Spring World 2018

Conference & Exhibit

Attend The #1 BC/DR Event!

Spring Journal

Volume 31, Issue 1

Full Contents Now Available!

Industry Hot News

Industry Hot News (340)

The mobile device management (MDM) market is growing at a meteoric rate. In fact,  it is estimated to grow from $1.69 billion to 5.32 billion between 2016 and 2021, according to market research firm Markets and Markets. Which may leave you wondering: What is MDM and why does it matter so much? Here’s a closer look at this game-changing technology solution, along with six benefits it offers today’s forward-thinking, bottom line-minded organizations.

What is MDM?

IT research and advisory company Gartner defines mobile device management as “a range of products and services that enables organizations to deploy and support corporate applications to mobile devices, such as smartphones and tablets, possibly for personal use—enforcing policies and maintaining the desired level of IT control across multiple platforms.”

Which begs the question: Why does MDM matter so much? A recent forecast from the International Data Corporation (IDC) predicts that nearly 75 percent of the US workforce will be mobile-enabled by the year 2020. Because of the increasing consumerization of IT and the resulting proliferation of devices—both professional and personal in the workplace—there is increasing need for comprehensive management solutions designed to harness the power of mobility without compromising security.

...

https://www.onsolve.com/blog/control-not-mobile-device-management-question/

There’s a culture shift afoot in the data center industry. It puts new emphasis placed on safer working conditions for data center engineers and electrical contractors where, historically, such emphasis was a second thought. As equipment has grown increasingly complex and sophisticated, so too have the risks. This new safety awareness is a welcome change.

Today’s data centers -- from the hyper-scale to the agile colocation centers -- have increased in size, complexity and importance. They use massive amounts of power and cooling to ensure reliable operations. Data center companies have come to recognize that safety excellence is imperative to maximize uptime for their customers while reducing operational risk. Of the many safety issues that today’s data center operators must consider, these six rules are at the top of the list. To wit:

...

http://www.datacenterknowledge.com/industry-perspectives/six-golden-safety-rules-data-centers

Tuesday, 28 November 2017 18:41

Six Golden Safety Rules for Data Centers

Suppose a criminal were using your nanny cam to keep an eye on your house. Or your refrigerator sent out spam e-mails on your behalf to people you don’t even know. Now imagine someone hacked into your toaster and got access to your entire network. As smart products proliferate with the Internet of Things, so do the risks of attack via this new connectivity. ISO standards can help make this emerging industry safer.

As consumers and users of technology, we are often too distracted by the amazing features of the Internet of Things that we don’t even take a minute to think about what this means for our privacy and security. Certainly, a connected baby monitor can give parents peace of mind, letting them easily check on their children from their smartphones anytime, anywhere. But when this technology is not protected, we may be inadvertently exposing ourselves and our loved ones.

Indeed, spying on random strangers has never been easier. All it takes is a search engine like Shodan – the Google of the Internet of Things (IoT) – which, to highlight the risk of this technology, crawls the net taking pictures of unprotected devices. The inside of our homes, our pets, even our fridges, are only a click away. Some parents realized how vulnerable they were the hard way when the baby monitor they relied on for safety was hacked to yell obscenities at their sleeping children. It’s not surprising that the number of complaints related to IoT technology has risen in the UK alone by 2 000 % over the last three years.

...

https://www.iso.org/news/2016/09/Ref2113.html

Tuesday, 28 November 2017 18:40

Are we safe in the Internet of Things?

Privacy has taken on new dimensions in our hyperconnected world. New guidance from IEC, ISO and ITU – the world’s three leading international standards bodies – has just been published, providing a code of practice for the protection of personally identifiable information.

Uber is making headlines for its reaction to the theft of personal data of 57 million drivers and users. The July 2017 breach of Equifax, a large US credit bureau, exposed the social security numbers, birthdates and addresses of 143 million people. And last month, Yahoo, just prior to its acquisition by telecommunications conglomerate Verizon, shared new intelligence that a data breach in 2013, thought to have affected only a billion users, had in fact compromised all three billion Yahoo user accounts.

The increasing prevalence of high-profile data breaches has motivated countries worldwide to investigate potential reforms to policy and regulation. One of the best-known examples is the European Union’s General Data Protection Regulation, due to come into force in May 2018, with global implications.

...

https://www.iso.org/news/ref2252.html

Even the most carefully-crafted communication can fail if it does not reach its intended audience, or if audience members are unable to identify the message as important. Reaching individuals via a geographic locator is helpful in the event of a broader crisis but is not as applicable in the event of a localized emergency that only affects one or more organizations. In this instance, it is critically important to ensure that your audience has opted-in to your crisis communication and that your messages are targeted in such a way that they will be immediately identified as important and quickly read.

Why Accurate Data Matters

Let’s pretend that you have an organization with approximately 500 employees, and you live in an area that is frequented by storms or flooding. It would be incredibly important to be able to get a message to each employee to let them know when it’s unsafe to attempt to reach the office, correct? Or on a broader scale, being able to reach residents who live in flood zones would also become a top priority.

...

https://www.onsolve.com/blog/effective-emergency-notifications-accurate-data-management-enrollment/

Thanksgiving is as good a time as any to acknowledge the fact that some IT departments, when it comes to being able to restore their organizations’ data in the event of an outage, are real turkeys.

OK, maybe that’s too harsh. Let’s just say that, in my experience and that of other consultants at MHA, many IT departments have a lot of room for improvement when it comes to their business-continuity capability.

Obviously, it’s not very helpful to make negative generalities without giving specific insights and tips on how to improve, so in this blog post on the “5 Biggest IT Management Mistakes” we’ll point out the main problems we see and also give you tips on how to address them.

...

https://www.mha-it.com/2017/11/it-management-mistakes/

Monday, 27 November 2017 16:17

The 5 Biggest IT Management Mistakes

First, there was the virtual machine. Then came the container. Now, welcome to the unikernel, the latest initiative for atomising computing.

As everyone know, splitting the atom is a difficult job, so the ultimate computing atom ought to be safe from attacks. Is the unikernel that computing atom?

If you haven’t yet met the unikernel, here’s a super quick definition. It’s a package of what you need and only what you need to run a given application.

It contains the app itself, any middleware, libraries and kernel, including requisite device drivers. It differs from a virtual machine, which bundles up everything in terms of the operating system, etc., whether you need it or not. It also differs from a container, which bundles up the things you need, but minus the operating system.

...

http://www.opscentre.com/security-unikernel-answer-hackers-attackers/

Fear, uncertainty and doubt. Collectively known as FUD, these items skew rational thinking, panic otherwise sensible people, and throw sizeable spanners in the works of business continuity planners.

Ideally, BC managers would coolly collect and analyse all the relevant facts, calculate a solution, and implement it.

End of story. However, others in the enterprise and even BC managers themselves are seldom that level-headed and clear-thinking.

There’s only one thing to do. Fight FUD so that you can at least keep it down to manageable levels. For that, the following three tactics can be invaluable.

...

http://www.opscentre.com/business-continuity-battle-fud/

Wednesday, 22 November 2017 14:50

The Business Continuity Battle Against FUD

Mere mention of the word “ransomware” is enough to strike fear in the hearts of business leaders everywhere.

And with good reason. According to Symantec, “Ransomware [has] escalated across the globe as a profit center for criminals.” In 2016 alone, Symantec identified 100 newly released malware “families”—more than three times previously seen numbers—and global ransomware attacks worldwide spiked by 36 percent.

The takeaway? While you may think it can never happen to you, the chances are growing by the day that it can and it will. So while taking steps to prevent a ransomware attack is important, there’s another equally vital part of safeguarding your organization: placing the focus on business continuity should the unthinkable occur.

...

https://www.onsolve.com/blog/surviving-ransomware-attack-business-leaders-know/

People today are tied to their digital devices from the moment we wake up and check our email and social media accounts to when we fall into bed at night listening to our favorite tunes or podcast. While this can be annoying to some, mobile phones provide the perfect contact mechanism for local, state and federal government authorities who are attempting to reach a broad range of the population quickly in the event of an emergency. Emergency notification systems (ENS) provide high-visibility notifications directly to the mobile phone of your target audience, providing life-saving information when it is needed.

Building Your Crisis Communication Plan

It can be difficult to stop to think in the midst of a crisis, so it is important to have a detailed crisis communication plan in place before you need it. Having this strategy detailed in advance provides you with the confidence and peace of mind knowing that you know the precise steps you and your team will need to take in order to notify those in the vicinity of a disaster with information that is specific to their needs at that particular time. It also gives training guidelines to allow for productive team exercises to run through the steps in the event of a real-world crisis.

While it would be impossible to pre-determine all types of disasters and write scenarios for them, there are some general guidelines that you can follow to create an outline — allowing you to simply fill in a few gaps instead of starting a communication plan from scratch in the event of an emergency. Start by defining your various audiences, a sample message, detailing contact and information centers, and the various ways you can spread the word.

...

https://www.onsolve.com/blog/incorporate-emergency-notification-solutions-crisis-communication-plans/

The story you are about to read is true. Only the names have been changed to protect the oblivious.

Joe is the CSO of Acme Enterprise. Arriving at his office a bit late one morning, he runs into Cathy from cryptography, who comments that their IT admin, Adam, has been hard at work since about 5 a.m. This seems odd, considering Adam is not known to be a morning person. Cathy says Adam requested access to the company’s latest build system, where they keep the code to a top-secret product that is about to launch. He also requested access to HR records and the customer payment information systems for maintenance purposes. His access credentials and keys were older, she says, but they still checked out, so she let him continue.

Joe heads for his office and sees Diana from Data Loss Prevention. She tells him that she’s surprised how hard Adam has been working this morning, transferring gigabytes of data around the network. Diana figures there must be a major update in the works, and Joe agrees that’s why Adam must have come in so early. Joe’s impressed with Adam’s initiative to work off-hours, and he asks what kind of data Adam’s been transferring.

...

http://www.datacenterknowledge.com/industry-perspectives/cybersecurity-when-outsider-becomes-insider

(TNS) - It’s a question that’s always asked following major events like the Cascade Fire: How things could have been handled differently?

During the fire, strong winds knocked down power lines compromising the effectiveness of electronic alerts. And then people asked about older emergency warning systems, such as sirens. There aren’t any sirens in Yuba County, Calif.

Russ Brown, the Yuba County spokesman, said older technology, like sirens, also have problems.

“The siren discussion comes up after all types of emergencies – flood and fire alike,” Brown said. “Sirens are a very, very expensive endeavor.”

...

http://www.govtech.com/em/disaster/Sign-up-Before-Next-Emergency.html

Monday, 20 November 2017 15:07

Sign up Before Next Emergency

Approximately half of all American businesses will have a tough time getting their data back after an unplanned outage and other mishaps, suggests a new survey from data protection specialist StorageCraft.

A solid data protection strategy and backup technology implementation is a top IT priority at most organizations. How else is a business supposed to recover from an unexpected server meltdown or the latest ransomware outbreak?

The StorageCraft study reveals that this critical safety net is looking a little tattered at many companies. More than half (51 percent) of the 510 U.S.-based IT decision makers surveyed by the firm said they had doubts about their ability to recover data immediately following a disaster or failure.

...

http://www.enterprisestorageforum.com/backup-recovery/half-of-u.s.-businesses-are-bungling-their-backups.html

Traditional law practice will see significant changes in the new year. To assist firms in knowing what to expect, Bluelock has compiled an informative eBook of predictionsfrom 15 different experts within the legal industry, with insights coming from Bluelock, law firm partners, associates and a variety of companies that service the legal industry.

The eBook covers seven categories: Operations, Cybersecurity, Compliance & Regulations, Business Continuity & Disaster Recovery, Artificial Intelligence, Workforce and Major Technology Disruptions.

Readers will learn the following:

...

https://www.bluelock.com/blog/2018-predictions-legal-industry/

Monday, 20 November 2017 14:50

2018 Predictions for the Legal Industry

A natural disaster can jumpstart your business continuity plans, but it can also do it more harm than good. Is your disaster response hurting you?

Disasters like the one in Puerto Rico sometimes cause people to learn the wrong lessons.

Major natural disasters such as the recent floods in Texas, the fires in northern California, and the hurricane in Puerto Rico grab everybody’s attention.

Sometimes this has a positive impact on organizations’ business continuity plans, as when it prompts companies who have not been investing in BC to get serious about implementing or strengthening their methods for keeping their organizations running in the event of a disaster.

However, sometimes the impact is neutral or even harmful.

...

https://www.mha-it.com/2017/11/overreacting/

When you see a company trending on social media, do you automatically assume that it’s going to be scandalous gossip? Because I do.  But what if I told you companies could become a player in the game and change the way they appear on social media?

Social media has obliterated traditional communication with its inventiveness and convenience.  Today, it is a rarity to see someone walking around without their phone attached at their hip. This need to be in constant communication with our technologies has changed the way people access information.  “How?” you might ask.  In today’s news reporting world, long before reputable news agencies can report an event, the specifics are already circulating social media avenues in real-time thanks to our societies avid Facebookers and Tweeters.  The answers to all your questions are at your fingertips, quite literally!  You can find an answer to almost any question with a few clicks in Safari or Chrome.

Given its ever-expanding user base, social media has become a powerful tool.  It can be used to shape the publics opinion and even produce desired results from the intended audience!  While social media is often known for being a stage to spread negative comments about an organization, with the proper action plan and team involved it can be used to drive positive outcomes as well.

...

http://www.bcinthecloud.com/2017/11/you-say-social-media-like-its-a-bad-thing/

Wednesday, 15 November 2017 16:15

You Say Social Media like it’s a Bad Thing

How IT Incident Management Can and Should Be Supported with a Foundation of Automated Notifications

One of the most significant challenges in terms of IT incident management today has to do with the growing complexity of the environments themselves. As more and more mission-critical systems move into the cloud, the demands placed on IT managers have never been higher. These hardworking professionals are being asked to accomplish more with less on a regular basis, which itself becomes a major problem when disaster (as it often does) strikes.

In some ways, the solution to these issues is clear – IT professionals need a way to quickly, accurately and concisely communicate essential information to people at a moment’s notice. But what, exactly, is the best way to do that?

This problem has led to many unfortunate trends in the industry today. Many companies make the mistake of assuming there is a one-size-fits-all solution to automated notifications of this type. This fails to acknowledge the fact that every organization is different.

...

https://www.onsolve.com/blog/improve-incident-management/

Monday, 13 November 2017 17:30

Improve Your IT Incident Management

Our people differentiate us from other products and services. While technology changes and is replaced on a daily basis, our experience and delivery continues to build over time. The team at Continuity Centers will consistently impress you with their knowledge, drive, and focus.

Our instant business recovery (IBR) is made of several parts that complete the whole. Each part works together to deliver a solution that keeps your business up and running through anything.

They include:

...

https://continuitycenters.com/features-instant-business-recovery/

Monday, 13 November 2017 17:25

The Features of Instant Business Recovery

Bringing Together HICS, Business Continuity, IT Disaster Recovery, and Information Security

Hospitals place high importance on delivering uninterrupted care regardless of circumstances, and, as such, invest heavily in preparedness.  Hospitals that are the most successful in achieving a high-level of preparedness typically have integration between four disciplines: Emergency Preparedness (HICS), Business Continuity, IT Disaster Recovery, and Information Security.  Building cohesion sounds fairly straightforward, but, in reality, it can be complex. From our experience assisting hospitals successfully tackle this charge, here are some practical steps to move toward an integrated approach to preparedness:

Start with Governance

Ideally, create a cross-functional steering committee that ultimately oversees all of these disciplines and has the authority to make risk-based decisions that takes into account analysis from across the preparedness landscape.  Again, this sounds simple, but it can be difficult to successfully achieve.  If it isn’t possible to work from one steering committee, try to align risk criteria across preparedness disciplines so that risks and considerations are assessed on a level playing field, ensuring the most critical issues are addressed first.

...

http://perspectives.avalution.com/2017/a-cross-functional-approach-to-hospital-preparedness/

Event Pages Make Organizational Communications More Efficient

Whether it’s an emergency or a non-critical event, ongoing communications with employees is often necessary. AlertMedia is known for mass notifications, but we also support efficient communications throughout the life of any event – from planning through resolution.

AlertMedia recently unveiled its newest feature – Event Pages. This new event information hub can be found on your AlertMedia dashboard and can be utilized as a powerful, real-time two-way communication tool for administrators and employees to share pertinent information. Event Pages provides a single place to find everything related to a specific situation, with current and archived updates, documents, videos and photos, and resolutions.

...

https://www.alertmedia.com/introducing-event-pages/

Advance location alerting helps leaders know when to trigger emergency response plans

By Glen Denny, Baron Services, Inc.

Denny1

Lately, on an increasingly frequent basis, weather events seem to dominate much of our news, with rising numbers of severe occurrences presenting fresh challenges for public safety officials dedicated to protecting lives and property. It doesn’t just appear that way, it’s an actual fact: Almost 80% of disasters faced by public safety and emergency management professionals today are weather-related. It’s not only dramatic, extreme storms that require advanced forecasting for efficient safety planning, it’s also the numerous, more common fog, rain, ice, snow, and wind events that often impact our daily lives.

In any community, these conditions can differ within neighborhoods, even street to street, and change minute to minute. For anyone involved in safety management—whether responsible for schools, hospitals, churches, companies, organizations, sports venues, pools, parks, or other public gathering sites—being able to monitor and stay ahead of rapidly changing weather at specific locations is a difficult, time-consuming job that can have serious life or death repercussions.

Accustomed to regional forecasting, public safety professionals have traditionally made the best decisions they can given the broad-based storm information they’ve received. But today, with severe weather events rising, they face a growing dilemma: What’s the best way to access customized, advance weather intelligence data specific to their area so they can enforce whatever timely and effective safety plans are necessary to protect their community and its assets?

Though emergency management professionals and public safety officials aren’t trained meteorologists, fortunately, thanks to modern weather data technology and improvements in the ease of access, they don’t have to be. A new system of data-driven, location-based alerts offers an innovative tool for safety management officials, delivering customized, active monitoring that triggers advanced emergency preparation plans addressing multiple weather hazards.

Web and mobile on-demand system alerts keep pace with changing weather conditions

Denny2America’s a big country, one that experiences nearly every weather event Mother Nature dishes out. Safety managers know that severe weather means different things to different regions across the U.S. and preventative plans must change accordingly. In Florida, emergency management professionals might seek weather alerts informing them when temperatures will fall below 40 degrees so they can implement plans to open homeless shelters or advise citrus owners to protect crops. In Arizona, public safety officials need to know when excessive temperatures might dictate additional safety measures to keep people cool, especially the elderly and very young.

Each region has a threshold for hot or cold, too much snow, too little or excessive rainfall. And although the big, headline-grabbing weather events like tornados, blizzards, hurricanes, and floods command attention, safety professionals require accurate weather intelligence affecting specific, localized areas where daily conditions have immediate impact on commuters and the public.

