, to what people should do in a major emergency like an outbreak or natural disaster. Everyone – from large agencies to community organizations to family doctors to individuals – is responsible for making sure we all have clear and relevant health information when we need it. We need to stay connected and communicate well. Lives depend on it.

For more information about Health Literacy, visit the CDC Health Literacy website.

Improving the ability to share and use health information is a national priority. The National Action Plan to Improve Health Literacyhttps://blogs.cdc.gov/TemplatePackage/3.0/images/icon_out_v2.png); display: inline-block; width: 10px; height: 10px; vertical-align: baseline; margin: 0px 3px 0px -13px; background-position: 100% 50%; background-repeat: no-repeat no-repeat;"> seeks to engage organizations, professionals, policymakers, communities, individuals, and families in a connected effort to increase health literacy, and is part of the Healthy People 2020https://blogs.cdc.gov/TemplatePackage/3.0/images/icon_out_v2.png); objective to improve health outcomes and health equity through better communication.

Posted on October 25, 2016 by Christine Prue, MSPH, Ph.D., Associate Director for Behavioral Science, National Center for Emerging & Zoonotic

At the U.S. Department of Homeland Security (DHS), Assistant Secretary for the Office of Infrastructure Protection Caitlin Durkovich recognizes how hard it can be for emergency managers to distill the message of preparedness for citizens and businesses.

With the rise of global terror, the threat landscape has become exponentially more complex, making it harder for first responders and others to communicate even basic security information. “But this is the new normal, this is the world that we are living in now, where we are going to see attacks on soft targets with frequency,” she said.

To convey the significance of that reality, emergency managers need a concise message.



Not all "clouds" are created equal – or considered clouds at all, for that matter. With all due respect, single-tenant hosted products are one such instance. Just because a traditional software product is hosted by a vendor doesn't make it the equivalent of SaaS. Let's face it – it's not uncommon for successful licensed software companies that focus on operational intelligence or enterprise compliance and security to zig and zag as they evolve their business models to the cloud. Neither is it uncommon for them to maximize their best attributes in their marketing materials.

The difference between SaaS and a single-tenant hosted software "cloud", however, is an important distinction. If you're looking for a solution that offers the key benefits of a modern SaaS product, hold out for a provider whose underlying architectural model offers the benefits of a true cloud offering. And while your first reaction might be, "Who cares? Hosted software seems like SaaS as far as the user is concerned." But here are the three reasons why customers should care about their "cloud" provider's underlying model.



Wednesday, 26 October 2016 00:00


Your Event Management Doesn't Have to Be So Hard

Company execs love to put on big, fancy events. They may invite business leaders, managers, partners, suppliers, stockholders, board members, customers, and maybe even regular employees who deserve a night on the house.

These events often take place in hotel ballrooms or conference centers with plenty of food, drinks, and entertainment. Speakers are given the stage, presentations, and short films often accompany, and most leave in a better mood than when they arrived (if it is done right). Events may be planned for product launches, annual conferences, holiday galas, or awards banquets. They are all a big deal, take a lot of time to plan, and cost a boatload of money.



The Business Continuity Institute - Oct 26, 2016 12:15 BST


Two years ago, I was asked to contribute to the ‘20 in their 20s’ publication by the BCI on the future of business continuity. In my article, I pointed out the need to learn from experience in order to achieve what I think is the mission of our industry: the ‘social continuity’. I also stated that the business continuity industry shall not repeat the mistakes of risk management, which was highly disregarded by the Boards of Directors of the most important companies all over the world until the most recent years, when the financial crisis hit the global markets.

I am now invited to write this blog as a follow-up to that initiative, with the aim of understanding if and how my view had changed since then. Honestly, I have to say I still think the greatest challenge for continuity and resilience professionals is to broaden the scope of action to include the social components in their considerations. Indeed, we all know that an organization is as vulnerable as the weakest link in its value chain, and we are also aware of the fact that each company operates in an interconnected environment. How can we claim to be resilient, if we do not care about the level of preparedness of our critical stakeholders?

In these two years, I have also understood that cultural restraints can represent a limit that needs to be overtaken if we want to reach our target. Therefore, I have decided to get more involved with the activities of the Business Continuity Institute, whose mission is to promote a more resilient world. Specifically, I have become an Approved BCI Instructor, a BCI Corporate Partner with my company (PANTA RAY) and I have joined the BCI Risk and Governance Committee. I strongly believe in the role of the Institute because, actually, there are countries where chasing the ‘social continuity’ purpose can be hard. That is why we need to work the system if we wish to change mindsets that had been instilled over hundreds of years.

It will be a long process and I can tell it is frustrating at the beginning. I am Italian and I have been involved in the launch of the BCI Italian Forum in the summer of 2014. A small group of people had to build a network from scratch and faced many challenges, but we worked hard and thanks to the support of Steve Mellish (BCI Chairman at that time) and Lorraine Darke we had a very first conference in November that same year with approximately 70 Italian professionals. It was an incredible success and we decided that we wanted to establish an annual meeting, so we had a similar event last year (2015) and doubled the audience.

In 2016, we started to hold monthly Forum meetings. As a consequence of our efforts, the numbers of CBCI training sessions and statutory members are increasing at a fast pace and our expectations on the next annual conference are definitely high. The BCI Italian Forum is now a very active LinkedIn group that counts over 350 continuity and resilience professionals!

We know it is going to be a long journey, but the results of our job are quite interesting so far. I would like to share our approach and discuss it with the community, as I am sure we would benefit from feedback and suggestions. And with a pinch of conceit, we might as well inspire the growth of the Institute in other areas. After all, we all share the same mission.

Alberto Mattia is the Managing Director of PANTA RAY, the leading business continuity consulting company in Italy. He graduated in Economics and Finance at the Università Bocconi in Milan, his hometown, with a final paper on Crisis Management in the banking sector. Alberto has been a speaker at several important conferences on resilience and has written articles that have been published in Italy and abroad.

Managed cloud provider Rackspace announced it has appointed two new executives to its international team. Reinhard Waldinger has been promoted to Managing Director, International, and Alex Fuerst, Regional Leader for DACH.

The appointments come as Rackspace, which recently went private in a $4.3 billion buyout, is opening a new office in Munich that will help support the growth of its German-speaking customers in Germany, Austria and Switzerland.

Waldinger has worked at Rackspace for more than 10 years. Previously, Waldinger was VP of Finance for Rackspace International. In his new role he will work with customers, partners and employees in its international operations.



Regardless of whether you work in the hosting industry, you would have likely encountered an outage Friday on a website that you may visit frequently, due to a DDoS attack targeting Dyn.

You can read the news story here.

A DDoS attack on an individual website can cause lots of issues in and of itself, but a DDoS attack on a DNS network has a much bigger impact. Friday’s DDoS attack impacted sites ranging from Twitter to AirBnb to The New York Times and, even to PagerDuty, a site that helps alert you of downtime.

In an emailed statement, Dave Larson, Corero COO, explained how DDoS attacks against DNS providers can be particularly damaging.



The enterprise cloud industry is starting to take on some semblance of order as both providers and consumers gain a clearer understanding of how it is to function within the broader data ecosystem.

To be sure, there are still many questions regarding deployment, configuration, services and a host of other factors when creating individual clouds, but in general the need to establish robust hybrid infrastructure that can accommodate legacy applications and emerging services for mobile, Big Data and IoT functions is coming into focus.

This clarity is also driving much of the deal-making on both the provider and infrastructure layers, not the least of which is Amazon’s recent tie-in with VMware. As Information Week’s Charles Babcock noted recently, the deal gives Amazon something it desperately needed to combat chief rival Microsoft: a means to easily port workloads from legacy infrastructure to its largely proprietary cloud architecture. VMware fills the bill nicely because it provides the virtual format to shift workloads without bothering with a lot of hardware configuration, and it has one of the largest installed bases of enterprise customers on the planet.



On Thursday, I wrote a blog post about the Mirai IoT malware infecting IoT devices, turning them into botnets that create DDoS attacks. I knew that this was going to become a serious problem but at that moment, it hadn’t become a mainstream issue.

That certainly changed quickly, didn’t it? On Friday, I was leaving my office when my phone chirped with a breaking news story – Homeland Security was investigating a major DDoS attack against Dyn. A quick check of Facebook told me all I needed to know: My friends were wondering why they couldn’t access so many of their favorite websites all of a sudden. Now everyone is asking questions about not only IoT security but DDoS attacks. It’s good that people are now aware; I wish we could be aware proactively rather than reactively.

But where does this proactive behavior begin? For this type of attack, it is a two-pronged issue. First, we have to do a better job addressing IoT security. A new survey from ESET found that 40 percent of us are not confident that our smart devices are secure enough, and as Tech Crunch added:



Tuesday, 25 October 2016 00:00

FEMA: Long Term Recovery

PHILADELPHIA – Long term recovery begins and ends in local communities.  To support state and local officials, and help build back communities to be more resilient, FEMA developed the National Disaster Recovery Framework, also known as the NDRF, to help guide federal agencies in their support efforts. The NDRF empowers federal, state, local and other partners to work together to find solutions for some of the major challenges communities face after a disaster, such as housing needs, rebuilding the local economy, and preserving the communities’ heritage and traditions while making strides towards resilience against future disasters.

