Spring World 2018

Conference & Exhibit

Attend The #1 BC/DR Event!

Winter Journal

Volume 30, Issue 4

Full Contents Now Available!

The past few decades have seen a significant increase in society’s level of awareness and investment in personal and workplace safety. In the opinion of those of us at MHA Consulting, similar attention must be given to business continuity.

In this article, we will sketch out the rise over the past few decades of what might be termed “safety culture,” define an envisioned “continuity culture,” and set forth how such a culture can be brought into being at your organization.

The rise in safety consciousness in today’s society can be seen in everything from the creation of the U.S. Occupational Safety and Health Administration in 1971 to the introduction of polarized electrical plugs to the increasing emphasis on people’s wearing seatbelts and bicycle helmets. In the business world in particular, many companies have over recent decades developed a strong emphasis on safety, with consideration for safety permeating everything their employees do.



Thursday, 11 January 2018 15:50

Are You Confident in Your Network Security?

You’ve probably been there before, at least once. Colorful lights rotating off the ceiling and walls. Music that plays a touch too fast, usually on purpose. Singers who are … enthusiastic in their performance. We’re talking, of course, about singing karaoke.

People love to watch amateurs sing, as demonstrated by the host of amateur singing shows on television, from The Voice to American Idol to The X Factor. The singers’ hearts always seem to be in the right place, even if the notes and words sometimes aren’t. At the end of the day, it’s the effort that counts, right?

You might be wondering what all the silly, at times humiliating goodness of karaoke singing has to do with your network security. It’s simple, really.

Amateur performance is fine when it comes to singing karaoke. When it comes to managing your network security? Not so much. You wouldn’t want that sloppy-but-well-meaning guy in the pub singing on your favorite artist’s new record. So why would you want anything but the very best securing your network, which houses your most precious data and trade secrets?



So you’ve locked down your perimeter defenses tightly and implemented comprehensive monitoring and remediation facilities.

All your employees have been trained to spot potential phishing attacks and your email filtering ensures bad actors get dumped unceremoniously into the street, long before their spam and malware gets anywhere near your gleaming infrastructure.

Even your pentesters have started to complain that they’re running out of attack vectors.

Before you decide to relax, there’s something you may have overlooked.



This is part 2 of a 3-part series on digital blueprints. Click here to read part 1. 

Digital transformation has tremendous potential to unleash value for organizations; therefore, organizations in increasing numbers are formulating digital strategies.  However, we find that many are missing significant transformation and value, which are both made possible by holistic enterprise digital strategies.  Many digital strategies are focused too narrowly.  For example, leaders claimed that they are achieving the digital strategy by moving applications and infrastructure to the cloud.  A digital strategy establishes the enterprise vision and priorities for digital transformation.  To power your digital transformation, leverage a digital blueprint – a structured approach to evaluate opportunity areas, value drivers, and risks, and ultimately align the digital path with business drivers.



Thursday, 11 January 2018 15:43

How Data Sovereignty Will Affect IT in 2018

In 2017, many enterprises came to the realization that the center of data gravity is shifting. Whether it is structured or unstructured, at rest or in transit, enterprise data has moved beyond centralized corporate data centers to the distributed digital edge. The edge is where all the elements giving rise to real-time data generation exist, so it is becoming obvious to organizations to build that into their data strategies.

For enterprises to extract the most value from their data, they must re-think their IT architectures. Pushing workloads closer to the data at the edge helps overcome latency issues that dramatically slow application and analytics performance, creating an unpleasant experience for users. However, architecting for the digital edge comes with important considerations around balancing protection of data with accessibility, and rules governing data movement and placement. One of these critical considerations is the merits and challenges posed by localization of data, which may include the need for compliance with complex personal data protection requirements. The much talked about term this year - data sovereignty -  is all about ensuring that there is clarity around where the data is located and what laws it is subject to, which is a big challenge for the cloud adoption trend facing organizations.

There are various reasons such as data privacy, cyber security, protectionism and economic growth that policymakers cite when pushing for regulation in this area, whether more general or industry specific regulation. Consolidated Audit Trail (CAT) reporting in the U.S. requires companies to log every securities transaction and ensure the accuracy of timing services at the nanosecond level. The Markets in Financial Instruments Directive (MiFID ii) in the European Union imposes new reporting requirements and tests on investment firms.



If there was a single, simple action that you could take today that could cut the potential of phishing attacks in half, would you do it?

Great news — taking steps to keep your organization safe from this intrusive type of cyber-attack may be easier than you realized. One-time training for employees to stay vigilant is only the first skirmish in the battle to secure your organization’s digital assets. Ongoing education and reinforcement of the message to be cautious, all presented in a way that employees won’t rebel against, is the first line of defense against spear phishing.

Scope of Damage from Phishing Attacks

The FBI calls them business email compromise scams, but most cybersecurity professionals are more familiar with the term phishing, with spear phishing being the latest way to exclusively target individuals based on their organizational ties or position. With nearly $1.6 billion in losses by U.S. businesses between 2013 and 2016 at organizations of all sizes and segments, spear phishing is costing individual businesses millions of dollars per year. Cyber criminals are targeting real estate, title professionals and attorneys slightly more often, but no business is immune. Any organization in which large sums of money change hands or employees have access to wire transfer information or personal information is in danger.



Last week news broke of two security flaws in computer processors that affect virtually all computers, smartphones and smart devices such as televisions and refrigerators.

The first flaw, nicknamed “Meltdown,” applies specifically to Intel chips. The second flaw called “Spectre,” is more difficult for an attacker to exploit but has no available patches yet and lets attackers access the memory of devices running Intel, AMD, and ARM chips.



Conventional wisdom is that you are fine if your data gets infected or your data storage systems get shutdown by ransomware – if you have a current backup that is complete and uncorrupted. All you need to do is reset your systems, reinstall the apps and restore the data.

Unfortunately, that may no longer apply.

"Backing up your data no longer provides an absolute guarantee that you can recover from a ransomware attack,” said Jerome Wendt, an analyst at storage consultancy DCIG.



You can’t wait until disaster strikes to create an emergency communications strategy, so make it a priority in the new year to determine what will work to keep your community safe.

Whether you’re facing an active shooter situation or a simple weather emergency, detailing your communications plan in advance allows your team to spring into action and notify others — keeping your community safe and allowing them to feel protected during times of crisis. Without a strategy in place, your team may struggle to respond to incidents which can result in additional chaos and confusion. It’s important that your plan is not only detailed, but highly flexible, so you’re able to adjust to changing situation requirements on the fly.

Discuss What Worked and What Didn’t

Taking the time with your communication team to discuss what worked well throughout the year and what didn’t is the first step in updating or creating your strategy. If you were able to successfully reach your community — that’s great! You’re a step ahead, and well on your way to communications success. Would the plan that you created and put into action work well for other types of emergencies? It may help to brainstorm some ideas and how the plan you have could be modified for different events such as widespread power outages in the winter or an active shooter alert.