One provider of reliable, weather technology data is changing the way safety and emergency management professionals stay ahead of severe weather events. At Baron, a global leader in critical weather intelligence, scientists have teamed with seasoned meteorologists to develop a next generation tool, easily accessible to emergency safety managers and planners, advancing precision weather forecasting. Baron Threat Net’s web portal products offer public safety officials a comprehensive weather monitoring platform targeting street level views.

Threat Net’s high resolution, customizable mapping allows emergency managers to concentrate their attention on operational conditions impacting specific areas of concern, with user-friendly navigation and a pre-set feature allowing up to 20 site maps to be stored for future reference. How much rain has fallen, and how much is expected? Exclusive precipitation, accumulated precipitation and 24-hour accumulation forecasts keep users on top of possible flooding risks. Baron Threat Net’s Severe Threats allows simultaneous views of areas threatened by potentially damaging winds, flooding or hail. A Cloud to Ground Lightning feature shows real-time lightning strikes at street level. Using a combination of actual and forecasted products, the Road Weather/Conditions feature offers actual road condition alerts displaying a variety of concerns such as Patchy Ice, Flooded, Snow and Heavy Snow or just plain slippery road surfaces. Baron Threat Net’s complete tropical weather package tracks hurricanes and tropical storms, monitoring the latest maximum wind speeds, watches, warnings and storm surge conditions, making the information easily accessible.

Denny3To keep safety professionals informed in advance, Threat Net delivers customizable, pinpointed local alerts making officials aware of locations and assets in the path of impending, potentially dangerous, weather. Users select a location, identify the risk and choose a notification method—on screen, by email, or via push notifications to a phone—while the system, which includes patented Baron Safety Alerts and standard National Weather Service watches and warnings, automatically monitors that location. A companion app lets users access real-time weather conditions from any location, a valuable feature for safety departments sometimes short on personnel resources.

Proprietary, customized weather alerts safety management professionals can depend on

Local and regional safety managers are familiar with their area environment and the kinds of weather events making them most vulnerable. Most have been on the job for some time, and may have grown somewhat skeptical about the accuracy of long and short-term weather forecasting. They shouldn’t be. Advances in computing power, speed and forecast algorithms have dramatically improved weather forecasting technology, and today accessing that critical information is easier than ever.

That’s where Baron’s Threat Net products are making the biggest difference for safety management professionals. While traditional weather services are okay, none deliver the kinds of proprietary, customized weather alerts available through Threat Net & Pinpoint Alerting products. The proprietary alerts they provide supply pre-set custom alerting of 80 different weather conditions.

"When I'm in the field I use a lot of tools to help me navigate around severe weather, and the most reliable one is Mobile Threat Net,” says Martin Lisius, a Severe Weather Expert from Arlington, TX.

Denny4Safety personnel can receive customized forewarning of changing conditions invaluable for getting them ahead of weather events, helping them determine timing and scope of emergency response plans. And quite simply, the more advance notice officials get before dangerous weather arrives—the more accurate, granular and detailed that information—the better their response planning will be.

“Baron has a history of working with our partners to understand their needs and has developed customized alerts that pinpoint the exact timing and location of weather events that will impact our customers; many of these alerts go beyond the traditional weather warnings we are accustomed to receiving and focus on specific weather phenomena, such as hail and lightning,” says Bob Dreiswerd, Baron’s Chief Development Officer. “Baron also works with customers to develop alerts specific to their situation that focus on weather related events that directly impact their operations.”

Not your grandmother’s weather forecasts: incisive weather intelligence takes the ‘might’ out of forecasting

Baron’s suite of weather intelligence products offers safety officials user-friendly, data-informed alerts letting them know what’s actually coming, in many cases well before it arrives. The complete data set of customized tools can provide street-level road forecasts 24 hours in advance, deliver a tropical weather package tracking maximum wind speed, watches, warnings and storm surge, and even keep safety personnel informed during unpredictable emergency situations like hazmat spills or terrorism. With trains and trucks transporting hazardous materials through communities daily, Threat Net can help safety management professionals determine wind and rain conditions with potential to spread spills, smoke, gases or other toxic substances when and if spills occur.

Whether you’re a small-town mayor charged with knowing how much additional rainfall to expect in order to keep residents in the path of impending flooding safe, or an Emergency Management Coordinator like Rusty Chase of Isle of Wight County, VA, relying on Mobile Threat Net to make decisive plans based on its alerts, all safety management professionals need access to the best weather intelligence available today. “We saw dangerous weather on Mobile Threat Net and were able to give the schools adequate time to shelter children in the hallways during a tornado,” Chase says. “Had we released the kids to go home prior to my alert we would have had them on the roads and probably had injuries and fatalities.”

Relying on critical weather intelligence and customized alerts like these gives safety officials the confidence they’re using the most effective tool available for making informed planning decisions to secure the safety of their community. A recent example of the utility of Baron’s weather intelligence tools came with the arrival of Hurricane Harvey on the gulf coast. Threat Net’s live monitoring of Hurricane Harvey allowed users to prepare for the storm before it made landfall. While the storm’s impact couldn’t have been avoided, Threat Net’s prediction helped many people better prepare for Harvey’s force. When advanced technology produces weather data products capable of delivering customized advanced warnings today’s safety management professionals can depend on, why wouldn’t they?  

Fraud Frequently Asked Questions

1. What fraud issues should survivors be aware of after Hurricane Irma?
    There are a number of fraud concerns survivors need to be aware of to protect themselves:

  • Beware of individuals charging survivors a fee to apply for disaster assistance, receive a home inspection or install a blue tarp through the Blue Roof Program. THIS IS FRAUD. Federal workers NEVER solicit or accept money from applicants.
  • There are also reports of people registering for assistance using someone else’s information. If you suspect anyone of committing fraud and stealing your identity, report it to local law enforcement. You should also report it to:

a. The Department of Justice's Disaster Fraud Hotline at 866-720-5721 or email This email address is being protected from spambots. You need JavaScript enabled to view it..

b. If you discover that someone is misusing your information file a complaint with the Federal Trade   Commission through the website: IdentityTheft.gov.

c. You can also file a complaint with the OIG:

i. Online at the OIG’s website (www.oig.dhs.gov),
ii. Fax it to 202-254-4297, or
iii. Mail it to the DHS Office of Inspector General: Mail Stop 0305; Department of Homeland Security; 245 Murray Drive SW; Washington DC 20528-0305.

d. Make sure to alert the FEMA helpline to the issue as well by calling 800-621-3362.

  • Beware of robocalls from imposters. However, FEMA does plan to conduct outreach by autodialer, in some cases. If you are contacted, the phone number you should reply to is the FEMA Helpline: 800-621-3362 (FEMA).
  • Watch out for insurance related scams.

a. Notify your insurance company after a disaster.
b. Beware of imposters claiming to be FEMA representatives, asking for money to assist with the filing of federal flood claims.

2. How do I know if a FEMA representative is legitimate?

  • If you’re meeting a FEMA representative in person, ask to see their identification badge. All federal employees carry official, laminated photo IDs. FEMA shirts, hats and jackets do not make them official.
  • When a FEMA inspector comes to your damaged home, he or she will require verification of your identity, but will already have your registration number. Keep your FEMA registration number safe. Do not share it with others.
  • No federal government disaster assistance agency will call you to ask for your financial account information. If you’re unsure whether someone claiming to be a FEMA representative is legitimate, say you are hanging up and call the main FEMA helpline at 800-621-3362 to speak about the incident.

3. Do inspectors charge for an inspection?

  • Federal inspectors do not charge a fee at any time to inspect your property. FEMA and the Small Business Administration will never ask you for money.  Our inspectors never require banking information or payment in any form.
  • They also do not determine eligibility or dollar amounts of assistance.

4. What happens when a building contractor shows up, and says they were sent by FEMA?

  • FEMA does not send building or repair contractors. The job of a FEMA housing inspector is to verify damage. FEMA does not hire or endorse specific contractors to fix homes or recommend repairs.
  • If someone comes to your door and says that your home is unsafe, do not believe them and do not let them in.
  • Have an engineer, architect or building official inspect it. An unethical contractor may actually create damage to get the work.
  • When in doubt, report any suspicious behavior to your local authorities.

5. How do I hire a legitimate building contractor?
    Here are a few tips to consider when hiring a legitimate building contractor:

  • Always use a licensed local contractor backed by reliable references.
  • In Florida, contractors are required to carry general liability insurance and worker’s compensation.
  • Require a written contract with anyone you hire. Be sure to read and understand the contract. Never sign a blank contract and never pay more than half the cost of the job upfront. Be sure to get a written receipt for any payment.
  • If one estimate seems much lower than the others and sounds too good to be true, it probably is. Many unethical contractors provide low-ball bids that seem attractive. But the contractors are often uninsured and may charge substantial cancellation fees.
  • Never pay for work in full in advance. The Better Business Bureau recommends a consumer pay half or less of the contract price before the contractor begins repairs and the remaining balance once the work is complete and the owner is satisfied.

6. What should people who did not apply for disaster assistance do if they suspect that they are a victim of disaster fraud?

  • To report disaster fraud, contact The Department of Justice's Disaster Fraud Hotline at 866-720-5721 or email This email address is being protected from spambots. You need JavaScript enabled to view it..
  • Email FEMA’s Office of the Chief Security Officer (OCSO) Tip line at This email address is being protected from spambots. You need JavaScript enabled to view it..
  • You can also file a complaint with the OIG:

a. Online at the OIG’s website (www.oig.dhs.gov),
b. Fax it to 202-254-4297, or
c. Mail it to the DHS Office of Inspector General: Mail Stop 0305; Department of Homeland Security; 245 Murray Drive SW; Washington DC 20528-0305.

  • Contact the FEMA Helpline at (800) 621-3362 if you had not previously registered for FEMA assistance, and do not wish to register. They will not need to take further action. The original application will be locked to maintain a record of the potentially fraudulent file.

7. If I was a victim of disaster fraud, but I still need to apply for assistance, what should I do?

  • Contact the FEMA Helpline at (800) 621-3362 and tell them you have not previously registered for FEMA assistance and that you wish to register.

8. If I tried to apply, but the system said I have already applied, what should I do?

  • Contact FEMA’s Helpline at 1-800-621-3362.

9.  Will I need to wait until the investigation is complete, before I can register for assistance?

  • No. FEMA does not need to complete the investigation before you can have a new registration taken. However, FEMA will need to verify your identity.

10.  Is there anything else people should know?

       Unfortunately, scam artists may pose as government officials, aid workers, charitable organizations, or insurance company employees.

  • Do not respond to texts, phone calls or requests seeking your personal information. The only time you should provide personal information is during the initial application process for FEMA help or when you initiate contact with FEMA to follow up on an application. FEMA inspectors only require verification of identity. FEMA may call you by autodialer, in some cases. These calls will not request your personal information—you will only be asked to call the FEMA Helpline at 800-621-3362. 
  • Ask for identification and don’t be afraid to hang up on cold callers.
  • If you need to contact government agencies, use official information posted on their websites or in other verified sources.
  • Don’t sign anything you don’t understand or contracts with blank spaces.
Wednesday, 01 November 2017 16:42

FEMA: Fraud Frequently Asked Questions

Workplace safety is and will always be a pressing concern. According to a study conducted by the Occupational Safety and Health Administration, we’re making a significant amount of progress in that regard – from a certain perspective. In the four decades that OSHA has been working with state partners, employers and safety and health professionals around the country, worker deaths have fallen from 38 per day on average in 1970 to just 13 a day in 2015. Equally positive is the fact that worker injuries and illnesses are also way down, from 10.9 incidents per 100 workers in 1972 to just 3.0 incidents per 100 employees in 2015.

But one of the unfortunate facts about the modern era that we’re now living in is that the types of dangers that people are likely to face have evolved in a harrowing and unsettling way. People don’t have to worry about falls, being struck by objects, electrocutions or being caught in or between pieces of equipment anymore. They don’t have to worry about safety hazards that were not properly communicated or guidelines that were not adhered to.

With increasing and disappointing regularity, they’ve got to worry more and more about their own co-workers.

...

https://www.onsolve.com/blog/danger-at-work/

Tuesday, 31 October 2017 19:58

How to Spot a Potentially Violent Coworker

Thinking Outside the Box

One of the best ways to achieve ROI is to find ways to extend the use of an investment. You may have purchased software to do one thing and then found it could be optimized somewhere else. While this scenario may not happen frequently, it’s considered a victory when it does.

Emergency notification systems can easily fall into this category. We find most of our clients purchase our software in order to quickly and easily connect with employees when a critical event occurs. They want to eliminate all of the disparate communication systems in lieu of a single, integrated system that enables them to leverage one or several communication channels at the same time. They want to be able to segment their audience, pre-build their messages using templates, and in a click or two, know their message has not only been delivered, but received loud and clear. They want to be able to measure message open rates and constantly improve their emergency plans.

Well done, companies. You are prepared. But did you know you can use your emergency notification system for a whole lot more than emergencies? You can quickly increase ROI by maximizing your use of the software for any desired communication with a specific audience, internally or externally.

...

https://www.alertmedia.com/5-non-emergency-ways-to-use-your-emergency-notification-system/

Imagine entering your workplace and being met with a sign instructing you NOT to turn on your desktop computers or dock your laptops until further notice. No network access; no email; no dependent application. Unfortunately, this was the actual scenario that played out for one global law firm, DLA Piper, who fell victim to the Petya cyberattack in late June. For this law firm, the loss of email services is devastating; and their email was unavailable for over one week.

The June 2017 cyberattack, known as Petya, affected major organizations throughout many industries. Global shipping conglomerate, Maersk, has estimated quarterly losses of between $200M-$300M, due to experienced interruptions. Large manufacturing facilities were brought offline for many days while working to re-establish critical systems.

Prior to Petya, in May, WannaCry spread worldwide and infected over 200,000 computers. In both cases, infected computers had their data encrypted and hidden from its owners until a ransom was paid.

...

http://perspectives.avalution.com/2017/ransomware-changes-the-game-for-it-disaster-recovery/

In our experience consulting with universities, high schools, or elementary schools on Emergency Management preparedness, we have found a number of issues that come up on a regular basis. It does not matter if the institution is a private or a public school. Don’t wait for an event to happen to find out if your child’s school is ready.

Here are 10 questions you should ask to make sure your child’s school is ready for an emergency:

...

https://www.mha-it.com/2017/10/school-emergency-plan/

In the span of the last few decades, email has become a key communication avenue to coordinate case proceedings and counsel to a law firm’s clients and co-workers. Now more than ever, law firms are leaning on technology to deliver essential and innovative representation, but this is only possible so long as firms are connected to the internet.

Additionally, lawyers and partners may not always recognize the direct connection of their IT stance on email availability. When a technology disruption may impact access to email, it is critical to ensure proper budgeting and resources for IT systems and data protection—but this is where firms often fall short.

...

https://www.bluelock.com/blog/ensure-access-law-firms-email/

The connected world that we’re now living in, along with the Internet in general, has undoubtedly made our lives better in countless ways. Unfortunately, they’ve made our lives more dangerous, as well – particularly when you consider the current state of cybersecurity worldwide.

According to one study conducted by Panda Labs, there were 18 million new malware samples captured in the third quarter of 2016 alone. That number breaks down to an average of about 200,000 per day. Likewise, new and devastating techniques like ransomware are on the rise. More than 4,000 ransomware attacks occurred every day in 2016 – an increase of 300% over the previous year, according to the Computer Crime and Intellectual Property Section of the FBI.

Based on these stats, it’s easy to see why cybersecurity is such a rising concern among organizations in nearly every industry. But the most important thing for them to understand is that the hackers aren’t some group of cartoon super villains operating from a secret bunker somewhere. In truth, they don’t need to be. Cyber-attacks are far easier than that to pull off because of two unfortunate little words: Human Error.

...

https://www.onsolve.com/blog/new-couple-automated-alerts-cyber-awareness/

The Problem with Emails

Emails. How many do you get each day? How often do you check them? When I say “check,” I mean read. The average time spent reading an email is 11.1 seconds and only five seconds for a text. With instant communications available via texting, instant messaging and social media, email is rapidly losing its charm, particularly amongst millennials.Email still has its place in the work environment for non-urgent messages and regular communications with vendors, customers or other businesses, but is it really the most effective way to notify employees of an urgent situation? Likely not.

There are several problems with emails, such as the sheer number of them we receive each day, (an average of 88, per one study), sending and receiving isn’t always instantaneous, and there is no guarantee the receiver will take the time to open and read it. If there is a network outage, you may never get your message across as it sits in your outbox indefinitely.

When it comes to emergencies, emails simply do not convey a sense of urgency. People assume they can get to an email whenever they get the chance, and only 30 percent of them ever get read. Few emails garner the same level of attention as a text alert or similar form of communication.

...

https://www.alertmedia.com/why-you-cant-just-send-an-email/

Friday, 20 October 2017 14:42

WHY YOU CAN’T JUST SEND AN EMAIL

Working on cars can be quite the challenge. If you’ve got a project car that you’re hoping to get up and running, you probably want to control every aspect of what goes into it. From the engine to the tail lights, you’re willing to tackle every project head-on without any external help.

Until you get stuck on a problem that you’re not equipped to handle.

When you hit a brick wall, you can keep trying to fix the issue by yourself – which can be extremely frustrating. Or, you have the option to take your car to a master mechanic that can easily fix the issue for you.

It’s not unlike running your company. When you need IT support, what’s your best option for support? Most businesses have two distinct choices; either hire an in-house IT support employee (the DIY fix), or partner with a managed service provider (the master mechanic).

Though both options have their own pros and cons, one comes out on top for growing organizations that want to stay ahead of the curve.

...

https://continuitycenters.com/managed-services-vs-house-comes-top/

One of the most important things to understand about working and operating in a healthcare environment is that emergencies are not a question of “if” – they’re a question of “when.” Events that impact patient care, employee safety and overall operations can happen suddenly and without warning. The key to continuing operations involves the ability of doctors, nurses, staff and leadership to respond to these events as quickly and as accurately as possible.

Part of success in this regard comes down to effective crisis communication – something that the Centers for Medicare and Medicaid is already emphasizing. It considers communication to be so pivotal, in fact, that it is one of the four main pillars of the CMS’ new Conditions for Participation for Emergency Planning, which MUST be in place for many types of healthcare organizations by November of 2017.

But just the ability to communicate in an emergency is not enough on its own – you need a system in place that will guarantee that the right message gets to the right people at exactly the right time, no exceptions. When it comes to accomplishing this mission-critical goal, more and more of today’s leading healthcare providers are turning to critical emergency alerting services.

...

https://www.onsolve.com/blog/todays-leading-healthcare-providers-depend-critical-emergency-alerting-services/

Closeup view of an eighty year old senior woman's hands as she sorts her prescription medicine.