FEMA Region III has released a podcast on the NDRF to help explain how the program works and our goal in working with and supporting communities’ long term recovery. The podcast is a great way to learn more about the framework, roles, responsibilities and objectives.  It is available at https://www.fema.gov/media-library/assets/audio/126251 and through the Multimedia Library Audio section. The podcast interviews FEMA Region III’s Federal Disaster Recovery Coordinator (FDRC) Kevin Snyder and Community Planning and Capacity Building (CPCB) Coordinator Michelle Diamond on the NDRF, as well as how FEMA works with our partners to make long term recovery happen for communities.

Below are some excerpts from the podcast:

FDRC Kevin Snyder: “In Region III we have what we call our Recovery Support Function Leadership Group and that is a steady state group, we meet monthly and we talk about our issues, needs, and activities and through that network we can reach back to our regional infrastructure system partners and say hey – here is this issue that we didn’t identify early on but we are seeing right now. What are your ideas of how we can coordinate solutions to address that? And kind of take it from there.”

CPCB Coordinator Michelle Diamond: “…we do work with a number of federal partners, but in addition to the federal partners, we also work with the private sector, with universities, with professional associations, foundations, and nonprofits and all of these partners – they all have the goal of working with local governments and state governments to help address issues of local needs for planning and for capacity building.”

To listen to and download the podcast, please visit https://www.fema.gov/media-library/assets/audio/126251. For more information on the NDRF, please visit https://www.fema.gov/national-disaster-recovery-framework.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. FEMA Region III’s jurisdiction includes Delaware, the District of Columbia, Maryland, Pennsylvania, Virginia and West Virginia.  Stay informed of FEMA’s activities online: videos and podcasts are available at fema.gov/medialibrary and youtube.com/fema. Follow us on Twitter at twitter.com/femaregion3.

Tuesday, 25 October 2016 00:00

What IoT Cyber Attacks Mean for Insurers

The massive global distributed denial of service attack (DDoS) against internet infrastructure provider Dyn DNS Co. that left over 1,000 major brand name sites including Twitter, Netflix, PayPal and Spotify, inaccessible Friday has implications for insurers too.

While the nature and source of the attack is under investigation, it appears to have been (in the words of Dyn chief strategy officer Kyle York) “a sophisticated, highly distributed attack involving tens of millions of Internet Protocol addresses.”

As Bryan Krebs’ KrebsOnSecurity blog first reported, the attack was launched with the help of hacked Internet of Things (IoT) connected devices such as CCTV video cameras and digital video recorders (DVRs) that were infected with software (in this case the Mirai botnet) that then flooded Dyn servers with junk traffic.



Managed DNS provider Dyn was hit by a series of massive DDoS attacks on Friday, October 21, which left several major sites inaccessible for hours, including Box, CNN, HBO Now, PayPal, Pinterest, Reddit, Spotify, Squarespace, Twitter, Weebly, Wired, Wix, Yelp, Zendesk and Zoho, among many others, Gizmodo reports.

In a statement on its website, Dyn explained that its Managed DNS infrastructure in the Eastern U.S. came under attack from 11:10 UTC to 13:20 UTC, and again from 15:50 UTC to 17:00 UTC. "We will continue to evaluate every situation with the goal of improving our systems and processes to deliver the utmost customer experience," the company stated.

In a blog post, security expert Bruce Schneier suggested that someone has spent the past year or two probing the defenses of companies critical to the operation of the Internet. "These probes take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down," he wrote.



Any repetitive IT task that requires IT organizations to detect patterns within a massive amount of data is now generally subject to being automated. With that in mind, Hewlett-Packard Enterprise (HPE) has been applying Big Data analytics to multiple forms of data protection.

The launch of HPE Backup and Recovery Suite brings all HPE data protection offerings together under a common analytics framework as part of an effort to first identify bottlenecks in the process, make recommendations on how to fix scheduling conflicts and ultimately eliminate the amount of IT intervention currently required to complete them.

In addition, Stephen Spellicy, vice president of product management for information management and governance says, HPE is now providing a “what-if” capability that allows IT administrators to model different data protection strategies before implementing them.



RALEIGH, N.C. – If you applied for FEMA help in the aftermath of Hurricane Matthew and you disagree with the decision stated in the letter you received, a quick fix may be all that is needed to change it. 

It’s important that you read your letter carefully to understand FEMA’s decision so you will know exactly what you need to do. Many times applicants just need to submit extra documents for FEMA to process their application.

Examples of missing documentation may include an insurance settlement letter, proof of residence, proof of ownership of the damaged property, and proof that the damaged property was your primary residence at the time of the disaster.

If instructed and needed, you can simply submit missing documentation to FEMA online at www.disasterassistance.gov, by mail or fax, or by visiting a Disaster Recovery Center.

There may be more than one reason you disagree with FEMA’s decision. For example, if you feel the amount or type of assistance is incorrect, you may submit an appeal letter and any documents needed to support your claim, such as a contractor’s estimate for home repairs.

If you have insurance, FEMA cannot duplicate insurance payments. However, if you’re under-insured you may receive further assistance for unmet needs after insurance claims have been settled.

How to Appeal a FEMA Decision

All appeals must be filed in writing to FEMA. You should explain why you think the decision is incorrect. When submitting your letter, please include:

  • Your full name
  • Date and place of birth
  • Address

In addition, your letter must be either notarized, include a copy of a state issued identification card, or include the following statement, “I hereby declare under penalty of perjury that the foregoing is true and correct.” You must sign the letter.

If someone other than you or the co-applicant is writing the letter, there must be a signed statement from you affirming that the person may act on your behalf. You should keep a copy of your appeal for your records.

To file an appeal, letters must be postmarked, received by fax, or personally submitted at a Disaster Recovery Center within 60 days of the date on the determination letter.

By mail:

FEMA – Individuals & Households Program
National Processing Service Center
P.O. Box 10055
Hyattsville, MD 20782-7055

By fax:
Attention: FEMA – Individuals & Households Program

You should have received a booklet called "Help after a Disaster." It explains what you need to provide for your appeal. The booklet is available online at www.fema.gov/help-after-disaster.

If you have any questions about submitting insurance documents, proving occupancy or ownership, or anything else about your letter, you may call the FEMA Helpline at 800-621-3362. If you use TTY, call 800-462-7585. Those who use 711 or Video Relay Service can call 800-621-3362. Lines are open from 7 a.m. to 11 p.m. EDT, seven days a week, until further notice. You can also visit a North Carolina disaster recovery center and speak with a disaster assistance representative. Locate your closest center by going online to fema.gov/drc or by calling the FEMA Helpline.


Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-3362 or TTY at 800-462-7585.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. Follow FEMA on twitter at @femaregion4. Download the FEMA app with tools and tips to keep you safe before, during, and after disasters.

Dial 2-1-1 or 888-892-1162 to speak with a trained call specialist about questions you have regarding Hurricane Matthew; the service is free, confidential and available in any language. They can help direct you to resources. Call 5-1-1 or 877-511-4662 for the latest road conditions or check the ReadyNC mobile app, which also has real-time shelter and evacuation information. For updates on Hurricane Matthew impacts and relief efforts, go to ReadyNC.org or follow N.C. Emergency Management on Twitter and Facebook. People or organizations that want to help ensure North Carolina recovers can visit NCdisasterrelief.org or text NCRecovers to 30306.

The U.S. Small Business Administration (SBA) is the federal government’s primary source of money for the long-term rebuilding of disaster-damaged private property. SBA helps homeowners, renters, businesses of all sizes, and private non-profit organizations fund repairs or rebuilding efforts and cover the cost of replacing lost or disaster-damaged personal property. These disaster loans cover losses not fully compensated by insurance or other recoveries and do not duplicate benefits of other agencies or organizations. For more information, applicants may contact SBA’s Customer Service Center by calling (800) 659-2955, emailing disastercustomerservice@sba.gov, or visiting SBA’s Web site at www.sba.gov/disaster. Deaf and hard-of-hearing individuals may call (800) 877-8339.

How would emergency management and public health officials handle a catastrophe that taxed local supplies of vaccines or medical equipment? Since 1999, the federal government has had a way to help: the Strategic National Stockpile.

The stockpile consists of warehouses that contain medicines — both those that prevent the onset of an illness and those that can treat illnesses — and medical supplies and equipment. It is not meant to be the first line of defense, but rather to supplement resources when state and local supplies run short.

“The underlying premise of the Strategic National Stockpile is to respond to primarily chemical, biological, radiological and nuclear events,” said Greg Burel, director of the Division of Strategic National Stockpile at the Centers for Disease Control and Prevention (CDC). “We also hold material that would be useful in an influenza event.”



Monday, 24 October 2016 00:00

Enhancing Campus Safety

This spring, the U.S. Department of Education released its third version of the Handbook for Campus Safety and Security Reporting to help guide colleges in their continued implementation of the Clery Act.

Originally intended to bring greater transparency to campus crime reporting, especially around crimes against women, that law has been expanded in the decades since its inception. It now contains substantial language compelling schools to organize and document specific plans for issuing timely warnings and emergency notifications.

The Clery Act applies to some 6,000 colleges and universities that participate in federal financial aid programs. With the release of its latest handbook, the Department of Education says it is looking for these schools to take their emergency planning beyond the historic norms of academia.



Monday, 24 October 2016 00:00

The 911 Cyber Challenge

Emergency Management has published several articles about the movement toward a next-generation 911 (NG911) system based on modern Internet protocols that will allow responders to take advantage of capabilities such as text and video messaging. 

Beyond the capability to send and receive texts and multimedia, there are other benefits to the new types of networks. Public safety answering points (PSAPs) will be able to transfer calls and activate alternative routing to share the burden during an emergency or when they are closed by disaster.

But accompanying all these important benefits of the switch from analog to digital, one challenge looms large: the increased risk of cyberattacks on 911 call centers once they are connected to so many devices and other networks.



In life and in business, you are generally more successful when you have friends. You are able to share the load, bounce ideas off each other, and have each others’ backs, if you will. The goal is that the sum of the parts is greater than indicated by the math.

Companies that are trying to address large problems will find it lonely if they don’t surround themselves with an ecosystem, the technology equivalent of friends, to fill in the gaps.

The idea of an ecosystem isn’t new – it’s a core reason most industries exist. Ecosystems in the technology space succeed for some of the same reasons most of us tend to have a higher score when we play “best ball” in golf, compared to playing solo. For example, there may be a woman who can drive the ball down the fairway, another guy that chips it onto the green, another guy who is a whiz with the putter, and then there’s me – the designated golf cart driver. In tech, when vendors, partners, customers, and thought leaders collaborate, they can set higher standards for innovation and push the limits with the solutions they create.



Iron Mountain, the company known for its underground caverns that house everything from classified government documents and Hollywood movie reels to data centers, is expanding into Northern Virginia, the largest and most active data center market in the US.

The company recently kicked off construction of a 150,000-square foot data center in Manassas, which it expects to be the first of at least four buildings on a future 83-acre, 60MW data center campus, according to a news release. The facility is slated to come online in August 2017.

It first announced plans to build a data center campus in the region in March.



Thursday, 20 October 2016 00:00

Is World Backup Day Such a Good Idea?

As you may already know, World Backup Day is on the 31st of March, 2017. So depending on when you read this blog post, you may have more or less time in front of you until it rolls around again. Hooray for World Backup Day, you might think, reminding people how important it is to safeguard data and systems.


But is there a danger that data backups then have but one day of fame per year, only to be forgotten about for the other 364 (or 365)? Maybe this anniversary could be put to a slightly different use.



Thursday, 20 October 2016 00:00

Create your complete Business Continuity Plan

The Business Continuity Planning Template: Your Guide to Creating a Complete Business Continuity Plan

Creating a comprehensive Business Continuity Plan is a critical step in the development of your BCM program. A few weeks ago, we posted our ultimate guide to developing a risk mitigation plan, but this week we’re going to take another step toward program maturity by looking at the development of the Business Continuity Plan itself.

This Business Continuity Plan is the aggregate of your planning and analysis processes (risk assessment, business impact analysis, and threat and risk assessment). It includes various documentation and checklists that allow your organization to continue to function effectively (or to restore business functions) during an emergency event. With that in mind, we developed the following checklist to help you develop an overall Business Continuity Plan, as well as other plans and action items for specific areas in your organization. We suggest the use of checklists as they are efficient, straightforward, and ensure important items are not missed.



Wednesday, 19 October 2016 00:00

Improving disaster response from space

From September 28 to October 10 of this year, Hurricane Matthew swept through Haiti, Florida and the Carolinas, leaving communities scrambling to beat back the onslaught of floodwaters. First responders, government agencies and insurers needed to know which areas required immediate attention. However, in many of the hardest-hit locations, damage to infrastructure meant that there was no viable way to gather that data on the ground.

FirstLook, DigitalGlobe’s online subscription service for emergency management, offers fast web-based access to pre-event and post-event imagery, plus updates as our constellation continues to collect data on a priority basis.

And when you’re looking for more than a picture, GBDX, DigitalGlobe’s geospatial big data platform, has the tools to turn satellite images into actionable data. Using GBDX, you can integrate DigitalGlobe’s trained neural network algorithms with open-source data sets like OpenStreetMap. In the case of Hurricane Matthew, we found this layering particularly useful in identifying underwater and at-risk infrastructure.



Hackers recently stole research data from the University of Toyama's Hydrogen Isotope Research Center, along with 1,493 people's personal information, Infosecurity reports.

The data was stolen in December 2015, March 2016, and June 2016, using malware that had been delivered via a spear phishing attack in November 2015.

The Japan Times reports that two staff members received phishing emails in November of 2015. One of the staff members' PCs was infected, after which it transmitted data to an outside party for approximately six months.



The thrashing winds have died down. Relentless rain has ceased. The clouds have cleared and the sun is shining. But this is no time to let your guard down.

Last week, Hurricane Matthew pounded its way through the Caribbean before bearing down on the eastern U.S. coastline from Florida to North Carolina. Many lives and homes were tragically lost. But not all of the death and destruction happens during the storm itself. The aftermath is a treacherous time, with still-rising floodwaters, power outages, breaks in healthcare services, and increased risks for injury or illness. The mental and physical toll of a hurricane continues to mount even as it dispels and fades off into the ocean. We must remember that, although the storm has passed, danger remains present.

Beware of rising waters

After the rain ends, it can take days for rising rivers and streams to crest, or reach their highest point. This means that homes and roads that are not underwater at the end of the storm may be flooded in the days following.

In North Carolina, Matthew dumped 6 to 18 inches of rain, causing flooding that rivaled or surpassed that of Hurricane Floyd in 1999. But much of the water damage didn’t happen right away. Even as rescue and recovery efforts began, the state’s rivers continued to swell and overflow their banks, creating a second wave of destruction.

Driving on water-covered roads or through flooded areas can leave you hurt or stranded – or worse. Help may not be able to reach you right away if you get stuck, and you won’t be able to see hazards like debris or sinkholes in your path. Avoid driving through flooded areas, especially when the water is fast moving. As little as six inches of water can cause you to lose control of your vehicle.


Avoid risks during power outagesAre you prepared? infographic

Hurricane Matthew knocked out power to millions of homes and businesses. People die from carbon monoxide poisoning after a hurricane or other disaster when trying to generate power, keep warm, or cook using gasoline or charcoal-burning devices. The carbon monoxide (CO) these devices produce is a silent killer – you can’t see it or smell it. To avoid being a victim, always use generators, grills, camp stoves, or other gasoline or charcoal-burning devices outdoors, and keep them at least 20 feet away from any windows, doors, or vents. Use a battery-powered carbon monoxide detector to alert you to any CO in your home.

Power outages can also result in injuries or deaths from fires. If the power is out, try to use flashlights or other battery-powered lights instead of candles. If candles are all you have, place them in safe holders away from anything that could catch fire, and never leave them unattended.

Drink safe water, eat safe food

After a hurricane, it’s important that the water you drink and food you eat is safe. Spoiled food or dirty water can make you and your family sick. Listen for water reports from local authorities to find out if your water is safe for drinking and bathing. If an advisory has been issued concerning contaminated water, use only bottled, boiled, or treated water for drinking, cooking, preparing food, and washing your hands. To keep from getting sick, throw away any food, drinks, or bottled water that may have come in contact with flood or storm water, or any food that has been in the refrigerator if you have been without power for more than four hours.

Stay healthy in shelters

Shelters keep you safe while you wait to return to your home, but can also present some health risks. Illnesses can erupt and spread quickly, which is why CDC and other organizations send experts after a hurricane like Matthew to watch for any sign of an outbreak. It can also be harder to manage chronic illnesses while you’re in a shelter, especially if you need medications or special supplies to care for yourself or your loved ones. Keep extra copies of your prescriptions in case of an emergency.

Home safe home

Be sure to wait to return home until authorities say it is safe to do so. Returning to your home after the storm can present a whole new set of dangers, including downed power lines, flooded roads, and the difficult work of cleaning up. Remember, never touch a downed power line or anything in contact with them. Use chainsaws safely, and wear safety gear like a hard hat, safety glasses, ear plugs, thick work gloves, and boots as you make repairs.

If your home has been affected by flooding, follow these guidelines for safe cleanup after disasters. People with certain health conditions should not take part in the cleanup, and everyone should be careful to use the proper protective equipment. Any items that cannot be washed and cleaned should be removed from the home. Any drywall or insulation that has been contaminated with sewage or flood waters should be removed and discarded. You may want to take photos or hold onto items for which you’ll be filing an insurance claim.

Look around your home and drain any standing water. Standing water after a hurricane or flood is the perfect breeding ground for mosquitoes. Use insect repellant and consider staying indoors at dawn, dusk, or in the early evening when mosquitoes are most active.

Take care of your mind and heart

The mental and emotional effects of a disaster like Matthew can linger even months or years afterward. Be prepared to cope with feelings of fear, grief and depression. “Loss and displacement are some of the most stressful situations we face in our lives,” says CDC behavioral scientist Ruth Perou, PhD. “Even briefly being in a shelter can be very hard.”

Remember to take care of yourself. Try to get 6 to 8 hours of sleep, eat regular meals, and exercise as much as you can. ”The best thing you can do,” says Perou, “is get back to some sort of routine as quickly as possible, especially for children.”

Stress and feeling overwhelmed are normal and expected reactions to any sudden change. Reach out to family and friends, and talk to others in your community about your worries. Let your child know that it’s okay to feel upset when something bad or scary happens. Coping with these feelings and getting help when you need it will help you, your family, and your community recover from a disaster.

The Substance Abuse and Mental Health Services Administration (SAMHSA) Disaster Distress Helpline is available 24 hours a day, 7 days a week. Trained counselors are ready to answer any questions or help cope in the aftermath of Hurricane Matthew and other disasters. To connect with them, call 1-800-985-5990 or text TalkWithUs to 66746.

Wednesday, 19 October 2016 00:00

Moving from the Cloud to Your Cloud

The cloud was established on the idea of “build it and they will come,” which certainly turned out to be the case. The corollary to the maxim, of course, is “give them a little and they’ll want more.”