If you read our blog on a regular basis you can probably recite the mantra “Make a kit. Have a plan. Be informed.” in your sleep. You are probably familiar with the important items you should keep in your emergency kit – water, food, a flashlight, and a battery-powered radio. What you may not think about is personalizing your kit for your unique medical needs or the needs of your family. Particularly, including prescription medications and other medical supplies in your emergency kit and plans.

As a pharmacist whose job is focused on emergency preparedness and response, I want to give you 10 pointers about how to prepare your medications for an emergency so you can decrease the risk of a life-threatening situation.infographic illustrating an emergency kit.

  1. Make a list. Keep a list of all your medications and the dosages in your emergency kit. Make sure you have the phone numbers for your doctors and pharmacies.
  2. Have your card. Keep your health insurance or prescription drug card with you at all times so your pharmacy benefits provider or health insurance plan can help you replace any medication that was lost or damaged in a disaster.
  3. Keep a record. Make copies of your current prescriptions and keep them in your emergency kit and/or go bag. You can also scan and email yourself copies, or save them in the cloud. If you can’t reach your regular doctor or your usual pharmacy is not open, this written proof of your prescriptions make it much easier for another doctor to write you a refill.
  4. Start a stockpile. During and after a disaster you may not be able to get your prescriptions refilled. Make sure you have at least 7 – 10 days of your medications and other medical supplies. Refill your prescription as soon as you are able so you can set aside a few extra days’ worth in your emergency kit to get you through a disaster.
  5. Storage matters. Keep your medications in labeled, child-proof containers in a secure place that does not experience extreme temperature changes or humidity. Don’t forget to also include nonprescription medications you might need, including pain relievers, cold or allergy medications, and antacids.
  6. Rotate the date. Don’t let the medications in your emergency supply kit expire. Check the dates at least twice every year.
  7. Prioritize critical medicines. Certain medications are more important to your health and safety than others. Prioritize your medications, and make sure you plan to have the critical medications available during an emergency.
  8. Communicate a plan. Talk to your doctor about what you should do in case you run out of a medication during an emergency. If you have a child who takes a prescription medication, talk to their daycare provider or school about a plan in case of an emergency.
  9. Plan ahead. Make sure you know the shelf life and optimal storage temperature for your prescriptions, because some medications and supplies cannot be safely stored for long periods of time at room temperature. If you take a medication that needs to be refrigerated or requires electronic equipment plan ahead for temporary storage and administration in an emergency situation.
  10. Check before using. Before using the medication in your emergency kit, check to make sure the look or smell hasn’t changed. If you are unsure about its safety, contact a pharmacist or healthcare provider before using.

Resources

With the end of September’s National Preparedness Month, incident response professionals may get questions from colleagues about how their organization responds to natural disasters or other major disruptions.

Communications is an especially important element of disaster response. Small businesses may find calling trees sufficient, but larger enterprises and government agencies often depend on advanced communications and information technology.

Organizations have three options for deploying incident response communications infrastructure:

...

https://www.onsolve.com/blog/managed-saas-vs-traditional-saas-choose-best-option-organization/

Emergencies Aren’t Biased

Small companies can fall victim to a dangerous mindset of thinking they are too small to take formal precautions against crises. They believe that fancy emergency notification systems are relegated to the companies with thousands of employees scattered around the globe. While the magnitude of the emergency may scale with the size of the company, even the smallest mom and pop company needs a plan and a system to communicate when an unexpected event occurs.

The truth is, emergencies can happen anywhere, anytime, to anyone. All we have to do is look at the crazy hurricane season we will thankfully see coming to an end in the coming weeks. Hurricanes Harvey, Irma, Maria and Nate paid no attention to whether or not the buildings they destroyed were owned by a large or small company. They didn’t care if four employees were displaced or 4,000. It was of no concern as to which streets would be impassable and how long the power would be out.

...

https://www.alertmedia.com/no-youre-not-too-small-for-a-notification-system/

Blockchain technology related topics are gaining a lot of attention lately, most of the attention is focused on cryptocurrency such as Bitcoin.  Some predict it as the new internet revolution which could lead to new technological innovations in economics and social transformations.

Blockchain is running on a peer-to-peer network, with many distributed nodes and supporting independent computer servers globally.  Part of it is implemented without any centralized authority and has a built-in fraud protection and consensus mechanism, such as the concept of Proof-of-Work, where peer computers in nodes approve every requirement for the generation of a new set of transactions or block to be added to the database a.k.a. “Block Chain”.

It also has a built-in check and balance to ensure a set of colluding computers can’t game the system.  Blockchain also brings in an element of transparency, which reduces fraud as the entire chain is visible and auditable.

...

http://www.bcinthecloud.com/2017/10/blockchain-for-business-continuity-and-disaster-recovery/

https://ems-solutionsinc.com/blog/caring-for-children-in-a-disaster/

 

By REGINA PHELPS

Disasters affect children differently than they do adults. Learn more about the unique needs of children during and after disasters. Just with all of the disasters in the United States alone, this issue is especially critical to help young ones cope.  The CDC has several great recommendations for the care of children at time of disaster.

Another organization, the Shenandoah Valley Project Impact, the Central Shenandoah Valley’s regional disaster preparedness and mitigation program developed a great set of children’s books both in English and Spanish to help families and their kids cope. You can download them here.

Disaster_Activity_Book_for_Kids_English

Disaster_Activity_Book_for_Kids_Spanish

  • Children’s bodies are different from adults’ bodies.
    • They are more likely to get sick or severely injured.
      • They breathe in more air per pound of body weight than adults do.
      • They have thinner skin, and more of it per pound of body weight (higher surface-to-mass ratio).
      • Fluid loss (e.g. dehydration, blood loss) can have a bigger effect on children because they have less fluid in their bodies.
    • They are more likely to lose too much body heat.
    • They spend more time outside and on the ground. They also put their hands in their mouths more often than adults do.
  • Children need help from adults in an emergency.
    • They don’t fully understand how to keep themselves safe.
      • Older children and adolescents may take their cues from others.
      • Young children may freeze, cry, or scream.
    • They may not be able to explain what hurts or bothers them.
    • They are more likely to get the care they need when they have parents or other caregivers around.
    • Laws require an adult to make medical decisions for a child.
    • There is limited information on the ways some illnesses and medicines affect children. Sometimes adults will have to make decisions with the information they have.
  • Mental stress from a disaster can be harder on children.
    • They feel less of a sense of control.
    • They understand less about the situation.
    • They have fewer experiences bouncing back from hard situations.

https://www.cdc.gov/childrenindisasters/index.html

This year’s hurricane season is like nothing in recent memory. With the country still reeling from Harvey, Irma, and Maria, everyone held their breath as Hurricane Nate headed toward states along the Gulf Coast this weekend. Those of us at IWCO Direct and Mail-Gard were especially anxious as a number of our colleagues and clients were making their way to New Orleans for the DMA’s &THEN Conference. Thankfully, Nate lost steam before hitting the mainland, but our team at Mail-Gard was prepared to help clients manage the print-to-mail operations of their critical communications at the drop of a hat if necessary. Today we wanted to briefly share how we prepare for a disaster declaration in advance of severe storms and natural disasters.

We start by doing our best to become meteorologists. We have a system in place to closely monitor weather patterns in regions where our clients are located in order to determine which ones may be in the path of a severe storm. We contact those clients well in advance to ensure they have our emergency declaration hotline information readily available. We also make sure our team is fully prepared to spring into action by alerting them to which clients may need to make a disaster declaration, so they can review those specific client requirements in advance. We also analyze our testing schedule to “clear the decks” so that we can devote our full energy to impacted clients.

...

https://www.iwco.com/blog/2017/10/11/mail-gard-disaster-declaration-hurricanes/

By Pete Benoit, Enterprise Solutions Architect, iland

For veterans of the IT services industry, DR has always been a popular topic of conversation with potential clients. Those that have been around long enough will certainly remember how many of those conversations progressed.

Typically, it went something like this.

Potential Client: We’ve determined that our current IT infrastructure DR plan puts our business at risk and we are interviewing service providers to assess potential solutions.

IT Services Vendor: What are your infrastructure RPO and RTO targets?

Potential Client: Our CIO wants us to maintain a RPO/RTO of 4 hours or less.

It wasn’t that long ago that everyone in this conversation would have understood that the quote from the service provider was going to be well beyond what the client intended to spend as part of the overall IT budget. This was typical for both small and large environments. Inevitably, the parties would work backwards by decreasing the expected deliverables for the solution until an acceptable price point could be reached. Sometimes the solution met so few of the organization’s requirements, that the conversation would be abandoned with no action.

Was the CIO delusional for requesting such aggressive (for the time) SLAs? Of course not. The importance of the data and the underlying applications and infrastructure was self-evident. The reality was that, not only were the options to meet those goals extremely expensive, there was very little guarantee that it would work as planned when it came down to crunch time.

The reason for the expense was that each production resource had to be duplicated, to a certain extent, at the remote site. This infrastructure would need to be purchased or leased, co-located, upgraded and required experienced technicians to maintain. All of this in hope that it would never have to be used in a live situation.

Fast forward to the present and with the evolution of virtualized workloads, resource pools, metered billing and any to any replication technology, those RPO/RTO targets are now achievable and at a fraction of the cost. The underlying services billing model that makes this a reality consists of a reserved billing storage component for data replication and burstable billing compute resources that can be deployed on demand and be billed per hour of use.

Reserved storage provides a target storage repository sized to handle all replicated workloads plus potential growth dependent on changes in the production environment. Reserved storage is billed on a per GB per month basis. The storage reservation quantity can be increased at any time to mirror changes in the production environment.

Burst compute refers to on-demand CPU and RAM which are necessary to operate the virtual workloads during production failover or testing. Because replication is accomplished without live workloads, the burst compute resources are available on demand and no charges are incurred until the workloads are powered on. CPU is metered on average GHz of CPU used per hour. RAM is metered as average gigabytes (GB) consumed per hour. These burst compute charges are tallied and billed monthly. When testing or failback is complete, the resources are returned and the burst charges are no longer accrued.

While cost is still top of mind for IT Directors and CIOs, the conversations around solutions for IT's data protection and DR needs are drastically different. Reserved storage plus burst compute pricing for DRaaS allows IT organizations to execute a robust disaster recovery plan without having to pay for live compute resources waiting for use. The major obstacles to a credible DR solution, even for small businesses, have been mitigated by technology advances and wide spread adoption of said advances.

Once the question of cost has been addressed, the discussion moves to more important issues. How do end users connect to the DR environment once failover is complete? Does the recovery site adhere to the same security standards as my production environment? How is failback accomplished? These are just a few of many important questions not related to cost.

In conclusion, the reserved plus burst model allows customers to apply the advantages of two pricing models where it makes the most sense thereby protecting critical data without the burden of barely used, monthly infrastructure costs at the service provider location. A comprehensive solution will also provide assisted initial setup, volume discounts for storage, simplified day-to-day operations via a self-service console, straightforward network configuration, the option for customer initiated failover, as well as detailed billing, monitoring and compliance reporting.

Benoit PetePete Benoit is an Enterprise Solutions Architect at iland, currently based out of Dallas with over 20 years of experience in the IT Services industry including time with hardware vendors, VARs and IaaS providers. His career began in the US Air Force as a Communication-Computer Systems Operator before joining the private sector and moving to Texas in 1996. Pete has a wide range of industry experience as a technician, support engineer and solutions engineer and excels at customer service. A proud graduate of the University of Louisiana at Lafayette, Pete is a husband and father of two and enjoys golf and spending time with family and friends.

Case Study

OVERVIEW: Since 1933, the Jericho Fire Department has been charged with protecting its Long Island, New York community residents from the perils of fire and other emergency situations. The Department proudly provides Fire Prevention and Safety Education, Fire Suppression, Emergency Medical Services and Hazardous Materials response. Its staff of 36 dedicated employees and 94 volunteers valiantly serve the residents and businesses of the Jericho Fire District and, since its inception, the department has evolved into an all-risks emergency response agency, currently responding to about 1000 alarms each year. Together as a team they save lives, reduce property loss, and improve emergency services to meet the evolving life safety needs of citizens.

CHALLENGE/OBJECTIVE: As is the case with so many Fire Departments, maintaining control over the myriad keys kept at a firehouse can be challenging. It's critical to be able to have quick, but at the same time, controlled access to some of the keys. John O'Brien, Jericho Fire District Supervisor, chose to demo the MedixSafe Key Care Cabinet to determine if it would meet the Department's key control needs. The Department already had a MedixSafe Narcotics Cabinet/Safe in their ambulances and firehouse, which has been instrumental in securing their emergency response narcotics and making them available only to the advanced life support personnel authorized to administer them in an emergency. "It's been great," O'Brien notes. "There is no key to override it, and it provides an audit trail of who has accessed the safe and when. So when the Key Care Cabinet became available, we were eager to demo it."

KeyBox6SOLUTION: O'Brien reports that "We loved what we saw, because key control was an issue, and knowing who is in the key cabinet and when is so important. The Key Care Cabinet gives us the ability to track that, as well as the capability to restrict access to those not of the rank to have access." The MedixSafe Key Care Cabinet is electronically controlled and allows the user to not only organize their access keys, but to control them, as well. A 'key' feature that differentiates the MedixSafe Key Care Cabinet from low-end key cabinets is that it enables more secure access.

Because a single PIN can be easily compromised, dual, triple or biometric authentication credentials are required before access to the Key Care Cabinet is granted. Users can opt to go with a fingerprint and PIN combination, key card and PIN combination, or a key fob and PIN combination.

It accommodates over 1,000 individual users and provides an audit trail history of up to 50,000 events. The Key Care Cabinet is accessible via a remote Ethernet network and also has a manual key override. This ensures that the cabinet can still be accessed via a single key in the event of an electronic failure.

KeyBox3BENEFITS: The ability to control access to crucial keys is among the most significant benefits the Jericho Fire Department is reaping from the MedixSafe Key Care Cabinet. Certain keys are especially important to store, O'Brien points out, including the Department's radio keys, auxiliary vehicle keys as well as keys to the fuel pumps. "Probably the most important," he says, "Are the keys for the sirens, which always need to be found quickly." There are also outside vendors the Department works with, and some of them need access to keys, as well. "My radio repairman, for instance, needs access," he adds. "We operate the radios, but he repairs them!" O'Brien adds that the software is very easy to operate, and the overall operation is extremely user-friendly. "It's really just some data entry, and our system is wireless, which made it easy to install. All we needed was a power outlet."

"The Key Care Cabinet would benefit firehouses everywhere," he says. "It ensures the security of the most important keys, and gives you the ability to control and track who's accessed those keys. I highly recommend it."

ABOUT MEDIXSAFE: A leader in the access control cabinet market, MedixSafe began designing and manufacturing narcotics control cabinets in 2008. The first narcotics control cabinets were designed for the EMS market to be used in ambulances. Based on customer requests, MedixSafe designed and built different sized cabinets to meet their varying needs. MedixSafe caters to the key control needs of doctors, dentists, veterinarians, university research departments and schools of medicine, hospitals, the U.S. Army, U.S. Navy, pharmacies, and more. For more information, visit http://medixsafe.com/

Cybercrime damage costs are projected to hit $6 trillion annually by 2021. And it’s not just the big guys that are getting hit – 43 percent of cyber attacks specifically target small businesses. Cyber attacks are clearly here to stay, which is why it’s become vital to the survival of your business to prepare for them.

Here are five solid tips that should help you protect yourself against these malicious digital threats.

...

https://continuitycenters.com/5-solid-cybersecurity-tips-for-your-business/

Friday, 29 September 2017 15:35

5 Solid Cybersecurity Tips for Your Business

A law firm’s livelihood depends upon its reputation among clients. However, this reputation is at risk when client confidence is diminished—whether this be as a result of failed expectations or inadequate due diligence. For this reason, and the rise of a more modern threat landscape, law firms are prioritizing the protection of sensitive information and prevention of downtime now more than ever.

69% of legal professionals rated “Data Security” as the top challenge for their firms*

Most firms are investing heavily in preventative IT security by implementing tools and strategies to ensure no one gets unwarranted access to data. However, many of those firms have not modernized the restorative side of their IT security strategy, the portion that ensures you can recover from an incident.

...

https://www.bluelock.com/blog/draas-can-help-law-firm/

Friday, 29 September 2017 15:30

Protecting Your Firm’s Reputation

https://blog.sungardas.com/2017/09/cartoon-ignoring-software-update-pop-ups-may-get-ransom-note-instead/

Hackers prey on complacency like thieves checking cars in a parking lot: They don’t have to break windows if you leave the doors unlocked.

They bet organizations won’t make simple software updates, and they’re often right.

Just look at the WannaCry attacks earlier this year. The ransomware was designed to exploit a known weak spot in Windows—one for which Microsoft had issued a patch months before. Thousands of victims, who didn’t install the updates, were left with a tough choice if they didn’t have backups in place: Either pay a Bitcoin ransom to unlock their data or say goodbye to that information.

Maybe we ignore regular updates because we’re too busy, or we don’t think they’re necessary. Or we see the pop-ups so often, we don’t give them a second look before we dismiss them.

But regular updates are a crucial part of your cyber security—well worth the 15 minutes it takes to install them. Taking the most basic precautions by making sure every system in your organization is up to date can’t prevent every cyberattack, but it’s often enough for hackers’ tools to skip your organization for one that’s less prepared.

Patch Updates FINAL100dpi

Taking the most basic precautions by making sure every system in your organization is up to date can’t prevent every cyberattack, but it’s often enough for hackers’ tools to skip your organization for one that’s less prepared.

When was the last time your organization conducted a mock disaster exercise? If you can’t think of a single instance (or if you’re taking too long to consider your answer), then your well-laid disaster recovery plans aren’t likely to be recovering anything anytime soon.

If you start performing those exercises now, however, there’s still time to turn things around.

What is a mock disaster exercise? It is a simulation of an unplanned disruption that requires participants to identify the actions and steps they would take to successfully respond, assess the impacts, activate resources, and recover in a timely matter.

Why is it so important? Because this type of “mock” testing validates your recovery plans and strategies (both of which are based on a formal business impact analysis that has been analyzed and shared with management). Having a set of written directions is only the first step in a two-part process of disaster response planning; the second step is testing those directions to see if people can actually put them to use. Could your team really respond, activate, and recover? You’ll never know unless you put them to the test.

...

http://www.bcinthecloud.com/2017/09/how-to-build-a-mock-disaster-test-the-recovery-plan/

Evacuteer checking someone in during 2017 full-scale city assisted evacuation exercise.

“I am a Katrina survivor.” These were the first words out of Joan Ellen’s mouth when I spoke with her. And she was one of the lucky ones. She made it out of New Orleans before Hurricane Katrina made landfall on August 29, 2005. But not everyone was so fortunate. One of Joan Ellen’s neighbors did not evacuate because she could not bring her old dog with her to a shelter and would not leave him behind. Her neighbor died in the flooding. Joan Ellen recalls, “If I had known I would have taken her with me.”