On one level, this can be seen by the size of the workloads being migrated to the cloud, but it can also be seen in the quality of cloud services and the ability to customize even public cloud architectures to support highly specialized applications.

The increased demand for customization coincides with increased concern that many cloud deployments to date, while effective, still leave a lot to be desired. According to a recent survey by the Society for Information Management (SIM), large segments of the IT profession are concerned with the cloud’s ability to align properly with business processes, as well as the speed and agility of cloud infrastructure and the ability to engage in proper strategic planning in highly dynamic environments. For these and other reasons, says study author Leon Kappelman, many organizations are shifting their IT budgets to software development that allows for greater integration, customization and migration of cloud-connected workloads.



Wednesday, 19 October 2016 00:00

The People Factor in Cyber Breach

Recently leaked "Panama Papers" have shaken politics across the world. This has resulted in a change of the Prime Minister of Iceland, while exposing other top officials like the British Prime Minister and President of Russia. This unprecedented leak of financial and attorney-client information, spans four decades from the law firm Mossack Fonseca and reveals that sensitive information belonging to any company is vulnerable.

While these attacks are ideologically and morally motivated, most of the attacks - about 89 percent happening today are financially damaging or inclined towards espionage, claims a report conducted by Verizon. Of the confirmed attacks, 63 percent of the breaches occurred because of passwords that are default, weak or compromised. This indicates that basic safeguard measures are not sufficient. What is Cyber breach?

The U.S. Government’s National Initiative for Cybersecurity Careers and Studies (NICCS) defines a data breach as "The unauthorized movement or disclosure of sensitive information to a party, usually outside the organization, that is not authorized to have or see the information."



Wednesday, 19 October 2016 00:00

Thinking Holistically About Business Continuity

When I started working in business continuity, 14 years ago, there was very little interaction between business continuity and other areas within the company, besides maybe disaster recovery, and that was to make sure gaps could be identified between the business requirements and actual application recovery times. A lot of this had to do with the limitations of available software and the ability to easily gather information and share it between systems in a meaningful way. This was also true with risk and vendor management systems.

Nowadays, platforms, such as ours, enable companies to have a holistic approach to planning, risk, incident, and vendor management. All of these functions can easily be done in the BC in the Cloud platform alone or can be integrated into our platform from an existing system.  This allows for an overall view of your business metrics available through dashboards, reports, and drill down capabilities.



The Business Continuity Institute - Oct 19, 2016 15:06 BST

When it comes to business continuity planning in Alberta, Canada, even though 78% of small to medium sized enterprises believe a continuity plan is important, less than half (47%) have actually developed one. Of those SMEs that do not have a plan, 62% said that it simply wasn’t a priority. This is according to a report published by ATB Financial.

The Business Beat survey discovered that nearly a quarter (23%) of Alberta-based SMEs had experienced a significant disruption in their business. Perhaps that figure is no surprise considering the Fort McMurray wildfire that the province endured earlier in 2016, which brought disruption to people's lives and businesses. It was the third time in the last five years that a natural disaster caused the evacuation of entire communities. Homes and businesses were destroyed, and a massive clean-up and rebuild effort was required. Despite this, 46% of businesses surveyed said they did not carry disruption insurance.

Of course it’s not just wildfires that cause disruption. The Business Continuity Institute’s latest Horizon Scan Report revealed all kinds of concerns that business continuity and resilience professionals have about the threats their organizations are exposed to.

Disasters, both natural and personal, happen. And by nature of the definition, they strike quickly and without warning,” said Teresa Clouston, ATB’s Executive Vice-President, Business & Agriculture. “So a plan that contemplates how to deal with disruption can allow business owners to respond from a position of strength and thoughtfulness versus panic. We recommend building a recovery plan into your business plan and revisiting that plan yearly.

(TNS) — As the federal government continues its disaster relief efforts after Hurricane Matthew and catastrophic flooding in Louisiana and other states, lawmakers and the Obama administration are considering how to limit the government’s liability for increasingly severe natural disasters — and the solutions could include designating more places as flood-prone and encouraging residents to move out of harm’s way.

At issue: The effects of climate change — more frequent flooding from torrential rains, hurricanes and other phenomena — are straining the federal flood insurance program, exposing U.S. taxpayers to a potentially growing price tag of flood relief payouts.
In the past five years, the National Flood Insurance Program, operated by the Federal Emergency Management Agency (FEMA), has taken in between $3.2 billion and $3.5 billion in premiums from its policyholders, and in most years that’s more than enough to cover claims. In fiscal 2014, for example, it paid out about $372 million for claims, and its 2015 payout was approximately $839 million.
Tuesday, 18 October 2016 00:00

Creating a Culture of Information Security

In today’s sensitive security landscape data protection must be a top priority for every organization. An information security culture is particularly important, especially with the arrival of the General Data Protection Regulation (GDPR), as encryption technology, firewalls and other tactics can only go so far to protect an organization’s data.

The GDPR is designed to better protect citizens’ data and harmonize legislation across Europe. The regulation brings a number of new guidelines for organizations in relation to Personally Identifiable Information (PII). This means organizations must take security, compliance and good governance seriously. But how can organizations ensure that a cultural appreciation of good security hygiene is ingrained within their business?



A well-paid, but heavy responsibility with a built-in ejector seat is one way of looking at the Chief Information Officer (CISO) position.

Data breaches can happen rapidly with devastating consequences and little or no possibility to undo the damage. Sales managers can see which way the wind is blowing in terms of sales revenue and financial directors can ask banks for a loan to shore up corporate finances.

However, security compromises may only come to light when your confidential company data is found offered for sale by hackers on the Internet. Naturally, if not always justifiably, the CISO is one of the first to suffer the backlash. In addition, the following career pitfalls await the CISO too.



As North Carolina residents work to recover from the recent flooding resulting from Hurricane Matthew, they should be on guard for and report suspicious activity of potential fraud and scam artists, identity thieves and other criminals who prey on survivors. The following are a few common post-disaster fraud practices:

Fraudulent phone calls or visits: Individuals claiming to be from FEMA and who do not have proper FEMA photo identification.

  • Survivors will be asked to provide their Social Security number and banking information only when registering for FEMA assistance. They should never give this information to contractors.

Fake offers of federal aid: A phone or in-person solicitor promises to speed up the insurance, disaster assistance or building-permit process for a fee. Other scam artists promise a disaster grant and ask for large cash deposits or advance payments in full.

  • Federal workers do not solicit or accept money.

  • FEMA and SBA staffers will never charge applicants for disaster assistance, inspections or for assisting individuals fill out applications.

  • If in doubt, survivors should not give out information.

Phony housing inspectors: If home damage is visible from the street, an owner/applicant may be especially vulnerable to fraudulent housing inspectors who claim to represent FEMA or the U.S. Small Business Administration (SBA). Applicants should ALWAYS:

  • Ask to see the inspector’s identification badge. A FEMA or SBA shirt or jacket is not proof of someone’s affiliation with the government. ederal employees and contractors carry official photo identification.

  • FEMA inspectors will already have applicants’ nine digit registration number.

  • FEMA inspectors will never require banking or other personal information.

    North Carolina residents should also be aware that FEMA housing inspectors verify damage. They do not hire or endorse specific contractors to fix homes or recommend repairs nor do they determine your eligibility for assistance.


    FS - North Carolina Survivors:  Avoid Disaster-Related Scams and Fraud – Page 2

    Fraudulent building contractors: Disasters also attract fraudulent contractors who offer to begin work immediately and request a cash advance payment. When hiring a contractor: 

  • Residents should only use licensed local contractors who are backed by reliable references and get written estimates from at least three contractors that include the cost of labor and materials. They should also read the fine print.

  • Residents should insist that contractors carry general liability insurance and workers’ compensation. If he or she is not insured, you may be liable for accidents that occur on your property.

  • Don’t pay more than half the costs of repairs upfront.

Bogus pleas for post-disaster donations: Dishonest solicitors may play on the emotions of disaster survivors. These solicitations may come by phone, email, letter or face-to-face.

  • Residents should verify legitimate solicitations by asking for the charity’s exact name, street address, phone number and website address, then phone the charity directly and confirm that the person asking for funds is an employee or volunteer.

  • Residents should not pay donations with cash.

  • Residents should request a receipt with the charity’s name, street address, and phone number.

Unfair Price Gouging:  North Carolina residents should also be on the lookout for price gouging by gas stations, hotels and other businesses serving disaster survivors in the state.

If you suspect someone is perpetrating fraud, call the FEMA Disaster Fraud Hotline at 866-720-5721, your local police department or the North Carolinas Fraud Hotline at 877-5-NOSCAM.

Even though commercial private cloud offerings can offer a lower total cost of ownership in many cases because of the prevalence of qualified administrators, 451 Research says TCO is just one factor in selecting a particular cloud model.

According to 451 Research’s latest Cloud Price Index, in many cases, security and control of private clouds outweigh any financial considerations when managing mission-critical apps.

While commercial private cloud offerings such as VMware and Microsoft currently offer a lower total cost of ownership when labor efficiency is below 400 VMs managed per engineer, when labor efficiency is greater than this, OpenStack is a better financial option. The report says that past this tipping point, all private cloud options are cheaper than both public cloud and managed private cloud options.



FEMA, Whole Community partners work to decrease earthquake, fire risks in Bay Area

OAKLAND, Calif. — This week marks the 27th anniversary of the devastating Loma Prieta earthquake that took place on October 17, 1989.  Two days later, on October 19th, marks the 25th anniversary of the Oakland-Berkeley Hills Fire that killed 25 people, destroyed more than 3,000 homes, and did an estimated $1.5 billion in damage.

Since then, the U.S. Department of Homeland Security’s Federal Emergency Management Agency (FEMA) has leveraged $866 million dollars to support the state of California’s efforts to reduce the risks of catastrophic earthquake and fire.  Federal dollars are leveraged with state funds to provide typically 75% of a projects cost.  In the Bay Area, $201 million has gone to various projects with $448 Million awarded in Los Angeles County.  These funds have been used for seismic retrofit projects, fire risk reduction and flood elevation projects to protect various types of critical infrastructure, including homes, local city governments and public schools and infrastructure. 

In the City of Oakland, FEMA recently approved a $3 million dollar grant for the Safer Housing for Oakland: Soft Story Apartment Retrofit Program that will retrofit 35-50 Oakland apartment buildings.  Also in Oakland, FEMA has approved $3 million for the Earthquake- Safe Homes Program that will retrofit and install seismic safety measures in up to 300 1-4 unit homes located within the City of Oakland.   This year, FEMA also has awarded $6 million dollars in seismic retrofits to the Los Angeles Unified School District and another $4 million in flood mitigation elevations in Sonoma County.   

Examples of some of the types of projects that have been have funded include:

•           $40 million in federal grants has been awarded for city hall seismic retrofits.

•           $171 million in federal grants has been awarded in seismic retrofits of schools.

•           $7 million in federal grants has been awarded for fire-resistant roofing.

•           $83 million in federal grants has been awarded for at risk buildings in the floodplain that were elevated or purchased and converted to open space.

FEMA is only one part of the community that is engaging and developing national, regional, public, and private sector risk reduction.  Several partners throughout the state have taken the call to action through advanced preparedness methods. 

The City of Los Angeles is committed to addressing resilience by strengthening the city’s physical, social, and economic foundations. The City has adopted far-reaching strategies to develop the tools needed to rebound from disasters. Programs like Soft-Story Retrofitting, the new JUMP START 5 Steps to Neighborhood Preparedness emergency planning tool and NotifyLA making individuals and neighborhoods more resilient against earthquakes for a stronger Los Angeles.

Following the 27th and 25th Anniversaries of the Loma Prieta Earthquake and Oakland Hills Firestorm, respectively; October 20, 2016 is International ShakeOut Day when millions of people worldwide participate in local Great Shakeout Earthquake Drills, at 10:20 a.m local time. Participants include individuals, schools, businesses, local and state government agencies, and many other groups.  To take part in The Great ShakeOut, individuals and organizations are asked to register to participate at www.ShakeOut.org. Once registered, participants receive regular information on how to plan their drill and become better prepared for earthquakes and other disasters.      


FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

New revision will lead to improved flood maps with both current risk and future climate conditions
New Yorkers will save tens of millions of dollars in flood insurance premiums as a result of City’s flood map appeal

NEW YORK – Mayor Bill de Blasio and the Federal Emergency Management Agency (FEMA) today announced an agreement to revise New York City’s flood maps. This is the result of the de Blasio administration’s 2015 appeal of FEMA’s flood risk calculations for New York City and the region, which mapped 35,000 more homes and buildings across the city into highest flood risk areas.

FEMA’s flood maps require homeowners in the highest flood risk areas to purchase flood insurance to cover the cost of flood damage, if they have a mortgage. Revised flood maps will provide New York City residents with more precise current flood risk data, in addition to providing a new map product reflecting future conditions that account for climate change. The innovative revisions will assist New York City in making coastlines more resilient and climate-ready, while ensuring homeowners are not required to purchase more insurance than their current flood risk requires.

“We are building a stronger, more resilient city to confront climate change. Our city needs precise flood maps that reflect real risks, both today and years from now—and we have to do that fairly. We will work closely with FEMA to ensure New Yorkers in the floodplain are prepared, and that the tools to make them more resilient, like flood insurance, remain available and affordable. We are grateful to FEMA to agreeing to this partnership,” said Mayor Bill de Blasio.

“We have been working with Mayor de Blasio and his administration throughout the appeal process to obtain additional data from city officials in order to ensure we have the most accurate maps possible,” said FEMA Regional Administrator Jerome Hatfield. “The coastal flood risk has not been updated since 1983, and this process required proper diligence and the City’s involvement, all accomplished through our partnership.”

“We applaud the administration for adopting, and keeping in place the preliminary maps for construction permitting, which will ensure the city is more resilient in the face of stronger and more frequent storms. We are committed to working together to identify the best path forward as the coastal flood hazard analysis is completed,” said FEMA Assistant Administrator for Mitigation Michael Grimm.

NYC’s Flood Map Appeal

During FEMA’s formal 90-day appeal period in the summer of 2015, New York City officials submitted technical analyses and data that revise the flood risk depicted in the preliminary Flood Insurance Study (FIS) and preliminary Flood Insurance Rate Map (FIRM) for New York City and the region. FEMA and City officials agreed that the information submitted during the appeal period should be utilized to revise the preliminary FIS study and preliminary FIRM. This effort will be funded by FEMA, and the City will continue to work with FEMA and provide expert input in the development of revised flood maps.

New, Future-Looking Flood Maps

In addition, FEMA and the City will work together to create a new methodology to incorporate the growing risks of climate change and sea level rise onto flood maps. This ground-breaking step will be based on the best-available science, as guided by the New York City Panel on Climate Change, and will result in a new set of flood maps for planning and building purposes that better accounts for the future risk of sea level rise and coastal storm surge. This will also protect the affordability of flood insurance, which will continue to be priced against the revised FIRMs depicting current flood risk.

“The City’s OneNYC resiliency program requires the best-available climate science and accurate flood maps," said Daniel Zarrilli, Senior Director, Climate Policy and Program and Chief Resilience Officer, New York City Mayor’s Office. “FEMA’s decision to redraw New York City’s flood maps, and to work with us to produce innovative, climate-smart flood maps, allows us to begin separating the calculation of annual insurance premiums against current risk from the necessary long-term planning and building we need to do as a city to do adapt to rising seas and climate change.  All homeowners should consider purchasing flood insurance to protect their homes and families.  Thanks to FEMA for agreeing to this important partnership.”

Flood Insurance Rates / Building Code Requirements

Until the new flood maps are issued, flood insurance rates in New York City will continue to be based on the prior effective FIRMs saving coastal households tens of millions of dollars per year, in aggregate. For those outside of the highest risk areas on those maps, flood insurance will remain less expensive; both FEMA and the City encourage residents to purchase this affordable flood coverage because we know that there is flood risk outside of the highest risk areas. Until new flood maps are developed that both accurately reflect current flood risk and also provide an assessment of future climate conditions for long-term planning purposes, the city’s building code will continue to reflect the 2015 preliminary FIRMs to ensure that new buildings are better able to withstand flood risk from rising sea levels and coastal storm surge, and so that recovery from Hurricane Sandy can continue without interruption.


Conveying flood risk accurately to affected residents is among FEMA and the City’s top priorities. As the maps are being revised, it is crucial that New Yorkers remain aware of their current and future flood risk. To ensure residents keep their home and finances safe, the City has launched a consumer education campaign directing residents to FloodHelpNY.org, a one-stop shop for flood risk information. Once the revised flood maps come in effect, additional extensive outreach and education programs will be provided for all communities.

Other Resources



(TNS) - Augusta showed off its hospitality to thousands of Hurricane Matthew evacuees, but officials say lessons can be learned from the rare occurrence.

Thousands fled coastal areas by car to the homes of friends and family and an estimated 22,000 stayed in Augusta, Ga., hotels. Hundreds of patients were evacuated to Augusta hospitals and nursing homes.

An additional 2,500 were under the direct care of the Richmond County Emergen­cy Management Agen­cy under an agreement, renewed in 2011, to shelter and feed up to 5,000 evacuees from Chatham County in Richmond County school facilities.



Disaster recovery and DRaaS solutions are intended as a method to keep a constant, or near-constant copy of your IT infrastructure in the cloud, ready to turn on a moment’s notice in the case of downtime at your primary data center site. But DR tools can also be used for your initial cloud migration, providing an on-ramp to the cloud that is cost-effective and relatively fast. You also get the bonus of a ready-to-go DR plan, if you continue to maintain the DR environment after your production servers turn on.

You generally have a few options when migrating to the cloud. One is to set up totally new servers, with new versions of your applications, new server OS licensing, and so on. Sometimes this makes sense as you don’t need to adjust or re-architect any applications for the cloud platform. Existing data can be transferred via network (slow and often expensive for large amounts of information) or by shipping hard drives – a process that many administrators find a bit harrowing. If you’re already virtualized, however, you can migrate workloads more directly.

At Green House Data, we’ve had a number of customers start with disaster recovery before moving more and more applications onto cloud servers. If you already have an investment in DR, it makes an initial migration fairly simple.



As Halloween approaches, clowns aren’t the only unwelcome guests making headlines this holiday season. In the world of IT, malware is sinking its teeth into business data everywhere. Ransomware continues to hold business data hostage until companies pay up. Often, hackers demand payment within 72 hours or data will be deleted. Spooky.

So how can we defend the data from a ransomware encryption? In Q2 2016, Datto conducted a survey of 1,100 managed service providers (MSPs) to uncover the trends behind this creepy software. Below, I’ve highlighted some of the current hacker tricks that have been wildly successful when it comes to infecting systems.