Evacuations are more common than you might think. Every year people across the United States are asked to evacuate their homes due to fires, floods, and hurricanes. However, there are many reasons people may not be able to evacuate– including issues that New Orleans’ residents face, like lack of transportation, financial need, homelessness, and medical or mobility issues.

No one left behindJoan Ellen returned to her home in New Orleans 48 days after Hurricane Katrina. She likes to tell people, “I only had a foot of water – but it was a foot over my roof.” The thing she remembers most vividly about going home was not the destruction, but the smell. When Joan Ellen heard a radio announcement that they were recruiting volunteers to help in a mandatory evacuation she signed up. She has been training other Evacuteers since she joined the organization in 2009. She loves the casual definition of family that keeps people together in the event of an evacuation. “Family is anybody we say is family, and we will keep everybody together. In New Orleans we are only two degrees of separation.”

According to FEMA’s Preparedness in America report, people in highly populated areas were more likely to rely on public transportation to evacuate in the event of a disaster. In the event of a mandatory evacuation, approximately 40,000 people living in New Orleans will need assistance to evacuate because they don’t have a safe or alternative option.

After learning from Hurricane Katrina, the City of New Orleans will now call a mandatory evacuation nearly three days in advance of a dangerous or severe storm making landfall on the Louisiana coast. Everyone must leave during a mandatory evacuation until officials declare the city safe for re-entry.

Mobilizing the Evacuteers

The City also started City Assisted Evacuation (CAE) to help people who are unable to evacuate on their own. Through this program, the city provides free transportation for residents, along with their pets, to a safe shelter. CAE counts on volunteers from Evacuteer.org, a local non-profit organization that recruits, trains, and manages 500 evacuation volunteers called “Evacuteers” in New Orleans. As the Executive Director of this organization I tell people, “We are a year-round public health preparedness agency that promotes outreach to members of the community that aren’t always easy to reach, nor trusting of government, about their options and the evacuation process. The goal is to make sure that everyone using CAE is treated with dignity throughout the entire process.”

Lit evacuspot in Arthur Center

Evacuteers receive a text message if the City of New Orleans calls for a mandatory evacuation. Teams are assigned to seventeen pickup points, called Evacuspots, placed in neighborhoods around the city. The Evacuteers help register people and provide information about the evacuation process. When residents go to an Evacuspot, Evacuteers will give every person a ticket, a wristband, and a luggage tag to help track their information and ensure that families stay together. After the paperwork is filled out, evacuees are transported to the downtown Union Passenger Terminal bus station where they will board a bus, and for a smaller percentage, a plane, to a state or regional shelter. When the city is re-opened after the storm passes, the process will bring residents back home to New Orleans.

An artistic approach to save lives

Each Evacuspot is marked by a statue of a stick figure with his arm in the air, and looks as though he is hailing a safe ride out of the city. Erected by international public artist, Douglas Kornfeld, the statues are a public art initiative led, and fundraised, by Evacuteer.org. Installed at each of the pick-up points in 2013, the stainless steel statues measure 14-feet tall, and stand as a reminder to residents year-round that there is a process to ensure everyone has the opportunity to safely evacuate.

Do you know what to do?
  1. Have a plan. Know where your family will meet, both within and outside of your neighborhood, before a disaster.
  2. Fill ‘er up. Make sure you have a half a tank of gas at all times in case of an unexpected evacuation. If an evacuation seems likely, make sure your tank is full.
  3. Keep your options open. Have alternative routes and other means of transportation out of your area. Choose several destinations in different directions you can go to evacuate.
  4. Leave early. Plan to take one car per family to reduce congestion and delay.
  5. Stay alert. Do NOT drive into flooded areas. Roads and bridges may be washed out and be careful of downed power lines.
Learn more
Read our other National Preparedness Month blogs:

Posted on by Kali Rapp Roy, Executive Director, Evacuteer.org

Tuesday, 26 September 2017 14:53

CDC: The Power of Us

F17 01

F17 02PHOENIX, Ariz. – Fall World 2017 was another great success for Disaster Recovery Journal, marking the 57th conference for the business continuity industry’s premier event.

More than 700 attendees joined speakers, board members, and exhibitors from around the globe at the JW Marriott Desert Ridge Resort and Spa in Phoenix, Arizona, Sept. 17-20, 2017. The three-day event featured 62 sessions, a concurrent exhibit hall with almost 100 booths, and numerous networking events.

F17 03“The venue was just very well received again this year,” said DRJ President Bob Arnold, looking over attendee evaluations after the show. “The numerous networking opportunities seemed to be very popular with attendees too. Our topics always get very high marks but the food was at a higher level than we’ve seen. JW Marriott does a good job. It’s a great venue.”

The conference took place just days after two major hurricanes and days ahead of more earthquakes and hurricanes.

“In the wake of Hurricanes Harvey and Irma, the subject was a major topic of discussion among our speakers, vendors, and attendees,” said Arnold. “We plan on covering details as lessons learned come out of these events.”

The senior advanced track was very popular with practitioners as well. This special track allows the industry’s most advanced planners to interact with C-level personnel and other advanced practitioners.

“The senior advanced track is a good balance between IT and the organizational side,” said Arnold.

F17 04DRJ Fall World 2017 gold sponsor Fusion Risk Management hosted the Monday Night Hospitality event, featuring food, drinks, dancing, and giveaways. Silver sponsors included eBRP Solutions, Firestorm, IBM Resiliency Services, Onsolve, Regus, RSA, Strategic BCP, and SunGard Availability Services. Co-sponsors included Agility Recovery, AlertMedia, Avalution Consulting, BC in the Cloud, ContinuityLogic, Fairchild Consulting, Kingsbridge Disaster Recovery, Mail-Gard, Quantivate, Recovery Planner, Rentsys Recovery Services, RES-Q Services, Ripcord Solutions, and Virtual Corporation. Business partners include Business Continuity Institute (BCI), Forrester Research, International Consortium for Organizational Resilience (ICOR), and Public & Private Businesses Inc. (PPBI).

F17 05“I want to thank all of our sponsors and exhibitors for helping us provide so many networking opportunities with attendees and vendors,” said Arnold. “We were really happy with everyone who joined us for another great show in Phoenix.”

F17 08In addition to several individual vendor drawings, attendees raked in 18 of the hottest technology items at the DRJ booth as part of the exhibit hall raffle. Grand attendance prize drawings also went to Chuck Robertson, Donna Turner, and Melanie Lightfoot Wednesday morning before the final general session. All three attendees win a free pass to a future DRJ conference.

Check out the DRJ.com Live page for more photos, tweets, and other details from DRJ Fall World 2017.

F17 10DRJ is now preparing for its next conference, DRJ Spring World 2018, which will be held March 25-28, 2018, in Orlando. Potential speakers have until Sept. 29, 2017, to submit a Call For Papers presentation.

To attend DRJ Spring World 2018, visit https://www.drj.com/springworld/.

Register
Sponsors
Sessions
Hotels & Travel
Pre/Post Classes
Key Contacts
ROI Toolkit

F17 13

Monday, 25 September 2017 22:35

DRJ Fall World 2017 Another Great Success

Don’t be Caught Unprepared

An emergency is defined as “a serious, unexpected, and often dangerous situation requiring immediate action.” The key word here is “unexpected.” An emergency is an emergency because it is not predictable – but it can be planned for if you understand your most likely threats.

As we are in the heart of hurricane season and have witnessed perhaps two of the worst hurricanes on record, we can all agree Harvey and Irma presented urgent situations. The good news about hurricanes, however, is that they are rarely unexpected. Thanks to modern technology, we have time to plan. We may not know what to expect, we do have certain steps we can take to ensure we come out of it alive, if not well.

The same goes for organizations designing their emergency response strategy. Not every situation can be predicted, but it’s wise to assess your current risks and make plans on how you would respond.

...

https://www.alertmedia.com/4-emergency-notification-templates-you-must-have-to-protect-employees/

The BCI

Hurricane Maria hit the Caribbean on Monday causing widespread damage throughout the US Virgin Islands, Dominica and Puerto Rico. Communications prior to the storm appeared clear and concise. Residents were warned to prepare and take shelter however, considering the damage left by Hurricane Irma just two weeks ago, the risk to lives and infrastructure was even higher.

Whilst news reports are showing the destruction from afar, one of the problems being faced by those affected in the Caribbean is a wide-scale loss of communications, meaning rescue operations and external aid missions are hindered, and communities face periods of time where contact with relatives and friends is impossible.

During a crisis, what are the repercussions of limited communications? Some communication outages can be repaired reasonably quickly by fixing damaged phone lines or restoring power to servers, however the long-term effects can be much more severe. If cables are damaged, major repairs can be needed which could take weeks or months to facilitate. The human effects of communications outages can also be damaging to communities by heightening a sense of panic. Whilst it’s important that members of the community can contact their colleagues, friends and family; the relief effort of emergency services must be a priority and without consistent communications, these efforts can be negatively impacted or even made impossible.

In the business continuity and resilience sector, having back-up systems and data sets is one of our key drivers. By having multiple sources of communication, for example, wireless and cable, communities and organizations are more likely to maintain access to at least one source and reduce any backlog of communications, therefore increasing the speed and effectiveness of the response effort.

At present, disaster recovery efforts appear to be heavily focussed on organizations, human welfare and infrastructure. However, the loss of communications is a problem which could be avoided. With the emergence of new technologies and a deeper understanding of these technologies, it should be possible to safeguard communications against the effects of a disaster by prioritising the implementation of multiple communication methods before a disaster becomes a crisis. 

Download the attached files

PDF documents  

The Business Continuity Institute

Climate change is seen to be one of the main challenges for the future, with the consequences of extreme weather events ranked the number one cause of business disruption.

The BCI Long-Term Planning Report, sponsored by Siemens, explores the attitudes and behaviours linked to long-term planning in the Benelux region and beyond, and considers how organizations prepare for future challenges related to climate change as well as how to they perceive their impact.

The results show the outstanding importance of long-term planning, horizon-scanning, and collaboration, as key elements when preparing for, responding to, and recovering from weather related disruptions. Download the full report and discover all the results.

Monday, 25 September 2017 15:28

BCI Continuity Planning for Climate Change

The Business Continuity Institute

2017 marks the 16th anniversary of the 9/11 terror attack. On the 11th September, 2001, two planes flew into the Twin Towers in the centre of New York, a third targeted the Pentagon in Washington DC and a fourth plane crashed in a field in Pennsylvania. The ongoing impact of the attacks is still widely spoken about today, and they brought to light the importance of planning and business continuity.

We focus, as business continuity professionals, on the importance of a variety of factors and one of the keys to embedding business continuity in your organization is staff welfare.

Staff welfare is ensuring that your staff not only feel supported during a disruption, but that they understand their roles and responsibilities during a disaster. If employees and stakeholders aren’t supported and their needs not met, can an organization guarantee that they will respond proactively to a disaster? Following the 9/11 attacks, major organizations affected have incorporated welfare plans into their BC plans.

Morgan Stanley was one of the organization’s affected by the 9/11 attacks and in the years following, talked about how their staff welfare took precedence. Within 20 minutes of the attack, most members of staff had been evacuated and within one hour of the attack, staff were relocated and backup systems were operational.

Robert Scott, COO of Morgan Stanley at the time, credits this success to their plans, exercising programmes, and personnel. By training senior managers and staff to respond to disasters, they were indeed prepared. They put the welfare of their staff above financial security and as a result, were able to resume business as soon as possible.

In an interview with the Harvard Business School, the COO stated "I am most proud that the clear, collective, first priority of senior management was the well-being of the people who work for Morgan Stanley." The resumption of their business is testimony to this approach.

Although each organization works differently and prepares for disruption in different ways, many can learn from this approach. The responsibilities of preparedness lie not only with management, but with every stakeholder associated with an organization and it is vital that business continuity and resilience professionals continue to endorse the importance of planning by demonstrating improvement through lessons learned and vigilance during times of uncertainty. 

Download the attached files

PDF documents  

The Business Continuity Institute

 

Mexico is waking up to widespread disruption and damage following a 7.1 magnitude earthquake.

The country is prepared for this type of disaster. All across Mexico, regular drills are practiced to ensure people are prepared for natural disasters, however this time it wasn’t a drill. The widespread damage is yet to be fully reported on and it’s likely that we won’t know the extent for days, weeks and even months, however their initial response appears proactive and positive.

In August 2017, the U.S. Department of Defense undertook an exercise designed to prepare the military and residents for a possible 7.0 magnitude earthquake. They followed their plans to the letter; escalating the disaster from local to county authorities. Once these county authorities could no longer manage the exercise scenario, it was escalated to state authorities and as a final escalation, the federal government was involved. According to Army Col. Barry Graham; “… I think it has been a great exercise and everyone has gotten something out of this training. New Mexico is very prepared because of this exercise."

Residents across the US and Mexico are also exercised regularly, undertaking drills which educate them on how to respond to a variety of scenarios. During these exercises, a 30 second warning is given and they are instructed of where to go and what to do depending on the type of disaster being exercised. This time however, there was no warning. The first the residents felt was the tremor. 

As this disaster becomes a reality with uncanny resemblance to their most recent exercise, how are local, state and federal authorities responding? Alfredo del Mazo Maza, the State of Mexico’s governor has invoked their disaster response plan; ordering schools to close and public transport to operate free of charge to allow residents to travel safely. Emergency services and volunteers are also in place working around the clock, searching the rubble for survivors. The extent of the damage and the widespread panic may hinder the recovery process, however even in the first 24 hours following the disruption, it appears that their widespread preparedness and exercising schedule will play a vital role in their recovery as a whole. 

Download the attached files

PDF documents 

The Business Continuity Institute

 

Having related but different disciplines work together, such as information security and business continuity, is the key for building resilience at an organizational level

Caversham, 19rd September 2017 –The Business Continuity Institute (BCI), in association with Mimecast, have published the BCI Information Security Report 2017. Cyber-attacks, such as the recent WannaCry ransomware attack, cause great disruption and financial loss, meaning organizations need to focus on collaboration as a key driver for building information security which is an important component of organizational resilience. 

The BCI Information Security Report looks to benchmark how organizations handle sensitive data and how resilient they are when it comes to data protection. The survey assessed 369 organizations in 63 countries worldwide on the different solutions and key drivers on which they build information security. 75% of organizations report the use of internet-connected devices at least once daily which demonstrates the pervasiveness of technology and how crucial it is to keep these devices secure. The results also showed that, top management commitment is pivotal in building information security across the organization. Compliance with legislation alongside organizational policies – such as staff training, company regulation etc. – and financial investment in information security, were also key drivers for information security in organizations. 

What stands out the most from the report is the concept of collaboration. Indeed, having collaboration among management disciplines and teams plays an essential role in tackling information security challenges, but it also helps when building organizational resilience. Therefore, business continuity professionals, with their expertise in dealing with disruption, should engage with related disciplines. Collaboration involved organizational change and effort, but the benefits deriving from it should be the motivation behind taking action. 

Founded in 1994 with the aim of promoting a more resilient world, the Business Continuity Institute (BCI) has established itself as the world’s leading Institute for business continuity and resilience. The BCI has become the membership and certifying organization of choice for business continuity and resilience professionals globally with over 8,000 members in more than 100 countries, working in an estimated 3,000 organizations in the private, public and third sectors.

The vast experience of the Institute’s broad membership and partner network is built into its world class education, continuing professional development and networking activities. Every year, more than 1,500 people choose BCI training, with options ranging from short awareness raising tools to a full academic qualification, available online and in a classroom. The Institute stands for excellence in the resilience profession and its globally recognised Certified grades provide assurance of technical and professional competency. The BCI offers a wide range of resources for professionals seeking to raise their organization’s level of resilience, and its extensive thought leadership and research programme helps drive the industry forward. With approximately 120 Partners worldwide, the BCI Partnership offers organizations the opportunity to work with the BCI in promoting best practice in business continuity and resilience.

The BCI welcomes everyone with an interest in building resilient organizations from newcomers, experienced professionals and organizations. Further information about the BCI is available at www.thebci.org.

Wednesday, 20 September 2017 16:32

BCI Information Security Report

The Business Continuity Institute

 

In our globally connected world, most organizations have staff that travel overseas, making it more important than ever for those organizations to have an effective emergency communications plan in place in order to contact geographically dispersed staff during a crisis.

Our annual emergency communications survey, sponsored by Everbridge, aims to benchmark the emergency communication arrangements of organizations in different sectors worldwide. Please do support the valuable research work of the BCI by completing the survey which you can find by clicking here. As an added incentive, all respondents will be entered into a prize draw to win a £100 Amazon gift card.

Tuesday, 19 September 2017 19:22

BCI Emergency Communications Survey 2017

TALLAHASSEE, Fla. – If you live in one of the disaster-designated Florida counties and experienced property damage or loss directly caused by Hurricane Irma, register with the Federal Emergency Management Agency (FEMA) for disaster assistance – even if you have insurance. This can be an important step to begin the process of recovery.

You may register for assistance the following ways:

  • At www.DisasterAssistance.gov.
  • If you don’t have Internet access, you can call 800-621-3362.
  • People who have a speech disability or hearing loss and use TTY should call 800-462-7585.
  • For those who use 711 or Video Relay Service (VRS), call 800-621-3362.
  • These toll-free telephone numbers will operate from 7 a.m. to 11 p.m. (EST) seven days a week until further notice.

FEMA assistance for individuals may include grants for rent, temporary housing and home repairs to their primary residences, as well as funding for other serious disaster-related needs, such as medical, dental or funeral costs. If you have insurance, FEMA may still be able to assist with disaster-related expenses that were underinsured or not covered by your policy.

After you apply, a FEMA inspector will contact you to schedule an inspection. The inspection generally takes 30-40 minutes or less and consists of a general verification of your disaster-related losses and a review of ownership or residence records. There is no fee for the inspection.

When a FEMA housing inspector comes to visit your home, be sure they show you proper identification. All FEMA inspectors have prominent photo identification badges. If you suspect someone is posing as a FEMA housing inspector, call our toll-free Disaster Fraud Hotline at 866-720-5721, or call local law enforcement officials.

Once the inspection process is complete, your situation will be reviewed by FEMA. You will receive a letter by email or physical mail, depending on your preference, which outlines the decision about your claim. For more information about the inspection process, and documentation you will need to provide the inspector, visit the FEMA Individual Assistance Inspection Process page.

Know that you may receive a visit from more than one inspector throughout the recovery process. In addition to FEMA housing inspectors, representatives from the U.S. Small Business Administration, state and local officials and inspectors for private insurance coverage also visit neighborhoods in affected areas.

For more recovery information visit FEMA’s Hurricane Irma web page at www.fema.gov/hurricane-irma.

 A call from a FEMA inspector. A brief inspector's visit. A decision letter. If you receive a SBA loan application completing it is an important step in finding out what aid may be available to you.

###

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-FEMA (3362). For TTY call 800-462-7585.

FEMA’s temporary housing assistance and grants for public transportation expenses, medical and dental expenses, and funeral and burial expenses do not require individuals to apply for an SBA loan. However, applicants who receive SBA loan applications must submit them to SBA loan officers to be eligible for assistance that covers personal property, vehicle repair or replacement, and moving and storage expenses.

WASHINGTON – The U.S. Department of Homeland Security's Federal Emergency Management Agency (FEMA) continues coordinating the efforts of the federal family, working alongside state, Commonwealth, tribal, territorial, and local emergency responders to help address the immediate needs of survivors following Hurricane Irma.

Tens of thousands of federal workers are supporting preparedness, response, and recovery to Hurricane Irma, including more than 3,200 FEMA staff, and more than 13,000 National Guard soldiers and airmen from 22 states, in rescue, evacuation, security and support operations.

three men on a boat repair a light

Crewmembers from Coast Guard Aids to Navigation Team Jacksonville Beach make repairs to a light damaged by Hurricane Irma, Friday, Sept. 15, 2017, in Brunswick, Georgia. The ANT Jacksonville Beach crew is responsible for over 950 aids to navigation throughout northeastern Florida and southeastern Georgia. (U.S. Coast Guard photo courtesy of Aids to Navigation Team Jacksonville Beach)

The Department of Energy is coordinating with its partners to facilitate communications, provide situational awareness, and expedite restoration efforts. More than 60,000 personnel are activated from more than 250 investor-owned electric companies, public power utilities, and electric cooperatives from all corners of the United States and Canada, to support power restoration. Private sector partners estimate that power should be returned to 95 percent of customers by September 17. Restoration to severely damaged areas will take additional time.

For those in designated areas in Florida, Puerto Rico, and the U.S. Virgin Islands, registering online at www.DisasterAssistance.gov is the quickest way to register for federal assistance, including FEMA assistance.  If survivors do not have access to the internet, they may register by calling 1-800-621-FEMA (3362) or 1-800-462-7585 (TTY). If survivors use 711 relay or Video Relay Service (VRS), they should call 800-621-3362 directly.

a woman wearing a FEMA vest stands in front of a flooded home with a clipboard

FEMA disaster assistance teams go door to door in Florida after Irma.

FEMA received more than 413,000 registrations to date and has already approved $92.8 million for Hurricane Irma survivors. As it becomes safe for people to return to their homes, FEMA expects registration numbers to increase.

Federal Efforts Underway as of September 16, 2017   

  • The American Red Cross (ARC) is operationally focused on safety, shelter, food, which includes shelf-stable meals, and positioning personnel and supplies. More than 8,100 people were provided refuge from Hurricane Irma in more than 100 government and Red Cross evacuation centers across four states, Puerto Rico, and the U.S. Virgin Islands.  To date, the ARC served more than 380,000 meals and snacks. More than 3,000 Red Cross workers are responding to Irma now, with almost 350 more volunteers on the way.
     
  • The U.S. Army Corps of Engineers (USACE) currently have more than 350 personnel engaged and have received 35 FEMA Mission Assignments (MA). For Florida, USACE’s mission assignments include providing temporary power, temporary roofing, debris removal, and infrastructure assessment. For Puerto Rico and the U.S. Virgin Islands, USACE’s mission assignments include providing temporary power, temporary roofing, debris removal/technical assistance, infrastructure assessment, and a commodities management subject-matter expert.
     
  • The U.S. National Guard Bureau (NGB) is sending additional personnel to support law enforcement and security operations; they’re scheduled to arrive in the affected areas in the next four days. National Guard soldiers and airmen continue staffing critical points of distribution to deliver essential resources including food and water, and continue clearing debris to open roads in affected areas. The National Guard continues search and rescue efforts in the Keys, while route clearance, shelter operations, law enforcement support, communication restoration and essential resource distribution remain a priority as well.  The National Guard is augmenting civilian law enforcement in securing areas affected by Hurricane Irma and in helping citizens rebuild their communities.
     
  • U.S. Department of Energy (DOE) continues to work with its partners to ensure that fuel remains available in the areas impacted by Hurricanes Irma and Harvey. The fuel situation is stable, and DOE is working with its interagency and private sector partners to ensure that it remains available throughout the region. The Strategic Petroleum Reserve delivered 3.1 million barrels of crude, out of the 5.3 million authorized. A blog post about these efforts can be found here, and DOE continues to provide situational updates here.
     
  • The Federal Aviation Administration (FAA) is sending a large, mobile air traffic control tower to Key West to help increase the safety and number of operations at the damaged airport. The mobile tower is currently at Bradley Airport, Connecticut and will be en route soon to Key West, and operational mid-week.
     
  • U.S. Department of Health and Human Services (HHS) response coordinators are working with federal and U.S. Virgin Islands territory agencies to identify long-term solutions for health care in the U.S. Virgin Islands; the territory’s entire medical care system and public health system were hard hit by the storm. National Disaster Medical System and U.S. Public Health Service Commissioned Corps teams have seen more than 3,700 patients, including dialysis patients evacuated from the Caribbean islands to Puerto Rico, as well as at the St. Thomas hospital, Florida shelters, and two hospitals in the Florida Keys. The HHS continues to provide the Disaster Distress Helpline (1-800-985-5990), which remains open 24/7 for free help coping with the stress of the storm.
     
  • The Center for Disease Control and Prevention (CDC) continues to provide personnel to support the efforts in Florida and the U.S. Virgin Islands, and share information about carbon monoxide and generator safety: https://www.cdc.gov/disasters/co-materials.html. The agency is currently translating guidance material into more than ten languages for survivors.
     
  • The U.S. Coast Guard (USCG) is working with the U.S. Navy and the National Oceanic and Atmospheric Administration in Key West, Florida, to open the shipping channel from the sea buoy to the Mole Pier, to facilitate the safe movement of relief supply deliveries.  However, the port of Key West remains closed at this time. Since Sept. 12, sixteen (16) tank ships have been cleared to deliver their supplies of fuel to ports in Florida. Eight additional tank ships are expected to arrive in the coming days. Coast Guard National Strike Force crews are working with local, state and federal teams on 64 pollution cleanup responses across the storm-impacted areas.
     
  • The U.S. Department of Justice (DOJ) released a message from Attorney General Jeff Sessions to those impacted by Hurricanes Irma and Harvey. To view this release, click here or see the video. The NCDF Disaster Fraud Hotline is (866) 720-5721. The Bureau of Prisons is providing updates at www.bop.gov.
     
  • U.S. Environmental Protection Agency (EPA) continues to coordinate closely with local, state, tribal and federal partners, especially the Florida Department of Environmental Protection in response to Hurricane Irma. EPA deployed six National Priority List (NPL) Assessment Teams to Florida this week and over one third, and counting, of the NPL sites in Florida have been assessed. EPA is also exercising enforcement discretion for diesel fuel use by utility work vehicles and equipment.  Florida Governor Rick Scott issued a request that will go into effect immediately, and terminates when all diesel reserves have been used or by the end of the day on September 22, 2017, whichever comes first.
     
  • The U.S. Social Security Administration (SSA) is working with the United States Postal Service and the Department of Treasury regarding check payments to be delivered. Cycle 3 benefit payments will be delivered on September 20. They estimate approximately 5,700 checks will be issued in the areas affected by Irma. The SSA will continue to monitor the status of all check payments in affected areas.
     
  • The U.S. Postal Service (USPS) continues to restore all mail processing operations in the state of Florida, including the areas hardest hit. In the Florida Keys, delivery and retail operations have resumed today in Key Largo and Tavernier. All facilities in Puerto Rico are open except for one post office.

a photo collage of men holding the American flag

VATF1 and NYTF1 personnel w/ @forestservice force protection officers re-raised US flag above the old firehouse at Fort Christian. [U.S. Virgin Islands]

Sailors work with heavy equipment to remove debris from Naval Air Station Key West, Florida

Sailors work with heavy equipment to remove debris from Naval Air Station Key West, Florida, Sept. 15, 2017. Clean up efforts are in full swing across the Florida Keys after Hurricane Irma caused extensive damage across the state. (U.S. Coast Guard Petty Officer 2nd Class Dustin R. Williams) 

###

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain and improve our capability to prepare for, protect against, respond to, recover from and mitigate all hazards.

Follow FEMA online at www.fema.gov/blogwww.twitter.com/femawww.twitter.com/femaspoxwww.facebook.com/fema and www.youtube.com/fema.  Also, follow Administrator Brock Long’s activities at www.twitter.com/fema_brock

The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

WASHINGTON – The Department of Homeland Security’s (DHS) Federal Emergency Management Agency (FEMA) is raising awareness that Hurricane Irma disaster survivors, and their friends and family, should be alert for false rumors, scams, identity theft, and fraud. Although many Americans are working hard to help their neighbors now, during chaotic times, some will always try to take advantage of the most vulnerable.

To dispel some of the false rumors circulating on the internet and social media, FEMA has a dedicated website to address some of the most common themes. Remember, if it sounds too good to be true, it probably is. Visit FEMA's Hurricane Rumor Control page to get the most accurate information from trusted sources.

Here are a few guidelines to protect yourself, or someone you care about, from disaster fraud:

Hurricane survivors are also encouraged to notify local authorities to cases of lawlessness or violence, especially in hurricane shelters. In an emergency, call 9-1-1. For other cases:

  • In Florida, report suspicious/criminal activity to 1-855-352-7233.
  • In Puerto Rico, report suspicious/criminal activity to the Puerto Rico Police by calling 787-343-2020, or by calling your local FBI office at 787-754-6000.
  • In the U.S. Virgin Islands, report suspicious/criminal activity to:
    • St. Thomas - 519-631-1224
    • St. John - 340-693-8880
    • St. Croix - 340-778-4950

###

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain and improve our capability to prepare for, protect against, respond to, recover from and mitigate all hazards.

Follow FEMA online at www.fema.gov/blogwww.twitter.com/femawww.twitter.com/femaspoxwww.facebook.com/fema and www.youtube.com/fema.  Also, follow Administrator Brock Long’s activities at www.twitter.com/fema_brock

The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

What Technology Are You Using?

What system do you use to send mass messaging to your employees? If you’re like most organizations, you probably use email. According to The Internal Communication and Technology Survey of 500 respondents from SMB to global enterprises, 68 percent communicate via email with at least 80 percent of their employees, mostly for events, pulse surveys, leadership communications, employee newsletters, change communications, and HR/rewards/pension communications. Many also utilize their company intranet site, often sending an email to direct employees to the intranet site.

While these technologies can be effective, they also have plenty of drawbacks. The survey  lends us some insight into the types of challenges internal communication leaders face with email:

...

https://www.alertmedia.com/5-signs-you-need-a-mass-notification-system

Sunday, 17 September 2017 18:32

5 SIGNS YOU NEED A MASS NOTIFICATION SYSTEM

With the two recent hurricanes that have devastated the Gulf states area, especially Texas and Florida, at MHA we add our thoughts and prayers to those who are displaced and experiencing loss as a result.

When water, wind, and rain become overwhelming, it illustrates exactly how fragile the works of man – including businesses – truly are. Many businesses impacted by natural disasters are small and only carry minimum – or not enough – insurance to cover property damage and business interruption. Due to this and many other factors, small businesses have a challenging time recovering from natural disasters such as hurricanes.

Because of the long-lasting and sometimes terminal effect major natural disasters like hurricanes can have on businesses, this guide is intended to assist small business owners in planning and preparing for the recovery phase of natural disasters, and for use if their business is damaged during an event. By breaking the process down into simple steps, we hope we can relieve some of the stress and uncertainty. It is important that these steps and preparations be in place before the event occurs or is bearing down.

...

https://www.mha-it.com/2017/09/natural-disaster-relief/

What Technology Are You Using?

What system do you use to send mass messaging to your employees? If you’re like most organizations, you probably use email. According to The Internal Communication and Technology Survey of 500 respondents from SMB to global enterprises, 68 percent communicate via email with at least 80 percent of their employees, mostly for events, pulse surveys, leadership communications, employee newsletters, change communications, and HR/rewards/pension communications. Many also utilize their company intranet site, often sending an email to direct employees to the intranet site.

While these technologies can be effective, they also have plenty of drawbacks. The survey  lends us some insight into the types of challenges internal communication leaders face with email:

...

https://www.alertmedia.com/5-signs-you-need-a-mass-notification-system

Wednesday, 13 September 2017 14:59

5 Signs You Need a Mass Notification System

An Effective Business Continuity Program can Enhance Your Emergency Management Capabilities and Drive Higher Levels of Preparedness Across the Organization

Many organizations that we encounter have an obligation to support the community in time of crisis, including hospitals and utilities, for example. These organizations place a heavy emphasis on emergency management, and in recent years, we’ve seen increased implementation of the standardized Incident Command System (ICS) framework, or in the case of hospitals, the Hospital Incident Command System (HICS). There are many benefits to adopting ICS or HICS, but, most importantly, it allows organizations (both government and non-government) to operate and collaborate more effectively during emergencies. Common terms, roles, and responsibilities remove barriers to cooperation, ultimately benefiting the community.

When a community is impacted by a natural or manmade crisis, we are all better off thanks to ICS and HICS. However, many organizations are discovering that these systems may fall short when it comes to an incident that does not directly impact the communities in which they operate. While placing a heavy focus on emergency management is great (and many organizations are already mature in this space), it may not prepare an organization for unplanned resource interruptions, such as IT downtime or an unexpected facility closure. So how can an organization ensure the performance of social or community responsibilities, while protecting its own operations in the event of a more isolated disruption? Enter business continuity.

...

http://perspectives.avalution.com/2017/breaking-down-silos-evolving-an-incident-command-system-to-include-business-continuity/

"ROTTERDAM, HOLLAND - SEPTEMBER 5, 2010: Demonstration of handling of car crash victim by medics at the annual World Harbor Days in Rotterdam, Holland on September 5"

New York City completed a functional exercise to help the city’s hospital system prepare for emergency medical personnel to treat and transport children, like this young girl, after a catastrophic event.

Setting the Stage

Imagine this: Explosions across New York City target elementary schools. Hundreds of severely injured and traumatized children, teachers, and parents flood hospital emergency departments in the five boroughs. Municipal emergency medical services (EMS) are rushing to respond.

Fortunately this scenario wasn’t really happening – it was part of an exercise conducted on May 25, 2017. The exercise was designed to test the ability of the New York City (NYC) Healthcare System to respond to a massive surge of pediatric trauma patients, exceeding the usual resources of this large and complex healthcare system.

Identifying the Players

As a CDC Career Epidemiology Field Officer assigned to NYC, I worked with the experts in the Pediatric Disaster Coalition and the Fire Department of New York (FDNY). We designed an exercise that reflected the number of injured children who would need to go to the hospital and the type of injuries they might experience if a similar event really happened.

NYC has 62 acute care hospitals that participate in the 911 system. Of these, 16 are level 1 trauma centers designated by the NYC Department of Health  (this includes three pediatric level 1 trauma centers and 4 burn centers). A total of 28 hospitals care for pediatric patients and have, during the past seven years with the assistance of the NYC Pediatric Disaster Coalition, developed pediatric-specific components of their overall disaster plans to prepare them to receive pediatric patients from an incident like the one invented for this exercise. All 28 hospitals participated in the exercise.

Coordinating Resources

Hospitals who participated in the exercise were challenged to rapidly respond to more than 60 simulated patients with a range of injuries and conditions:

  • a 7-year-old boy unresponsive after a traumatic injury to his head

  • A toddler with burns to the face, chest, and abdomen

  • A 12-year-old distraught after witnessing another child lose arms in an explosion

Hospitals had to assess the resources that were available to care for the patients, including

  • What nursing and specialty staff could be made immediately available?

  • What medications and equipment, including imaging equipment and burn supplies, were needed to care for the children?

  • What communications and incident command processes would each hospital use to mobilize staff and other resources in the situation described in the exercise?

  • Which patients needed to be transferred to specialty hospitals to receive care for their injuries?

Coordination between FDNY and hospitals was critical to the success of this exercise – it supported interfacility transfers for patients who required specialty care or to better match hospital resources with patient needs. During the exercise, I met with FDNY leadership from EMS and Office of Medical Affairs physicians, and leaders from NYC Emergency Management and the Health Department at the Fire Department’s Operations Center. There, we tested the communications between hospitals, FDNY, and a volunteer pediatric intensive care physician who was trained to assist FDNY’s Office of Medical Affairs to prioritize patients for urgent interfacility transfers.

Measuring Success

Hospital Incident Command leadership discusses the availability of resources to make more pediatric beds available.

Hospital Incident Command leadership discusses the availability of resources to make more pediatric beds available.

This exercise revealed that 28 NYC hospitals were able to rapidly and dramatically increase their pediatric critical care capacity. It was the largest exercise NYC has done that was focused primarily on caring for injured children. During the exercise, these hospitals:

  • More than doubled the number of beds in pediatric intensive care units (PICUs) and added 1,105 pediatric inpatient beds, so children could stay in the hospital for an extended period of time

  • Opened 203 operating rooms that could treat children who needed surgery

During the exercise, we also identified some challenges, including

  • More than half of the hospitals did not have enough supplies that could be used to treat critically injured children

  • A limited number of pediatric specialists, including doctors who could perform brain surgery on children as well as ear, nose, and throat specialists

  • Hospital resources (beds, supplies, and staff) would have been further strained if the disaster scenario had also included large numbers of adults

We were able to identify ways to improve each hospital’s process and further develop our citywide plans to respond to any emergency that strains our healthcare system. As a pediatrician and a parent of two young New Yorkers, I’m grateful that so many dedicated people are working together to make sure that city and hospital plans account for the unique needs of children in disasters.

The NYC Department of Health and Mental Hygiene receives federal funds used to support state and local public health and healthcare system preparedness through the aligned Hospital Preparedness Program (HPP) – Public Health Emergency Preparedness (PHEP) cooperative agreement. NYC used HPP funds to fund the NYC Pediatric Disaster Coalition to design and conduct the exercise, and coordinate participation of hospitals in the exercise.

Read our other National Preparedness Month blogs:

Tuesday, 12 September 2017 17:52

CDC: Preparing for the Worst-case Scenario

With floodwaters at four feet and rising, a family in Houston, Texas abandoned their possessions and scrambled to their roof during Hurricane Harvey to sit with their pets and await rescue. Unable to reach first responders through 911 and with no one visible nearby, they used their cellphones to send out a call for help through a social media application called Nextdoor.

Within an hour a neighbor arrived in an empty canoe large enough to carry the family and their pets to safety. Thanks to a collaboration with Nextdoor, we learned of this and hundreds of similar rescues across Harvey’s path.