Aligned Energy claims it has achieved a breakthrough in reusing waste heat exhausted by servers in the data center – a concept that is not new but difficult to implement in data centers effectively.

The Danbury, Connecticut-based company says the combination of its data center cooling system and a system by the Swedish company Climeon, which converts low-grade waste heat into electricity, can serve as an effective energy source for a data center.

The solution addresses two fundamental problems in data center waste-heat reuse: low-temperature heat produced by servers and the difficulty of transporting heat efficiently. Climeon’s technology is able to put low-grade heat to use efficiently, while using energy produced by a data center to power the same data center means heat doesn’t have to be moved over long distances.



TALLAHASSEE, Fla. – Florida residents returning to or repairing homes damaged by Hurricane Matthew should keep in mind that safety should always be their first consideration when inspecting and cleaning up buildings damaged by flood waters.

Below are a few simple guidelines to follow that will make the clean-up and salvage process safer and easier:

  • Always wear protective clothing including long-sleeved shirts, long pants, rubber or plastic gloves and waterproof boots or shoes.

  • Before entering your home, look outside for damaged power lines, gas lines and other exterior damage.

  • Take photos of your damage before you begin clean up and save repair receipts.

  • Your home may be contaminated with mold, which raises the health risk for those with asthma, allergies and breathing conditions. Refer to the Center for Disease Control for more info on mold: www.cdc.gov/disasters/hurricanes/pdf/flyer-get-rid-of-mold.pdf.

  • Open doors and windows so your house can air out before spending any length of time inside.

  • Turn off main electrical power and water systems and don’t use gas appliances until a professional can ensure they are safe.

  • Check all ceilings and floors for signs of sagging or other potentially dangerous structural damage.

  • Throw out all foods, beverages and medicines exposed to flood waters or mud including canned goods and containers with food or liquid.

  • Also, throw out any items that absorb water and cannot be cleaned or disinfected (mattresses, carpeting, stuffed animals, etc.).

  • Beware of snakes, insects, alligators and other animals that may be on your property or in your home.

  • Remove all drywall and insulation that has been in contact with flood waters.

  • Clean all hard surfaces (flooring, countertops, appliances, sinks, etc.) thoroughly with hot water and soap or detergent.

Before returning to your home, make sure you have the following items among your clean-up and salvage supplies: government-issued photo ID (driver’s license, etc.) and proof of address; bottled water and non-perishable foods; first aid kit; cleanser or hand cleaning gel; hygiene products and toilet paper; insect repellent and sunscreen; flashlights and extra batteries; camera or cell phone to document damage; a list of important phone numbers; and plenty of cash (ATMs may not work).

It’s also smart to create a back-up communication plan with family and friends in case you’re unable to call from your home or other areas affected by the hurricane.

If you haven’t done so already, report your damage from the hurricane to your insurance company and local emergency manager.

For more information on Florida’s disaster recovery visit fema.gov/disaster/4280, twitter.com/FEMA, facebook.com/FEMA, and fema.gov/blog. For imagery, video, graphics and releases, see www.fema.gov/hurricane-Matthew.

With the cost of a breach up 29 percent from 2013 -- and continuing to rise -- according to a recent Ponemon report, enterprise leaders are under mounting pressure to implement security solutions that are effective in detecting threats in this evolving cybersecurity landscape. While organizations generally accept that prevention alone is not enough, data breaches often still go undetected for weeks, months and even years.

Organizations need to know which alarms matter to their organization in order to effectively conduct incident response. Signature-based systems and network management tools are often seen as the traditional approach to organizational security, but these solutions can no longer be the only means for detecting a breach and stopping it before it causes significant harm.

Anomaly detection, which is about enabling proactive incident response by giving security teams the ability to track down potential risks before a simple breach or unusual behavior escalates into a devastating event, is growing in popularity.



“Eclipse is the market-leader for legal software solutions and it was clear that Brabners could benefit from a huge ROI with the Proclaim Case Management system. The conveyancing process is managed entirely from the desktop application, including one-click property searches, meaning our Residential Conveyancing team can increase the volume of work as well as profitability per case.”


Jon Taylor, Software Developer at Brabners

Brabners is a full service law firm operating from offices across the North West. With clients ranging from PLCs and SMEs to private clients and public sector bodies, the team brings an in-depth knowledge and a wealth of experience to a range of matters within the legal sector.


The firm’s global reach has meant rapid expansion in recent years, enabling a greater range of services and a proactive approach to providing commercially realistic solutions to legal problems.


The challenge

The team’s work was entirely paper-based, resulting in a slow and inefficient process. Additionally, fee earners were working on cases individually, producing inconsistent approaches to work, and ultimately resulting in compliance issues.


Essentially, Brabners needed to standardise client inception and matter management across the department.


The solution

Working in conjunction with Eclipse, Brabners developed a bespoke case management system for its Residential Conveyancing team - specifically for Plot Sales work - enabling high-level automation and speedier case progression.


Additionally, the firm opted for Proclaim’s integration with PALI (Property and Land Information), an online conveyancing search provider, facilitating one-click searches from the Proclaim desktop, saving hours of data entry.


The results

Repetition is inherent within Plot Sales as document packs are often identical for groups of properties under a specific development or developer. Since implementation, Brabners has seen significant reductions to administrative overheads by utilising Proclaim to automate the majority of case stages, including document production. This has meant fee earners can focus on the legal aspect of their work, whilst increasing overall profitability and case volumes.


Additionally, Brabners is currently in the process of implementing Eclipse’s online case tracking tool, FileView. Linked to the Plot Sales case type, developers will be able to log in securely and view real-time information as and when they need to, providing a convenient and modernised approach to case updates, eliminating continuous interruptions for fee earners.


Due to the success of the Plot Sales software, Brabners is looking to work with Eclipse again to develop a similar case type for the Social Housing department, enabling automatic matter creation and maximised matter management efficiency.


Case Study highlights:

  • Bespoke Plot Sales case type
  • Comprehensive integration with PALI
  • Standardised client inception and matter management

·         Real-time client updates via Eclipse’s FileView tool

According to new research published by CTERA Networks, while enterprises continue to migrate workloads to the cloud at a rapid pace, protection of cloud-based servers and applications has not fully evolved to meet enterprise requirements for business continuity and data availability.

CTERA’s new eBook, ‘Game of Clouds’, showcases the findings of CTERA’s inaugural cloud backup survey, and presents a deep look at the state of enterprise cloud data protection. A CTERA-commissioned study was conducted by independent research firm Vanson Bourne to examine the data protection strategies of 400 IT decision makers and IT specialists in organizations using the cloud for application deployment at US, German and French organizations. The study analyzes the benefits and pitfalls of current backup strategies, offers key considerations for organizations moving to the cloud, and looks at the impact of poor backup practices on business continuity.



Eleven weeks after acquiring web defense software maker Blue Coat Inc., Symantec’s still-integrating leadership laid out a vision for working closely with channel partners to dominate the cybersecurity market.

The merger that became official on Aug. 1, created a firm with more than 3,000 engineers, 385,000 worldwide customers, 175 million endpoints and $4.65 billion in annual revenue.

A company news release at the time described the new entity as “the industry’s largest pure play cybersecurity company.”

During an opening keynote at this week’s Symantec Partner Engage 2016 event in Los Angeles, CEO Greg Clark told principals from hundreds of channel firms that the new Symantec has the financial and technological wherewithal to become a top player in the space.



TALLAHASSEE, Fla. – In response to Hurricane Matthew, joint Preliminary Damage Assessment (PDA) teams continue to document damages to homes, businesses and public facilities that will be used to inform determinations for additional federal disaster assistance.  

PDA teams bring together local emergency management, the Florida Division of Emergency Management (FDEM), U.S. Small Business Administration (SBA) and FEMA. They visit areas identified by the state to document the extent of damage caused by the hurricane. PDA teams are currently deployed in Flagler and Putnam counties.  Tomorrow, a PDA team will also be in Indian River County to assess infrastructure damage. 

PDA teams document information that includes:

  • concentration of damages;
  • number of primary residences affected;
  • damage to public infrastructure; and
  • amount of insurance coverage.

The information is provided to the state. The teams do not visit every home or business and the PDA process does not guarantee federal assistance. The information is used by FEMA to determine which counties may be eligible for federal Individual Assistance and Public Assistance.

Other FEMA teams are canvassing areas hit by Hurricane Matthew in Nassau, Duval, St. Johns, Flagler, Putnam and Brevard counties. They visit homes, businesses, organizations and high-traffic locations in affected areas. They also meet with local officials and community leaders to provide additional eyes and ears to gather information on where damages exist. They report that information back to the PDA teams for further review.

All FEMA personnel carry identification and will not ask for personal information such as a social security number or banking information, and they will not ask for money. Anyone who suspects that someone is trying to impersonate a FEMA worker should call FEMA’s Disaster Fraud Hotline at 866-720-5721, or the Florida Attorney General’s consumer protection hotline at    866-966-7226.

For more information on Florida’s recovery from Hurricane Matthew visit fema.gov/disaster/4283, twitter.com/FEMA, facebook.com/FEMA, fema.gov/blog or #FLRecovers.


FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-3362 (voice, 711 or video relay service). TTY users can call 800-462-7585.

BATON ROUGE, La.—If you had damage following Louisiana’s historic severe storms and floods, state and federal officials encourage you to monitor the insurance claims process after reporting your loss.
You have 120 days from the date of your loss to file a claim if you’re a National Flood Insurance Program (NFIP) policyholder in Louisiana. Here are some tips to guide you through the process to ensure you receive all eligible insurance funds for your recovery.