This story illustrates the power of systems like Nextdoor, an app designed to make communication between neighbors easy. Survivors in Houston have been using social media platforms such as Facebook, Nextdoor and Twitter to connect to rescuers, organize food and medical supplies, and find places for people to stay.

These stories support our findings showing that social ties can save lives during disasters. They demonstrate why social media platforms should have pride of place among our preparations for and initial assessments of disaster damage.

...

http://www.govtech.com/social/Why-Social-Media-Apps-Should-Be-In-Your-Disaster-Kit.html

The Business Continuity Institute

 

In the news, we see posts about terrorism, unstable financial markets and pandemics, however of late, natural disasters appear to be taking centre stage.

Just two weeks ago, on the 25th August, we saw the disruption caused by Hurricane Harvey in Texas. Yesterday, images of the ongoing devastation of Hurricane Irma across the Caribbean begun to emerge, and today, an earthquake off the Pacific coast of Mexico takes more lives and threatens further disruption.

For individuals, natural disasters can be catastrophic; homes are damaged, at times beyond salvage and as we see during many large-scale disasters, lives are lost.

For businesses, natural disasters are equally catastrophic and damaging. Their staff may suffer physically and mentally and it’s likely that their critical infrastructure will be damaged as well as supply chains becoming disrupted for extended periods of time. 

There are many things these organizations can do to reduce the ongoing damage relating to this type of disruption. Preparation and collaboration are key. Preparing for a natural disaster isn’t a science. There’s no right or wrong way to ensure your business can continue but by ensuring you have considered the importance of your infrastructure, people welfare of all staff, and how your supply chain will be affected, you can aim to continue business within a reasonable period of time. 

When planning, by looking at collaboration opportunities, local businesses can work with others from further afield to obtain urgent supplies. They can work closely with the community to not only continue their business but to begin repairing the affected area. These local businesses can repair homes and buildings, they can provide transport for critical supplies and help to repair critical services when they’re disrupted. 

Whilst continuing business during a disaster may seem like a low priority for communities, the reality is that the quicker businesses can start supplying products and services to the community, the quicker the area can begin to recover as a whole. Whilst planning and collaboration can’t stop a disaster from happening, business continuity professionals use it as a tried and tested method to ensure their communities are restored as quickly as possible.

Download the attached files

PDF documents 

Riverbed SteelCentral and SteelHead identifies and solves application issues and provides quick access and improved uptime for critical applications

 

SAN FRANCISCO – Riverbed Technology today announced that Rockwell Collins Interior Systems, a leader in aviation cabin design and manufacturing, is using Riverbed® SteelCentral™ and Riverbed®SteelHead™ to ensure quick access to centralized applications and to improve uptime for critical applications. According to the company, SteelHead cut the time to access applications by half while simultaneously reducing bandwidth requirements by 60% and SteelCentral delivers the intelligent analytics needed to identify and resolve application issues quickly, allowing aviation specialists to spend more time developing safer, more comfortable airplanes.

“We used to get a lot of complaints about network performance from the users, and we don’t hear that anymore.”

Tweet This: Riverbed helps @RockwellCollins deliver safe and comfortable aircraft interiors to travelers worldwide: http://rvbd.ly/2vuVmT7

The Interior Systems division of Rockwell Collins, operating in 50 locations worldwide, is a leader in the design and manufacture of aviation interior cabin components such as oxygen systems, comfortable seating, cabin lighting, galley systems (including food and beverage preparation), advanced lavatories, and more.

The division houses all of its major applications in a co-lo data center in the U.S. delivering them across an MPLS network to remote sites. Major applications include Oracle, three ERP systems, and two Siemens PLM Software solutions: Teamcenter and NX design. The division also relies heavily on a number of proprietary .NET applications.

After centralization, access to the data was slow across the board, especially for locations that were furthest away or with limited bandwidth. “Everything took a lot longer to respond. Engineers would click on a drawing and then wait for it to download,” explained Chris Elder, senior manager of enterprise networks and data center operations for Rockwell Collins Interior Systems. “We can’t have engineers sitting around half the day waiting for things to happen on the network.”

Customer Storyhttps://www.riverbed.com/customer-stories/rockwell-collins-interior-systems.html

With productivity taking a hit, the division decided to deploy Riverbed SteelHead WAN optimization appliances throughout most of the organization, immediately boosting application performance while simultaneously reducing WAN bandwidth requirements by 60%. Elder also decided to improve visibility into the network to more quickly identify and resolve issues. He chose Riverbed SteelCentral AppResponse, a network-based application performance management solution that is integrated with the SteelHead appliances. “I’m a big fan of Riverbed,” Elder said. “We used to get a lot of complaints about network performance from the users, and we don’t hear that anymore.”

The division also needed to address nagging application performance issues. “We are primarily a .NET shop,” explained Derek Turner, Senior .NET and SharePoint developer for Rockwell Collins Interior Systems. “We have 12 custom high-availability, internal and external facing .NET applications, and nine times out of 10, when I’m troubleshooting, it’s a .NET issue.”

Turner chose Riverbed SteelCentral AppInternals, which captures and analyzes all user transactions, end to end, from the user device to the back-end while capturing system metrics every second. This complete application visibility allows IT to reconstruct incidents in the detail needed to quickly diagnose problems. Powerful analytics helps pinpoint issues down to code level allowing for faster problem solving. “Now if I get a report that something is timing out, which generally means it’s taking longer than 90 seconds to respond, with the information available to me with this tool, I can isolate the offending component in minutes,” Turner said. “This is the power of SteelCentral AppInternals.”

Gone are the days when Turner faced an unknown amount of time to first recreate a problem, then identify the root cause, and finally fix the code. “I can't explain how good AppInternals really is,” he added. “There’s nothing that I can't see or explain [with it]. Having a tool like this is life changing. Our development response time to deliver a solution to the business unit has been vastly improved.”

Riverbed Delivers Solutions for Cloud and Digital World

Riverbed is delivering solutions to help companies transition from legacy hardware to a new software-defined and cloud-centric approach to networking, and improve end user experience, allowing enterprises’ digital transformation initiatives to reach their full potential. Riverbed’s integrated platform delivers the agility, visibility, and performance businesses need to be successful in a cloud and digital world. By leveraging Riverbed’s platform, organizations can deliver apps, data, and services from any public, private, or hybrid cloud across any network to any end-point.

Riverbed SteelHead™ is the industry’s #1 optimization solution for accelerated delivery and peak performance of applications across the software-defined WAN. Riverbed SteelCentral™ product family is a performance management and control suite that combines user experience, application, and network performance management to provide the visibility needed to diagnose and cure issues before end users notice a problem, call the help desk, or jump to another web site out of frustration.

Connect with Riverbed

About Riverbed

Riverbed enables organizations to modernize their networks and applications with industry-leading SD-WAN, application acceleration, and visibility solutions. Riverbed’s platform allows enterprises to transform application and cloud performance into a competitive advantage by maximizing employee productivity and leveraging IT to create new forms of operational agility. At more than $1 billion in annual revenue, Riverbed’s 28,000+ customers include 97% of the Fortune 100 and 98% of the Forbes Global 100. Learn more at www.riverbed.com

Riverbed and any Riverbed product or service name or logo used herein are trademarks of Riverbed Technology, Inc. All other trademarks used herein belong to their respective owners.

Fifty percent of employees say they are more productive and motivated when their bosses share information. In fact, 76 percent don’t trust bosses who fail to communicate. Obviously, internal communications are a big deal when it comes to employee engagement and satisfaction. Is there such a thing as too much communication?

Related: Employee Engagement Starts with Communication

With 24-hour access to news and social media, we have become a culture of instant and all-encompassing information. We are increasingly expecting to know it all, or at least thinking we deserve to. However, companies must sometimes make decisions about what information they believe to be appropriate for their employees and what could cause damage to morale, revenue, reputation, or retention.

This isn’t always easy. To tell or not to tell can be a dilemma. Disclose too much and you can have an internal crisis on your hands. Offer up too little and your employees may rebel, or at best grumble. The truth is, every situation requires different evaluation, but we can safely place certain issues into “Tell” and “Don’t Tell” buckets.

We offer up the top 4 things employees need to know and need not to know:

...

https://www.alertmedia.com/4-things-you-shouldnt-notify-your-employees-about/

WAYNE, Pa. – Sungard Availability Services® (Sungard AS), a leading provider of information availability through managed IT, cloud and recovery services, has appointed Kathy Schneider as Chief Marketing Officer reporting directly to Andrew A. Stern, Sungard AS' Chief Executive Officer.

Schneider will have global responsibility for Sungard AS' marketing, market strategy and corporate communications. In this role, she will drive the company's global go-to-market approach and brand strategy to further strengthen Sungard AS' market relevance and recognition, and to accelerate revenue growth. Schneider will also represent the voice of the customer, ensuring customer experience is integral to all Sungard AS' business decisions. As such, she will assume leadership responsibility for Sungard AS' European and North American Customer Advisory Boards (CABs).

"We are delighted to welcome Kathy to the Sungard AS leadership team as our CMO," said Andrew Stern. "Kathy has extensive experience developing global marketing strategies that have helped to achieve growth for both established and emerging IT businesses. As a proven marketing leader, Kathy will help Sungard AS elevate our brand, ensure that we are developing solutions aligned with customers' evolving needs, and generate increased demand to drive growth."

Schneider joins Sungard AS after more than two decades of technology and business-to-business marketing experience at country, regional and global levels in both pre-IPO and Fortune 500 companies. Her most recent role was at Level 3 Communications, where she served as Senior Vice President, Product and Marketing, EMEA. Prior to Level 3, she led global Marketing and Communications at Criteo, a leader in digital marketing and big data. Schneider also spent 14 years at Dell Inc. where she held a variety of marketing leadership roles in the U.S. and EMEA.

"For more than 35 years, Sungard AS has been reputed as the market leader for delivering recovery solutions that keep enterprises and organizations 'always on' and able to meet their business objective," said Kathy Schneider. "Over the last several years, the company has transformed its solutions portfolio to offer fully resilient production and recovery services. I am thrilled to join Sungard AS at such a pivotal time as it continues to evolve its solutions portfolio and help customers across their entire IT deployment."

About Sungard Availability Services:
Sungard Availability Services ("Sungard AS") is a leading provider of critical production and recovery services to global enterprise companies. Sungard AS partners with customers across the globe to understand their business needs and provide production and recovery services tailored to help them achieve their desired business outcomes. Leveraging more than 35 years of experience, Sungard AS designs, builds and runs critical IT services that help customers manage complex IT, adapt quickly and build resiliency and availability. Visit Sungard Availability Services at http://www.sungardas.com/en/ or call 1-800-468-7483. Connect with us on TwitterLinkedIn and Facebook.

Sungard Availability Services is a trademark or registered trademark of SunGard Data Systems or its affiliate, used under license. The Sungard Availability Services logo by itself is a trademark or registered trademark of Sungard Availability Services Capital, Inc. or its affiliate. All other trademarks used herein are the property of their respective owners.

Many organizations consolidate their disaster recovery and IT security recovery plans into one package without asking if this approach makes sense.

Security and disaster plans are related but they are not the same, and at MHA Consulting, we advise against combining them.

How Disaster Recovery and IT Security Recovery Plans Differ

DR and IT security recovery plans appear to be very similar. Both plans include a procedure to minimize the impact of an event. They also have procedures to recover from the event and return to production, and will likely have a process to minimize the possibility of a similar event occurring again. Yet, beyond that, disaster and IT security recovery plans are fundamentally different.

The core difference between these plans is that disaster recovery is about business continuity, while IT security is about information protection. Therefore, disaster recovery plans tend to be actionable while security plans tend to be more validation and configuration driven. Part of the recovery tasks performed to make applications or environments available include the necessary security architecture and settings.

...

https://www.mha-it.com/2017/09/separate-security-disaster-recovery-plans/

Having a business continuity plan in place is all well and good, and an important part of preparing for any potential disruption in business, but if the plan sits on a shelf collecting dust, what good is it really doing? For a BC plan to truly thrive, it needs to be practiced, regularly.

Why Exercise

Organizations that perform well-planned exercises get better results when faced with the real event. It makes sense, but often companies fail to move forward with exercising plan implementation. When you regularly run tabletop, functional and even full scale exercises, drilling on all aspects of your plan, it becomes nearly muscle memory for your staff in the event of an actual incident.

...

http://www.missionmode.com/importance-regular-drills-practices-bc-managers/

WASHINGTON – The Federal Emergency Management Agency (FEMA) is raising awareness that Hurricane Harvey disaster survivors, and their friends and family, must be alert for false rumors, scams, identity theft, and fraud. Although many Americans are working hard to help their neighbors now, during chaotic times, some will always try to take advantage of the most vulnerable. 

To dispel some of the false rumors circulating on the internet and social media, FEMA created a dedicated website to address some of the most common themes. Remember, if it sounds too good to be true, it probably is. Visit https://www.fema.gov/hurricane-harvey-rumor-control to get the most accurate information from trusted sources.

Here is how to protect yourself, or someone you care about, from disaster fraud:

  • Federal and state workers do not ask for, or accept, money. FEMA staff will never charge applicants for disaster assistance, home inspections, or help filling out applications. Stay alert for false promises to speed up the insurance, disaster assistance, or building permit process.
     
  • In person, always ask to see any FEMA employee ID badges. FEMA Disaster Survivor Assistance teams may be in impacted communities providing information and assisting survivors with the registration process or their applicant files.
     
  • A FEMA shirt or jacket is not proof of identity. All FEMA representatives, including our contracted inspectors, will have a laminated photo ID. All National Flood Insurance Program adjusters will have a NFIP Authorized Adjuster Card with their name and the types of claims they may adjust.
     
  • If you are unsure or uncomfortable with anyone you encounter claiming to be an emergency management official, do not give out personal information, and contact local law enforcement.
     
  • If you suspect fraud, contact the FEMA Disaster Fraud Hotline at 866-720-5721 or report it to the Federal Trade Commission at www.ftccomplaintassistant.gov
     
  • More information on disaster-related fraud is available at the Texas Attorney General’s Office website at texasattorneygeneral.gov/cpd/disaster-scams or call -800-252-8011.
     
  • In Louisiana, disaster-related fraud information is available on the State Attorney General’s Office website at http://www.agjefflandry.com or contact the National Center for Disaster Fraud’s hotline at 1-866-720-5721.

##

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain and improve our capability to prepare for, protect against, respond to, recover from and mitigate all hazards.

Follow FEMA online at www.fema.gov/blog, www.twitter.com/fema, www.twitter.com/femaspox, www.facebook.com/fema and www.youtube.com/fema.  Also, follow Administrator Brock Long’s activities at www.twitter.com/fema_brock.

The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

NEW YORK – CA Technologies (NASDAQ:CA), today announced it has been named a Leader in the prestigious “The Forrester Wave™: Continuous Delivery and Release Automation, Q3 2017” report by Forrester Research. The report evaluates 15 of the most significant continuous delivery and release automation vendors.

New #ForresterWave names @CAinc @Automic "Leader" in continuous delivery& release automation http://bit.ly/2x7JVAD

Tweet this

Vendors were evaluated on 26 criteria on their ability to support major DevOps processes for continuous delivery and release automation, including: integration with CI tools, package creation and modeling, pipeline modeling and governance, API coverage, vulnerability rectification and out-of-the-box integrations.

“We are delighted to be named a Leader in Forrester’s latest Continuous Delivery and Release Automation Wave report,” said Ayman Sayed, president and chief product officer, CA Technologies. “We believe this achievement testifies to CA Technologies success in empowering enterprises with the speed and agility they need to achieve continuous delivery and adopt digital transformation as an important strategic initiative.”

Per the report, Forrester states, “Automating the movement and deployment of infrastructure, middleware, and applications through testing is a key pain point for I&O teams today. CDRA [Continuous Delivery and Release Automation] tools remove errors from manual deployment and release processes by standardizing and automating the movement of applications between environments; this is a critical step in the delivery pipeline of applications and has a direct impact on customer experience.”1

According to the report, “CA Continuous Delivery Director and CA Automic Release Automation demonstrated good pipeline management across all pipeline stages, movement of complete releases including applications, infrastructure and middleware, remediation of vulnerabilities, defect tracking, and out-of-the-box integrations with a broad range of third party solutions including configuration management, database management tools and testing tools.”2

CA Continuous Delivery Director and CA Automic Release Automation received the highest scores possible in the deployment flexibility, deployment scenario support, advanced model creation and deployment, pipeline health and orchestration, scalable governance, planned enhancements, consulting, training and support, and innovation in delivery models and pricing criteria.

CA Automic Release Automation is the most flexible, yet scalable release automation product on the market. It is also environment agnostic, making CA Technologies uniquely positioned to help transform any enterprise for the digital age.

To learn more, visit:
CA Automic Release Automation: https://automic.com/products/application-release-automation
CA Continuous Delivery Director: https://www.ca.com/us/products/ca-continuous-delivery-director.html

1 Forrester Research, The Forrester Wave™: Continuous Delivery And Release Automation, Q3 2017, Stroud, Gardner, et al., 30 August 2017.

2 Forrester Research, The Forrester Wave™: Continuous Delivery And Release Automation, Q3 2017, Stroud, Gardner, et al., 30 August 2017.

Tweet this: New #ForresterWave recognizes @CAinc @Automic as a “Leader” in continuous delivery & release automation: LINK @Automic #DigitalTransformation

Follow Automic Software

Automic Blog
Latest News
Join the Conversation
Join us on LinkedIn

About CA Technologies

CA Technologies (NASDAQ:CA) creates software that fuels transformation for companies and enables them to seize the opportunities of the application economy. Software is at the heart of every business in every industry. From planning, to development, to management and security, CA is working with companies worldwide to change the way we live, transact, and communicate – across mobile, private and public cloud, distributed and mainframe environments. Learn more at www.ca.com.

Follow CA Technologies

Twitter

Social Media Page

Press Releases

Blogs

Legal Notices

Copyright © 2017 CA, Inc. All Rights Reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.

AUSTIN – The Centers for Medicare and Medicaid Services (CMS) issued a November 15, 2017 deadline requiring all Medicaid and Medicare providers and suppliers to have an emergency preparedness plan in place for their facility. These new rules can mean changes to familiar processes and procedures – causing headaches and added stress for healthcare compliance professionals.

But the good news is these guidelines are designed to make healthcare facilities safer, more efficient, and better at communicating around emergency situations. Meeting the program requirements may seem overwhelming, but the best way to approach the new regulations is to find a way to make them work best for your organization and to find a solution you can implement quickly and easily. New technologies such as AlertMedia’s emergency mass notification system can assist you in a big way.

1. Build an Emergency Plan

This is the first item the CMS regulations address and the best place to start when building a CMS compliance strategy. Begin with researching relevant material that will apply to your facility such as local emergency requirements and important emergency personnel contact information.The assessment checklist published by CMS recommends gathering the following information:

  • Copies of any state and local emergency planning regulations or requirements
  • Facility personnel names and contact information
  • Contact information of local and state emergency managers
  • A facility organization chart
  • Building construction and Life Safety systems information
  • Specific information about the characteristics and needs of the individuals for whom care is provided

CMS guidelines requires your emergency plan also include a Continuity of Operations Plan (COOP) for hazardous situations. CMS specifies that facilities should develop this plan with an all hazards approach taking into consideration events such as hurricanes, floods, tornadoes, fire, bioterrorism, pandemic, etc. If the event could disrupt the flow of your facility’s service in any way, it must be planned for.

Collaborate with local emergency services, analyze all hazards, discuss with suppliers, and set up a hierarchy for decision criteria for your emergency plans.

2. Put in Place Policies & Procedures

This portion of the requirements should be specific to your organization and based on the facility’s risk assessment and emergency plan. Policies and procedures must be reviewed and updated on an annual basis.

The key to fulfilling this requirement is to fully develop and document your emergency policies and procedures with a schedule for review, update, and maintenance built in to remain compliant. Build policies and procedures that work for your organization and make ongoing compliance as easy as possible.

3. Develop an Emergency Communications Plan

Proper communication before, during, and after an emergency is the key to your emergency preparedness plan. It will inform employees, patients and visitors of the situation at hand and where and what they should be doing during the event. But communicating on this scale can be a logistical nightmare.

Your organization must gather, store and update a large amount of contact information to communicate efficiently during an emergency situation. A comprehensiveemergency notification systemcan help you gather and maintain this data in a safe, efficient manner, making it a great option to use for your compliant communications plan.

AlertMedia, the fastest-growing emergency mass notification system provider in the world, has helped numerous healthcare organizations meet the Emergency Communications Plan regulations included in the CMS guidelines. Organizations use AlertMedia’s web and mobile applications to interact with their audience from any device, over any communication channel – such as voice call, text, native mobile apps, email, social media, and Slack – keeping their people safe and informed with just a few clicks.

4. Training & Testing Program

To meet the training and testing portion of the new CMS Guidelines your facility must provide:

  1. Initial training for new and existing staff in emergency preparedness policies and procedures
  2. Annual refresher training so that staff can demonstrate knowledge of emergency procedure

This section in the emergency preparedness guidelines allows for a more tailored approach that works best for your facility and the hazards your organization specifically faces. The purpose of this requirement is to ensure that the processes you've put in place work well, are fully compliant, and are understood by the members of your team. If you've put solid systems in place, you’ll simplify your program training and testing.

Summary

The new CMS guidelines are designed to ensure patients, visitors, personnel and government officials are safe and informed during natural and man-made critical events. Improved emergency communications help ensure the safety of your facility and your people. One of the best technological investments your healthcare facility can make in preparation for these new guidelines is a multi-layered mass communication system like the AlertMedia platform. You can keep your people safe when you keep them informed.

About AlertMedia

As a mass communications and monitoring company, AlertMedia helps hundreds of global organizations securely and effectively monitor threats, streamline notifications, and improve employee safety. The company’s cloud-based platform delivers communications that protect organizations, improve operations, and mitigate loss from any location, at any time, using any device. For more information, call (800) 826-0777 or visit www.alertmedia.com.

The Business Continuity Institute

On Friday 25th August 2017, Hurricane Harvey hit Texas, in the USA. The natural disaster has brought record levels of rainfall causing widespread flooding.

The level of disruption in Houston has hit unprecedented levels, affecting health, homelessness and economy. Hospitals have had to be evacuated, homes have become damaged and uninhabitable and businesses have been forced to close. With widespread power cuts, emergency services have been relying on backup systems to continue offering care to those most in need.

Could anything be done better at this stage of the crisis? Looking back to 2005 and Hurricane Katrina, in New Orleans; evacuation led to congestion, lack of resources resulted in poor health and social care, and widespread panic lead to looting and damage to businesses. More than a decade later, New Orleans still hasn’t recovered. Their population is significantly lower than pre-Katrina and their businesses still struggle to trade.

12 years on however, the military are on site to reduce disruption to people and businesses in the affected areas of Texas. Supplies and generators have been shipped in, and engineers are onsite in an effort to restore Houston’s critical infrastructure whilst evacuation efforts are planned and prioritised around those most at risk. On the surface, the response effort appears more coordinated.

Whilst the efforts will continue to focus on the safety of residents, the effects on businesses will not be clear until much later. It does seem that businesses were better prepared with emergency response and business continuity plans already in place. Renovation and restoration organizations prepared for the storm by safeguarding their stocks and have put a lockdown on service inflation in the area. Farmers and traders worked tirelessly to protect their crops and although not a failsafe approach, have managed to bring at least some of their produce to safety. Local businesses have invoked their disaster recovery plans and are preparing to repair damage in disrupted areas as soon as possible, however with supply chains disrupted and entry roads blocked, this is likely to be a lengthy and difficult task.

At this early stage, it would seem that lessons were learned relating to preparedness, however whether the response has been proactive enough to ensure the regeneration and continuity of Houston and affected areas will only be seen over time.

Download the attached files

PDF documents  

Establishing your business continuity strategy starts with considering your organization’s objectives, legal and regulatory requirements, personnel, and products or services, along with your customers and clients. Before jumping in to identify and develop your strategy and plans for business continuity, there are some preparations you can perform to help you successfully implement a functional program. These are:

  • Seek support from senior management.
  • Engage a competent third-party BCM consultant.
  • Develop a basic plan if nothing exists.
  • Appoint your BCM team.
  • Perform a business impact analysis (BIA).
  • Develop the BC strategy.
Seek Support from Senior Management

Without management support and engagement, it is difficult for a BC program to provide value and succeed in its goals. Management should form a steering committee to assist with funding and facilitation of cross-departmental issues. Providing regular status updates and reports on the added value of the program will help you garner support and understanding from senior management.

...

https://www.mha-it.com/2017/08/business-continuity-strategy/

It’s a common misconception many businesses have that sever weather incidents won’t drastically change the way they operate even if this unexpected severe weather occurs in their geographic area. However, according to FEMA, this simply isn’t the case. In fact, FEMA estimates 40% of all businesses are forced to close immediately after a disaster and another 25% of businesses will fail within one year. Knowing these sobering statistic begs us to take a closer look at exactly how severe weather may impact your business.

Building Damage/Loss of Facilities

The most obvious way severe weather can hit home is when it causes structural damage to your company’s building or even destroys the facility all together. Whether it’s a flood, tornado, hurricane, fire, or any other terrible act of mother nature, losing the place your staff reports to every day to perform their work has a tangible impact on your business operations. You’ll need a plan in place for backup facilities and/or remote work options.

...

http://www.missionmode.com/closer-look-severe-weather-can-disrupt-business/

Broadly speaking, there are two approaches to structuring a business continuity program.

A centralized structure involves leading and executing the business continuity planning process within a single team and engaging the business as needed.

A decentralized structure involves leveraging a small number of centralized resources that offer consultative assistance and performance measurement while resources dispersed throughout the business execute the actual planning process.

...

http://perspectives.avalution.com/2017/business-continuity-planning-centralized-and-decentralized-approaches/

In theory, IT should be a boon for business continuity. Speed, reliability, automation, efficiency, productivity, all these things are positive effects available by moving to a digital environment driven by information technology.

However, IT also brings its own risks of interruption and breakdown. These can then compromise the continuity of an entire organisation.

Consultancy firm EY published a report a little while back. Here’s an overview of some of the main drawbacks in using IT, with a few pertinent updates:

...

http://www.opscentre.com/is-it-getting-in-the-way-of-business-continuity/

Industry experts assert that because the manipulation and communication of information is now a core function of most organizations, comprehensive data management strategies are vital. But despite being mission critical, the data center often remains siloed –  a necessary, but not strategic, business service.

However, in an economic landscape defined by digital disruption, and where businesses are transforming at lightning speed, this is finally set to change. The innovations revolutionizing business – cloud computing, social media, mobile apps, the “big data” explosion and on-demand services – can only be delivered from purpose-built highly efficient data centers.

Getting the data center strategy right means that companies have an intelligent and scalable asset that enables choice and growth. But getting it wrong means their entire business could fail. For data center managers across the world, the pressure is unprecedented.

...

http://www.datacenterknowledge.com/archives/2017/08/24/why-business-continuity-is-the-final-word-in-the-build-vs-buy-debate/

The Business Continuity Institute

More of us are moving to cities than ever before, especially in the developing world, and this migration to urban centres and the growth of cities results in more complex challenges in urban planning such as traffic management, sanitation and healthcare, thus requiring smarter management. In the latest edition of the Business Continuity Institute's Working Paper Series, Gianluca Riglietti offers an overview of smart cities today, exploring the opportunities as well as the challenges they bring.

In the paper, Gianluca concludes that cyber resilience strategies will have to be implemented in order to mitigate the risks that could disrupt a smart city, and that business continuity is also necessary, alongside other management disciplines such as information security, to ensure ensure they operate smoothly. The analysis has shown that there is ground for collaboration and an overlap in terms of good practice across disciplines.

"This technology-driven approach is not always well received," says Patrick Alcantara, Research & Insight Lead at the Business Continuity Institute. "The reliance on connective technology raises questions related to resilience given its susceptibility to outage, failure or breach. Gianluca Riglietti’s paper addresses these concerns and provides an excellent foundation to explore how smart cities can change our lives. Using business continuity principles as a framework for building cyber resilience, he suggests a way forward for managing these smart cities."

Download your free copy of 'Exploring business continuity implications of smart cities vulnerable to cyber attack' to understand more about smart cities and the complexity of making them more cyber resilient.

The Business Continuity Institute

The Association of Banks in Singapore (ABS) recently conducted a large-scale industry-wide exercise for the financial sector involving simulated terrorist and cyber attacks (code-named Exercise Raffles) to test their business continuity arrangements.

The exercise was the fifth in the Exercise Raffles series with 139 financial institutions including banks, finance companies, insurers, asset management firms, securities and brokerage firms, financial market infrastructures, industry associations, the Singapore Exchange as well as the Monetary Authority of Singapore (MAS) participating in the Exercise.

The Exercise was also conducted with the support of the Ministry of Home Affairs, the Singapore Police Force, the Ministry of Communications and Information, the Cyber Security Agency of Singapore and the building and facilities management from approximately 50 buildings.

Mr Ho Kai Weng, Chief Executive of the General Insurance Association, said: “Recent developments in many countries around the world have highlighted the danger from cyber and physical threats. This exercise has emphasised the importance for the general insurance industry to collaborate in sharing information, undertaking active discussions and testing threat response and business continuity plans.”

During the Exercise, financial institutions practised established crisis management and contingency plans in response to simulated scenarios on terrorist attacks and cyber attacks that had disrupted operations and resulted in the unavailability of financial services.

Mrs Ong-Ang Ai Boon, Director of ABS, said: “The Exercise was valuable and provided an opportunity to practise coordination amongst the financial institutions, including crisis responses and sharing of information. The exercising of communication and co-ordination between financial institutions and authorities was intense and challenging. There are good lessons that the industry gained which will contribute towards enhancing the responsiveness and resilience of Singapore’s financial sector.”

Validation is one of the six main stages of the BCM Lifecycle according to the Business Continuity Institute's Good Practice Guidelines, and is essential for ensuring an effective business continuity programme. By regularly exercising your programme, you can find out where any vulnerabilities are and make improvements, and you can help ensure that people know what is expected of them.

Ms Pauline Lim, Executive Director of LIA Singapore added that, “As Singapore strives towards achieving our Smart Nation ambition, it also becomes increasingly critical for us to ensure that the level of protection we provide members of the community, and the integrity of our systems are not compromised. Today’s exercise highlights the importance of being crisis response-ready, and it is heartening to note the level of preparedness and swift actions of life insurers in effectively tackling the simulated crisis.”

thunderstorm 1761849 1920

You’ve finally got the right executive management team in place. Sales are at all all-time high, projections are better, and you’re running on all cylinders. Your CIO has provided an efficient platform to support the business. You are prepared to stifle the competition.

You and your team have thought of everything. However, there may be one consideration that you are missing. How will you deal with the inevitable discontinuity that may confront your business? Terrorism, weather conditions, civil disturbances, and fire are among the considerations that may force you to have alternate plans in place. If you leave the office at the end of business on Monday evening, and the workplace is not available on Tuesday morning, how will you conduct business? How will you interface with your customers, and more importantly, how will you prevent them from directing themselves to your competition? The answer is obvious, and rather simple. You need to have a business continuity plan, and to maintain an alternate site to do business in the event of a disruption. If you’re not doing the following, you are putting your company in real jeopardy.

During more than a dozen years in which I served as senior vice president of operational risk management at AXA Equitable, an insurance giant, we were faced with eight significant crises. Five of these involved loss of use of a principal facility. The major culprit was weather, but I was sure that we had appropriate plans in place to deal with any eventuality. Fortunately, we were able to sustain the business with no interruption in all these instances due to extensive prior planning.

Here are five key considerations to building a strong business continuity plan:

1. Conduct a business impact analysis

What are the core functions of your firm that have little or no tolerance for downtime? Obviously, your customer-facing functions fall within this category, but there are also a host of financial functions which do as well. At the conclusion of this analysis you should determine the number of “seats” to allocate to each critical business area. Remember that support functions such as Procurement, Facilities, and Human Resources can be critical in sustaining business operations, and also in the process of getting you back on your feet.

2. Identify a business continuity plan (BCP) strategy

You’ve identified the critical pieces of your operation. Now it’s time to be able to staff these functions at an alternate location. For example, if you’ve determined that your treasurers department needs to be allocated 24 workstations, you’ve got to build these “seats” at an alternate location, appropriately geographically dispersed from your primary location. The desktop at each seat must be individually imaged with the applications and software to enable that function to perform.

Determine whether you want to host your own BCP plan, or outsource. Outsourcing is generally more expensive. We hosted our own plan. I preferred self-hosting because we were operating in a company owned facility, with our own equipment. We had complete control of the space, and also the quality of the data residing on the desktops. I felt that we controlled our own destiny.

Again, ensure that your BCP site is a proper distance from your primary site. It should also be supported by a generator. On 9/11, a number of Wall Street firms found that their BCP sites, also located in Downtown NYC locations, were not inhabitable due to an area-wide lockdown in the aftermath of the tragedy. Ensure that you have a transportation plan to get employees to the recovery site.

3. Practice, practice, practice ...

The only thing worse than not having a plan, is having one, and not being able to properly execute. In 2004, NYC hosted the Republican National Convention. The two largest hotels in the city were occupied by a large number of convention delegates. Based upon reports that the delegates may be targeted at these locations, and the residual impact due to our proximity, a determination was made to run the business for two weeks from our recovery site. The feared protests never materialized, but in the end, we conducted an exercise which validated our crisis management and BCP programs. On an annual basis, we conducted an all-hands BCP drill. This continued to validate the functionality of our plan, and contributed to the overall “buy-in.”

I’ve often told my employees that we were in the business of sales. Our job was to convince our internal business folks to supporta mandate of preparedness in addition to their core responsibilities. This mindset ultimately became part of our culture.

4. Develop a remote access program

This is a great complement to your recovery site. It enables you to bring more people back to work quickly. Do an inventory of those employees who are assigned laptops. For employees not assigned laptops, remote access software enables employees to mirror a workplace computer via their home desktop. This is also a useful strategy for instances where employees are not able to travel due to weather or other conditions.

5. Communications

I believe that communication is the single most important aspect of crisis management. Effective communication helps to control the intensity of a crisis. Employees can be directed, and kept in the loop with an automated notification system, such as Onsolve or Everbridge. Crisis managers, who previously depended on manual process, can now use a tool, GroupDoLists, which serves as a repository for all BCP and CM documentation. It pushes out tasking to team members during a crisis, and reports their progress in real time. An effective way to keep executive management in the loop on their smartphone or laptop.


A 26-year career in the Secret Service has infused a mindset of preparedness. The keys to success in this discipline are advanced preparations, training, and the smart use of technology. I strongly believe that companies seeking a competitive edge must be prepared to deal with unforeseen events. Every move a business makes is transparent today. Customers watch how your company is handled in a crisis. If your company fumbles a disaster, your customer may decide to shop elsewhere.

Author Info:
Dowling PeterPeter Dowling, 26-year veteran of the Secret Service, 12 years in operations risk management with AXA. Today, Dowling works as a special advisor to the CEO for GroupDoLists, Powered By Centrallo.

According to Webster, resiliency is:

1. the capability of a strained body to recover its size and shape after deformation caused especially by compressive stress
2. an ability to recover from or adjust easily to misfortune or change

I think that the word has more depth to it which can best be seen by looking at some examples that history provides us with.

To me, resiliency is defined as General Washington and his exhausted men, many of which didn’t even have shoes, dealing with brutal winters and endless setbacks and still managing to defeat the British in the decisive battle at Yorktown to win the Revolutionary War. Washington and his men’s’ resiliency won that war.

...

http://resqdr.com/resiliency/

Thursday, 24 August 2017 14:41

Resiliency

The Business Continuity Institute

There is considerable room for improvement in both public and private schemes that could help encourage risk reduction behaviours and reduce losses in future disasters, according to a study conducted across Austria, England and Romania. The study, published in the journal Risk Analysis, provides a detailed look at different public and private incentives for risk reduction and their association with actual risk reduction behaviour.

"Currently neither insurance nor governments successfully encourage risk reduction. Increased and more targeted efforts particularly from local authorities will be important, and have the capacity to change the picture. This will be exceedingly important considering extreme events from climate change," says IIASA researcher Susanne Hanger, who led the study. "This in turn is important for insurance to remain viable and for governments to not overspend on disaster aid."

The study also finds little support for the idea that compensation for flood damage make people less likely to take personal risk reduction measures, such as taking actions to prepare for an eventual flood or installing structures or technologies that can help protect homes from damage. Instead, the study finds that neither private insurance nor public compensation after a disaster is linked to less risk reduction at an individual level.

In Austria for instance, post-disaster relief is available from the government in the form of a catastrophe fund. Yet Austrians had taken more structural measures to protect their homes (45%) than Romanians (23%) or the English (19%), who have less access to public assistance after disasters. For awareness and preparedness measures, Austrians were equally likely to have taken awareness and preparedness measures compared to the English and Romanians.

While the researchers found no link between post-disaster compensation and reduced individual preparation, they did find a connection between public infrastructure measures such as flood dams, which may be linked to a sense of increased safety. In both England and Austria, the researchers found that public risk reduction infrastructure, such as dams and levees, were associated with a lower rate of individual investment in risk reduction measures.

Interestingly, in Romania neither insurer nor government efforts showed any effect on household risk reduction behaviour. Hanger speculates that this may be a result of insufficient public capacity to provide this kind of support. In England, the study shows that national efforts by the UK government to inform the public about disaster risk reduction have reached many households, which is positively associated with preparedness. In Austria, where national level information efforts are limited, households respond almost exclusively to local awareness raising and support.