What to Do Before an Adjuster Visit

• Take pictures of the damage.

• Write down a list of your damaged contents.

• Immediately throw away flooded items because of health risks, but cut off and keep a 12-square-inch sample of building materials like carpets and drywall as proof of damage.

• Have documents related to damage ready. This may include contractor’s estimates and repair receipts.

• Also keep your policy number and insurance company information handy.

What Happens During an Adjuster Visit

• An adjuster will contact you within 24 to 48 hours to schedule an appointment.

• Ask to see the adjuster’s official identification when he or she visits.

• The adjuster will take measurements and photographs and document the damage. They may provide you with their contact information if additional visits are needed.

Understand the Flood Insurance Claim Process

• After your home is inspected, the adjuster will provide you with a flood certification number and a suggested Proof of Loss based on their assessment.

• Inspectors never ask for money, approve or disapprove claims or tell you whether your claim will be approved.

What Happens After an Adjuster Visit

• Review, sign and send the Proof of Loss form to your insurance company within 120 days of the date of damage.

• Submit a signed Proof of Loss form even if you think it doesn’t cover all your damage because you can always file supplemental claims.

• Contact your insurance company and file for additional payments if you disagree with the original Proof of Loss amount, discover more damage, or the repair costs exceed the estimated amount.

Have Questions? Call FEMA or Your Insurance Company

• Call 800-621-3362 Monday through Friday from 8 a.m. to 6 p.m. and select Option 2. If you use TTY, call 800-462-7585. Those who use 711 or Video Relay Service can call 800-621-3362. Call center staff are available to assist you with information regarding your policy, offer technical flood guidance to aid in recovery and answer your questions.

• Go online to fema.gov/louisiana-disaster-mitigation for information about repairing and rebuilding.

It’s time to put those flip-flops away once and for all. Because whether you like it or not, winter’s coming, and it looks like it might be a doozy. Let’s take a closer look—with a little help from the experts—at what weather to expect in the weeks and months ahead.

Bundle Up, East Coast!

While the lingering effects of El Niño may have some people expecting warmer weather for 2016-2017, they may be in for a big surprise. Topping the list of regions potentially in the path of significant snowfall as winter approaches? The entire East Coast. According to meteorologists, both New England and upstate New York can expect to see chillier-than-usual temperatures—accompanied by the chance of major winter storms—from December through February this year. 

Not only that, but while El Niño may finally be gone, La Niña is on its way, meaning we can expect to see more unusual weather—including the early arrival of cold weather this winter. Explains CNN, “El Niño is characterized by a warming of the waters in the central and eastern Pacific Ocean. La Niña features a cooling of those same Pacific waters.” The fallout from these changing weather patterns can be widespread and unpredictable.



Iron Mountain, the company best known for its document storage and data center facilities in underground caverns, has become the fifth major US data center provider to make a big direct investment in renewable energy to power its operations. The company has agreed to buy 10 percent of energy that will be generated by the enormous Amazon wind farm that’s currently under construction in Texas.

As the deal illustrates, big energy users, such as data center operators, can benefit from both energy cost savings that are now possible when making utility-scale power purchase agreements and from helping their customers meet their corporate sustainability goals. Iron Mountain said it expects the deal to help it save $1.5 million in costs and that its renewable energy efforts to date are helping it open new doors with customers.

“We’ve discovered that it’s also helping us to open meaningful dialogue and collaboration opportunity with our customers who are seeking to understand and mitigate their own environmental impact,” Ty Ondatje, senior VP of corporate responsibility and chief diversity officer at Iron Mountain, said in a statement.



The American Red Cross is one of the key partners working with emergency managers at all levels of government. When disasters strike Red Cross staff and volunteers play key roles in humanitarian assistance. As we moved into the 21st Century the Red Cross has been criticized for the manner in which it has provided services.

There are always two sides to every story. To get the Red Cross’ perspective, we submitted questions to the Red Cross. Harvey Johnson, senior vice president for Disaster Cycle Services provided responses to those questions below. Johnson’s career path included service in the in the United States Coast Guard where he served for 30 years, and also previously as FEMA’s deputy administrator and chief operating officer.

Q: Over the last few years the American Red Cross has regionalized its services and changed some aspects of its service delivery model. How would you describe those changes?



AUSTIN, Texas—FEMA announced today more than $12.5 million is being awarded to support state and local efforts that reduce the impact of future disasters.

The fundingthrough FEMA’s Hazard Mitigation Grant Programis provided in addition to the federal aid that supports the recovery following a major disaster declaration.  This year, disasters were declared following severe storms and flooding in March, April and June; the $12.5 million in grants is the total HMGP assistance for all three.

HMGP grants to the state are typically 15 percent of the total FEMA assistance provided for recovery. While funding for disaster recovery is provided only for the affected counties, HGMP funds are available for communities throughout the state.

Some recent examples of HMGP projects around the state:

  • Cooke County’s safe room rebate program, which provided up to $3,000 to homeowners who built tornado shelters or safe rooms.
  • Bastrop County’s hazardous fuels mitigation program, which thinned 4,000 acres of woodland and vegetative debris, effectively limiting the source of fuel for wildfires.
  • The ongoing, multi-year home buyout program in Harris County, where since 1995, more than 2,000 homes have been removed from the high-risk flood zone.
  • The City of San Marcos’ early-warning system of 14 sirens placed on poles at strategic locations around the community.

The federal share of each approved project is 75 percent. FEMA provides the funding to the state, which sets project priorities and administers the program.  Eligible projects may be funded for or through:

  • State agencies;
  • Federally-recognized tribes;
  • Local governments, and
  • Private nonprofit organizations.

Individuals do not apply directly to the state, but their local government may apply on their behalf.

“Studies have shown that every $1 spent on mitigation avoids $4 that might have been spent for disaster recovery,” said Federal Coordinating Officer William J. Doran III, who is in charge of FEMA’s current operations in Texas.

For additional information on the Hazard Mitigation Grant Program, go to www.fema.gov/hazard-mitigation-assistance.  For examples of successful mitigation projects, visit www.fema.gov/mitigation-best-practices-portfolio.

# # #

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Download fema.gov/mobile-app to locate open shelters and disaster recovery centers, receive severe weather alerts, safety tips and much more.

The Business Continuity Institute - Oct 13, 2016 16:36 BST

Natural disasters may be killing fewer people, but they are becoming more frequent and costing more money to recover from, according to a new report by the International Federation of Red Cross and Red Crescent Societies.

The World Disasters Report 2016 noted that forced migration is at its highest level since the Second World War; the number and scale of disasters triggered by natural hazards are increasing; globalization and urbanization means outbreaks and other health crises are harder to contain; and the impact of climate change is taking its toll – 2015 was the hottest year on record with 32 major droughts, double the ten-year average.

Investing in resilience can yield a wide range of benefits, but the central rationale and common focus for disaster risk management and climate-change adaptation is associated with saving lives, reducing losses and supporting both individuals and communities to bounce back from disasters quickly and effectively.

Despite broad recognition that investing in resilience before a disaster can save lives and money, only 40 cents in every US$100 spent on international aid is invested in preparedness and measures to reduce disaster risk. A lack of global investment in strengthening community resilience is leaving tens of millions of people exposed to predictable, preventable and catastrophic disaster risks with expensive consequences.

Between 1991 and 2010, the impact of recorded disaster events in poor countries resulted in over US$840 billion of financial losses. Yet, over the same period, only 0.4% of the US$3.3 trillion spent on aid was dedicated to prevention or risk reduction. Economic losses from extreme weather events are now in the range of US$150 - US$200 billion annually,

Investing in resilience is the best method we have for protecting the lives, livelihoods and dignity of the world’s most vulnerable people,” said IFRC Secretary General, Elhadj As Sy. “Business as usual is no longer acceptable. It will only lead to more silent suffering and deeper poverty. We must work along a continuum – of preparedness, early response, recovery and resilience building.

It is clear that something must change,” said co-editors David Sanderson and Anshu Sharma. “But responding to today’s humanitarian challenges is not just a question of finance. We must invest in solutions and partnerships that produce future resilience – livelihoods and social cohesion, health and psychosocial well-being, supporting communities to withstand future shocks and adversity.

Building on the report, the IFRC is also calling on partners to support and join the One Billion Coalition for Resilience – a global initiative to support communities around the world to take action to strengthen their safety, health and well-being. Launched in late 2015, the initiative seeks to build a broad coalition of partners from across all sectors to support 1 billion people by 2025.

The Business Continuity Institute - Oct 13, 2016 11:57 BST

On the morning of 22nd March 2016, Brussels airport was hit by a deadly terrorist attack that killed 32 people and left more than 300 injured. Around 25 million people travel through Brussels airport annually and more than half of those passengers will be on business trips.

The chances of being involved in a terrorist attack are still incredibly remote, but for those travelling through the airport that morning it would not have felt that way. Nor would it have in Paris in November 2015, or more recently in September in New York. The increasing regularity of critical events worldwide means more organizations need to be able to instantly locate and alert employees of any nearby risks and keep them safe from harm.

According to a report by Strategy Analytics, almost half of the world’s employees will work away from a single office by 2020. The effect of globalisation on business means employees are regularly travelling between locations, often to different cities and countries. Keeping mobile workers safe from harm is rising up the corporate agenda.

Travelling employees, and the wider mobile workforce, face a range of risks that could impact on their safety and security. These threats are not just limited to acts of terror, but include everything from fires and natural disasters to flooding and building closures. Organizations have a duty of care to protect their employees, yet according to Ernst & Young’s most recent Global Mobility Effectiveness Survey, only 30% of companies have a system in place to track business travellers.

When an incident takes place companies need to respond effectively to gain clear visibility of the crisis, and deploy resources to ensure employee safety. But how can organizations achieve this? One solution is to implement a critical communications platform to manage all emergency notifications, help ensure employees are located, and resources are deployed quickly and effectively during an emergency.

In a crisis, every minute matters. Organizations no longer have time to work through manual call lists to send out an emergency cascade. A secure, independent communications platform ensures that the right message gets through to the right people at the right time; even when traditional routes of communication are unavailable.

The Everbridge platform has the ability to send emergency notifications out via more than 100 different communication channels and devices, including SMS, email, voice-to-text, social media alerts and app notifications, ensuring the lines of communication between an organization and its employees can remain open in any situation.

Critical communication platforms that facilitate effective two-way communication have proved invaluable during emergency situations. For example, during the terrorist attacks in Brussels in March 2016 the GSM network went offline, making standard mobile communication impossible. The citizens of the Belgian capital were unable to send messages to family, friends and work colleagues to let them know they were safe or in need of assistance. The team at Brussels Airport made its public Wi-Fi discoverable and free to join, allowing anyone with a Wi-Fi enabled device to connect, send and receive messages.

Organizations that used critical communications technology to send out an emergency notification were safe in the knowledge that the message would be able get through to the right people, despite the obstacles. For an organization’s crisis management and business continuity practices, the flexibility that a multi-modal platform such as Everbridge provides is essential to ensuring that a high level of responses are received quickly when emergency notifications are sent.

These responses allow organizations to rapidly build a clear picture of an incident, and understand what impact it is having on its employees. To automate this process, templates can be built into communications platforms so employees can respond quickly in an emergency - facilitating a much higher response rate. A simple “I am safe” / “I need help” template means companies know within minutes which employees are at risk, which are in danger and where best to focus their efforts.

The most advanced critical communications platforms offer organizations more than just static location data. Everbridge’s ‘Safety Connection’ application has the capability to provide dynamic location insight, enabling an organization to know where its employees plan to be and responding automatically if they do not check in and update their status to ‘safe’. The safe corridor function means employees travelling to a location deemed unsafe can check in regularly with the organization, and if they do not check in, the platform automatically sends an emergency alert notifying management of the change in status and making communicating with that person a priority.

Should an employee inadvertently stray into an unfamiliar or dangerous area, they can also use the Everbridge smartphone application to trigger an SOS alert. Once this panic button has been pressed, the platform immediately sends an alert to the organization detailing the employee’s location and any relevant audio or visual data, enabling them to alert the emergency services.

By enabling employers to be aware of when their employees are travelling and where to, the organization is better prepared to handle a crisis. The company will know which airport employees are travelling to, which hotel they are staying at, where their meetings are taking place and when. This information can then be cross-referenced with a global real-time feed of international incidents, making it possible to inform employees when their travel might be disrupted or to avoid specific danger zones. For example, if a port or airport is being blockaded by protesters the company can warn the employee in advance. If riots are taking place in a suburb of a city where an employee is staying, the employer can warn them to remain in the hotel.

Employers have to accept three truths: in the future employees will travel more; the world will continue to become more uncertain; employees will expect more from their employers when they are travelling for work. Combined, this could be considered as a HR headache but in reality it is an opportunity. It can help engage employees, protect their safety and increase their loyalty to a company. A fully functional critical communications platform provides the reassurance and immediacy to support employees if and when the unexpected happens.

As part of Everbridge’s commitment to helping improve business continuity and emergency response practices for organizations around the world, we will be exhibiting at the BCI World Conference 2016 in London. Here, Imad Mouline, Chief Technology Officer at Everbridge and other members of our team will be discussing the importance of effective crisis communication and how communications technology can help organizations of all sizes better protect their infrastructure and people.

Everbridge are Gold Sponsors of the BCI World Conference where you can visit them on Stand 11 to find out more about their unique offer. The BCI World Conference and Exhibition takes place on the 8th and 9th November at the Novotel London West Hotel. The largest business continuity conference and exhibition in the UK, BCI World has a packed programme as well as an exhibition hall promoting all the BC products and services you need. Don't miss out, book your place today.

Wednesday, 12 October 2016 00:00

Why Improve Risk Management?

Over the years in 30 countries, I have had many discussions with directors and executives about enterprise risk management (ERM). The discussions have ranged from what it is and why it matters to how it should be implemented. With respect to the “what is it” question, I have always believed that a fundamental purpose of ERM is to provide the discipline and control to ensure that risk management capabilities are improved continuously in a constantly changing business environment. This underlying purpose frames the question, “why improve risk management?”

We believe there are six fundamental reasons for improving risk management. Each serves to help elevate risk management to a higher level and drive improvement of risk management capabilities in a changing business environment. We discuss them below.



Wednesday, 12 October 2016 00:00

If I Were Launching an MSP Now | Nancy Sabino

Nancy Sabino, co-founder and CEO of Katy, Texas-based SabinoCompTech, shares three suggestions she'd apply if she were launching an MSP from scratch today.

1. Standardize as much as possible – Create repeatable processes surrounding those standards. What that means is, have certain kinds of computers that you use, certain servers, routers, switches. Stay within certain families that you can create processes around for installing, for setting up, for upgrading, essentially for every piece of what we do, just to make everything easier. It helps when you're a one-man show. If you're super swamped, this allows you to work a little bit faster because you're working off of muscle memory, following the processes that you've created for your standardized services or hardware. And then as you grow, it helps to already know or have in place certain processes that you can train your team on, which then ensures quality by following the same processes.



We recently published our Forrester Wave™: Digital Risk Monitoring, Q3 2016 report. We evaluate nine of the top vendors in this emerging market that offer solutions to continuously monitor “digital” -- i.e., social, mobile, web, and dark web -- channels to detect, prevent, and mitigate any type of risk event posing a threat to organizations today.

Why now

It’s almost 2017 and yet companies are more exposed and less equipped to handle the slew of risks that run rampant across countless digital channels today. Digital risk monitoring (DRM) solutions are increasingly valuable for organizations because:



Wednesday, 12 October 2016 00:00

Recovering from Hurricane Matthew

Many organizations in the southeastern United States recovering from Hurricane Matthew are still dealing with downed power lines, swollen rivers and blocked roads. As soon as they are able to, business owners should start assessing damage to their property and begin their insurance recovery process. They will need to assess not only physical damage to their property but also any income losses that may have occurred as a result of flooded and blocked roads and bridges, interrupted shipping and air transport, evacuations, and closures by civil authority.

They need to gather the information they’ll need for their insurer, and also be familiar with their policy and policy language. “In the runup to a storm, we always hear insurance executives on the news assuring the public that they will take care of things—that policyholders can rest assured,” Marshall Gilinsky, a shareholder in the insurance recovery group at Anderson Kill P.C., said in a statement. “But it’s vital for businesses not to assume everything’s going to be taken care of automatically. Storm-related claims can run into a snarl of unclear policy provisions, sublimits and exclusions, and occasionally obstreperous insurance company adjusters. A false sense of security leads easily to lost insurance proceeds.”



Early estimates put the insured property loss to U.S. residential and commercial properties from Hurricane Matthew at up to $6 billion.

While this figure covers wind and storm surge damage to about 1.5 million properties in Florida, Georgia and South Carolina, CoreLogic’s estimate does not include insured losses related to additional flooding, business interruption or contents.

Parts of North Carolina are expected to remain under dangerous flood risk for at least the next three days, according to the state’s governor Pat McCrory in a report by the Capital Weather Gang blog.



Wednesday, 12 October 2016 00:00

Point-of-Sale Security Still a Big Problem

Point-of-sale (POS) systems seem to be a growing target for hackers. In early August, security expert Brian Krebs reported on his Krebs on Security site that Oracle's MICROS POS division had suffered a breach in its customer support portal for companies using its point-of-sale card payment systems.

Attacks like this and a recent data breach involving Eddie Bauer Stores in the U.S. and Canada are just a few examples of hackers targeting POS systems.

Hackers always look for low-hanging fruit, security experts point out, and POS systems are relatively easy targets because they tend to have older, easily hacked security protocols.



Wednesday, 12 October 2016 00:00

The Rising Demand for On-Demand Resources

Enterprise workloads are becoming increasingly erratic, in terms of volume and data dependency, which is making it difficult to plan even medium-term infrastructure needs with any degree of accuracy.

This is putting a damper on the deployment of traditional data center infrastructure, which can often take years to plan and construct, by which time the assumptions used to guide its development are usually way off the mark. Instead, the industry is witnessing a distinct upsurge in data center on-demand (DCoD) strategies that rely on a mixed bag of hyperconverged infrastructure, abstract data architectures and cloud computing.

According to Wise Guy Reports, the DCoD market is growing at nearly a 20 percent compound annual rate, which will likely produce close to $2 billion in revenue by 2022. The field is set to experience a dramatic jump over the next year or so as container technologies make it easier to encapsulate full data ecosystems in a portable, abstract environment capable of relocating to remote central or, increasingly, edge processing facilities. This gives the enterprise unprecedented ability to shift resources and applications to regions where activity is heaviest and then just as easily pull them back on the downturn.



Page 1 of 33