Across all countries, the researchers find room for improvement in both public and private schemes that could help encourage risk reduction behaviours and reduce losses in future disasters. Instead of increasing efforts to privatize all flood risk insurance, Hanger says, "We need to better coordinate public and private schemes in order to design not only efficient, but also socially just and politically feasible solutions."

In last week’s blog, we discussed why you should invest in a business continuity (BC) program. One point we made was that insurance against loss is typically not enough, so the additional value provided by a business continuity plan and program are needed. It’s important to know the differences between business continuity and insurance, and why insurance should be a part, but not the entirety of your business continuity plan.

The Difference Between Business Continuity and Insurance

Before we consider the differences, it is relevant to understand that business continuity is a form of insurance. The insurance we are comparing BC to is a contract of coverage where a party agrees to indemnify or reimburse another party for a defined loss under specific and defined conditions.

...

https://www.mha-it.com/2017/08/business-continuity-and-insurance/

The Business Continuity Institute

The UK's top firms and charities urgently need to do more to protect themselves from online threats, with 1 in 10 FTSE 350 companies operating without a response plan for a cyber incident, and only 6% of businesses completely prepared for new data protection rules, according to the UK Government's FTSE 350 Cyber Governance Health Check.

Undertaken in the wake of recent high profile cyber attacks, the survey of the UK’s biggest 350 companies found more than two thirds of boards had not received training to deal with a cyber incident (68%) despite more than half saying cyber threats were a top risk to their business (54%).

There has been progress in some areas when compared with last year’s health check, with more than half of company boards now setting out their approach to cyber risks (53% up from 33%) and more than half of businesses having a clear understanding of the impact of a cyber attack (57% up from 49%).

Separate research which looked at cyber security in charities has found that third sector organizations are just as susceptible to cyber attacks as those in the private sector, with many staff not well informed about the topic and awareness and knowledge varying considerably across different charities. Other findings show those in charge of cyber security, especially in smaller charities, are often not proactively seeking information and relying on outsourced IT providers to deal with threats.

Minister for Digital Matt Hancock said: "We have world leading businesses and a thriving charity sector but recent cyber attacks have shown the devastating effects of not getting our approach to cyber security right. These new reports show we have a long way to go until all our organizations are adopting best practice and I urge all senior executives to work with the National Cyber Security Centre and take up the Government’s advice and training. Charities must do better to protect the sensitive data they hold and I encourage them to access a tailored programme of support we are developing alongside the Charity Commission and the National Cyber Security Centre."

Where charities recognised the importance of cyber security, this was often due to holding personal data on donors or service users, or having trustees and staff with private sector experience of the issue. Charities also recognised those responsible for cyber security need new skills and general awareness among staff needs to raise.

Helen Stephenson CBE, Chief Executive at the Charity Commission for England and Wales, said: "Charities have lots of competing priorities but the potential damage of a cyber attack is too serious to ignore. It can result in the loss of funds or sensitive data, affect a charity’s ability to help those in need, and damage its precious reputation. Charities need to do more to educate their staff about this threat and ensure they dedicate enough time and resources to improving cyber security."

The Horizon Scan Report, published by the Business Continuity Institute, showed that it didn't matter whether an organization was private, public or third sector, by and large they will all share the same risks, and the greatest of those being cyber attacks.

In a 2017 survey across six major industries, 51% of executive leadership and IT managers rated ransomware as the biggest security threat to their organizations. Why is this?

A single ransomware attack can halt an organization with sophisticated encryption methods that lock computers and make data inaccessible. When IT departments and business leaders don’t act fast in this scenario, they risk losing sensitive information and assuming a significant reputational impact if news of the breach leaks to the public.

So how does Disaster Recovery-as-a-Service (DRaaS) fit into ransomware mitigation? Bluelock has created a white paper on the subject that explains how. With tips to recover from any cybersecurity breach, readers will learn how to manage risk, ensure recovery and—most importantly—establish a strategy to secure data for the future. Read it here.

...

https://www.bluelock.com/blog/resolve-ransomware-draas/

Monday, 21 August 2017 20:44

How Do You Resolve Ransomware with DRaaS?

The Business Continuity Institute

The risk of a data breach is increasing in the retail industry as retailers accumulate more and more personal information on their customers as part of their ‘Big Data’ initiatives. As such, the number of retail businesses reporting data breaches to the Information Commissioner's Office has doubled in just one year, jumping from 19 in 2015/16 to 38 in 2016/17, says law firm, RPC.

The rise of online shopping, loyalty programmes, digital marketing and offering electronic receipts in store mean that even a small multiple retailer will be gathering exactly the kind of data that hackers will be looking for, and the retail industry is beginning to feel the pressure to invest more heavily in cyber security.

The regulatory burden and financial risks involved in a data breach will increase substantially when the General Data Protection Regulation (GDPR) comes into force in May 2018. These rules will make reporting breaches mandatory. As companies are not currently required to report every attack they suffer, the actual number of data breaches in the retail sector is likely to be even higher.

Jeremy Drew, Partner at RPC, comments: “Retailers are a goldmine of personal data but their high profile nature and sometimes ageing complex systems make them a popular target for hackers. There are so many competing pressures on a retailer’s costs at the moment – a rise in the national minimum wage, rates increases, exchange rate falls, as well as trying to keep ahead of technology improvements – that a proper overhaul of cyber defences can get pushed onto the back burner.”

Data breaches are already the second greatest cause of concern for business continuity professionals, according to the Business Continuity Institute's latest Horizon Scan Report, and once this legislation comes into force, bringing with it higher penalties than already exist, this level of concern is only likely to increase. Organizations need to make sure they are aware of the requirements of the GDPR, and ensure that their data protection processes are robust enough to meet these requirements.

Jeremy Drew added: “As the GDPR threatens a massive increase in fines for companies that fail to deal with data security, we do expect investment to increase both in stopping breaches occurring in the first place and ensuring that if they do happen they are found quickly and contained. No UK retailer wants to be in the position of some public examples who were forced to confirm that it took them nearly a year to close a data security breach.”

The Business Continuity Institute

By 2100, two in three people living in Europe may be affected by weather-related disasters, according to a study published in The Lancet Planetary Health which sheds light on the expected burden of climate change on societies across Europe.

The study analyses the effects of the seven most harmful types of weather-related disaster - heatwaves, cold snaps, wildfires, droughts, river and coastal floods, and windstorms - in 28 European Union countries, as well as Switzerland, Norway and Iceland. The projected increases were calculated on the assumption of there being no reduction in greenhouse gas emissions and no improvements to policies helping to reduce the impact of extreme weather events (such as medical technology, air conditioning, and thermal insulation in houses).

"Climate change is one of the biggest global threats to human health of the 21st century, and its peril to society will be increasingly connected to weather-driven hazards," says lead author Dr Giovanni Forzieri of European Commission Joint Research Centre in Italy. "Unless global warming is curbed as a matter of urgency and appropriate measures are taken, about 350 million Europeans could be exposed to harmful climate extremes on an annual basis by the end of the century."

The study estimates that heatwaves would be the most lethal weather-related disaster, and could cause 99% of all future weather-related deaths, increasing from 2,700 deaths a year between 1981-2010 to 151,500 deaths a year in 2071-2100.

It also projects substantial increases in deaths from coastal flooding, which could increase from six deaths a year at the start of the century to 233 a year by the end of the century.

Comparatively, wildfires, river floods, windstorms and droughts showed smaller projected increases overall, but these types of weather-related disaster could affect some countries more than others. Cold snaps could decline as a result of global warming, however the effect of this decline will not be sufficient to compensate for the other increases.

Due to projected increases in heatwaves and droughts, the effect is likely to be greatest in southern Europe where almost all people could be affected by a weather-related disaster each year by 2100, projected to cause around 700 deaths per every million people each year.

Comparatively, in northern Europe, one in three people could be affected by a weather-related disaster each year, resulting in three deaths per every million people each year.

Climate change is likely to be the main driver behind the potential increases, accounting for 90% of the risk while population changes such as growth, migration and urbanisation account for the remaining 10%.

"This study contributes to the ongoing debate about the need to urgently curb climate change and minimise its consequences. The substantial projected rise in risk of weather-related hazards to human beings due to global warming, population growth, and urbanisation highlights the need for stringent climate mitigation policies and adaptation and risk reduction measures to minimise the future effect of weather-related extremes on human lives." adds Dr Forzieri.

Adverse weather, which includes such events as heatwave, featured fifth in the list of concerns that business continuity professionals have, as identified in the Business Continuity Institute's latest Horizon Scan Report. Climate change is not yet considered an issue however, as only 23% of respondents to a global survey considered it necessary to evaluate climate change for its business continuity implications.

In the third piece of our Business Continuity 101 Series, we delve into why organizations invest in business continuity, dispelling common BC misconceptions, and explaining value-based BC investment.

A common point of confusion for new BCM practitioners is the why and how of implementing a business continuity (BC) program. What are, or should be, the drivers for implementation and on-going, continual improvement? Most organizations consider business continuity as a form of insurance or a cost to be minimized. We agree that BC is related to insurance; it is there to ensure that an organization remains whole during an emergency event. We would say that costs associated with BC should be appropriate. There is no reason to overspend on recovery solutions, but it is risky to underspend as well. BC should be implemented as any other function that is not profit generating.

...

https://www.mha-it.com/2017/08/why-organizations-invest-in-business-continuity/

BATON ROUGE, La. — A public-private partnership continues to help Louisiana communities recover from the August 2016 floods and become better prepared for future disasters.

The partnership includes members of the private sector, local and state governments and various federal agencies. Recovery accomplishments include:

  • The Louisiana Disaster Recovery Alliance created a guide of available resources to help families and communities recover from the August 2016 floods. The alliance is a group of philanthropic organizations and state and federal recovery partners.
  • The state created the Louisiana Supply Chain and Transportation Council to make the state’s transportation systems more resilient. The council consists of officials from state and federal agencies, academic institutions and private sector leaders.
  • The state also launched the Louisiana Housing Heroes initiative. This governor-championed initiative identifies landlords, property owners and managers in disaster-designated parishes who agree to make affordable homes, apartments and other housing units available to displaced flood survivors.  
  • Recovery partners continue to meet with communities to help them implement resiliency and recovery strategies.

The partnership’s various federal agencies work with communities to address recovery challenges. Specialists have coordinated with community leaders and recovery partners to find solutions to housing needs, rebuilding the economy and infrastructure, preserving heritage and maximizing resiliency.

Below are the federal agencies consulting with affected communities and what they’re helping with:

  • Community planning and capacity building, FEMA;
  • Economic recovery, U.S. Department of Commerce;
  • Health and social services issues, U.S. Department of Health and Human Services;
  • Housing, U.S. Department of Housing and Urban Development;
  • Infrastructure systems, U.S. Army Corps of Engineers; and
  • Natural and cultural resources, U.S. Department of Interior.

 

Security incidents within law firms have been growing as a threat because cybercriminals are recognizing the pivotal role firms play in housing sensitive client information for legal proceedings. Because of this, attackers have begun to target the legal industry with unprecedented force. Even the largest and most prestigious firms with best-of-breed cybersecurity solutions are no longer immune to intrusions.

Clients and auditors have recognized this increased attention on the legal industry, and have begun to pressure their law firms for more evidence of protection and recoverability. For example, a recent survey* of the legal industry found that 42% of respondents stated an increase in client concerns about IT operations and data retention, and 51% agreed that audits and regulations are an increasing pressure. Law firms must now provide proof to these constituents of a robust cybersecurity stance.

For this reason, Bluelock now offers a Cyber Threat Health Review, a professional service engagement for law firms seeking to mitigate risk from ransomware and other cyber threats. This review is a low-commitment, high-impact analysis of current data protection technology and policies designed to minimize data loss and operational downtime. It covers the core components of the firm’s threat protection, detection and recovery response strategies.

With over a decade of experience helping clients maintain and protect critical workloads, Bluelock’s expert team reviews existing security practices with a specific focus on how to respond to threats. Organizations that engage in the service receive face-to-face education and practical guidance to increase resilience and protect customer confidence.

The Cyber Threat Health Review process includes the following steps:

  1. Survey and Interviews: Relevant information is collected via surveys and phone interviews
  2. Onsite Education: Our team provides education to staff and executives for best practices
  3. Detailed Analysis: Our team reviews policies and technology for gaps and opportunities
  4. Onsite Delivery of Action Plan: Details risk profiles and action plan from our analysis

For more information, visit https://www.bluelock.com/cyber-health/.

* “2016 IT Disaster Recovery Planning and Preparedness Survey.” ALM and Bluelock, October 2016.

...

https://www.bluelock.com/blog/bluelock-now-offers-cyber-threat-health-review-law-firms/

The Business Continuity Institute

When the United Kingdom exits the European Union, the four freedoms that currently exist will be no more. The free movement of goods, services, capital and people will probably be gone, and more restrictions will be placed on their movements across borders. The free movement of people is the primary reason that many people voted to leave the European Union in the first place.

With mainland Britain, it is relatively easy to be restrictive with what comes in and out of the country as there are no borders with another country so anything or anyone coming in or out is funnelled through a specific location – airport, port or station. In Northern Ireland however, which obviously will exit the EU, the situation is slightly more problematic as the country shares a land border with the Republic of Ireland stretching over 300 miles (or 500 kilometres depending on what side of the border you are on).

There are now many different possibilities for what could happen to this border in a post-Brexit world, and these range from the status quo with people free to cross without any restriction, to a hard border with checkpoints at all the crossings, although building a wall might be a little bit extreme. With the former, this undermines the whole point of Brexit which was to end the free movement of people between the EU and the UK, and so prevent too many people from entering the UK. With the latter, it will undermine the peace process brought about by the Good Friday Agreement that sought to remove border infrastructure and checkpoints that were symbolic of threat of violence that existed during The Troubles.

A middle option that has been suggested is a soft border between the north and the south, but a hard sea border. This would effectively keep Northern Ireland within the EU, but out of the UK, so is not likely to be a preferred option for any Unionists who will see this as a stepping stone toward reunification with the south.

A hard border between the north and the south may not be an issue for big businesses who I'm sure will find an adequate solution regardless of the outcome. The issue will mostly be with the small businesses situated near the border that rely on trade with the other side of the border – a local market in which the border, for now, is an irrelevance. Figures suggested that 80% of trade across the Irish border is carried out between SMEs.

Organizations on both sides of the border need to consider how the different options would affect them and then consider what measures they could put in place to lessen the impact. Organizations need to monitor the negotiations closely to see how the potential for disruption is developing to ensure that they are ready to face any challenges that come their way.

Of course it is also worth noting that this is not just an issue for the Irish border, it will also become an issue at the border between Spain and Gibraltar where people routinely cross on a daily to trade or work on the other side of the border. Arguably it will be more problematic in this situation as tensions are slightly greater between the two countries on either side of the border.

So what steps has your organization taken to prepare itself for Brexit?

Your thoughts, as always, are welcome.

David Thorp
Executive Director of the Business Continuity Institute

Wednesday, 16 August 2017 15:39

BCI: Controlling the Irish border after Brexit

The Business Continuity Institute

Such is the high calibre of the Business Continuity Institute’s research output, that its latest publication – the 2017 Cyber Resilience Report – is to be used as part of the teaching programme by Cranfield University, the UK’s only exclusively postgraduate university, and a global leader for education and transformational research in technology and management.

The BCI’s Cyber Resilience Report, a study of the cause and consequence of cyber disruptions affecting organizations across the globe, will be used as part of the teaching programme for the MSc in Cyber Defence and Information Assurance. The report will form the basis of in-class and online discussions as part of the degree’s focus on real-life issues.

Dr Ruth Massie MBCI, Programme Director for the Cyber Masters Programme and long standing Member of the BCI, said: “It’s important that students get the opportunity to understand not just the causes of cyber related interruptions but the size and scale of the consequences. This report gives students the opportunity to understand and discuss these issues in a leadership context.”

“This is an encouraging demonstration of the high regard with which our research is held,” said Deborah Higgins FBCI, Head of Professional Development at the BCI. “We know that people working in the industry value our research, but to have it featured within the teaching programme of such a prestigious university as Cranfield helps reaffirm our status as a thought leader in the field.”

Cranfield’s MSc in Cyber Defence and Information Assurance is designed to develop professionals who can effectively manage and exploit the threats and opportunities of cyberspace at the organizational level. The course specifically focuses on responses to serious present and emerging threats in the information domain, and is aimed at mid-career professionals who need a broad understanding of cyber leadership.

The Business Continuity Institute

The importance of managing internal threats to win at cyber security has been emphasised in a study by Haystax Technology and SANS which found that 40% of respondents to their survey rated malicious insiders (insiders who intentionally do harm) as the most damaging threat vector their companies faced.

Furthermore, Defending Against the Wrong Enemy: 2017 SANS Insider Threat Survey revealed that nearly half (49%) said they were in the process of developing a formal incident response plan with provisions to address insider threat. This further illustrates the urgency with which companies are moving to address this threat vector.

"We are encouraged to see organizations recognizing malicious insiders as the top threat vector, but we are not seeing the necessary steps taken to address it," said Haystax CEO, Bryan Ware. "Existing tools aren't smart enough, or don't have the context needed to identify malicious insiders. What's needed is contextually-smart, user behavior analytics that produce actionable intelligence for decision makers."

Despite the increased awareness of the threat from malicious insiders, many organizations continue defending against the wrong enemy by failing to implement effective detection tools and processes to identify these malicious insiders. A third of survey respondents (34%) have these tools and technology, but have not used them operationally and more than a third (38%) of survey respondents are in the process of re-evaluating internally to better identifying malicious insiders.

"It is misleading to see that 60% of respondents said they had not experienced an insider attack," said SANS instructor and survey report author, Eric Cole, PhD. "The rest of our data indicates that organizations still are not effective at detecting insider threats, so it's clear that most either didn't notice threats or attacks, or didn't realize those incidents involved malicious insiders, or outsiders using compromised insider credentials."

“I don’t know who you are. I don’t know what you want. If you are looking for ransom, I can tell you I don’t have money. But what I do have are a very particular set of skills, skills I have acquired over a very long career. Skills that make me a nightmare for people like you.” – Liam Neeson, Taken, 2008

 

The last few months have seen two serious and destructive “ransomware” attacks that significantly affected the operations of several major organizations worldwide. May’s “Wannacry” and June’s “NotPetya” attack affected millions of staff and caused significant damage – as was their intention.

Ransomware costs for 2017 are estimated in the billions, with a “B”. Not to mention the danger posed by critical systems being down at organizations such as health systems and nuclear power plants.

The attacks are becoming more frequent and more sophisticated with each incident. We will never be able to stop the criminals from striking, so it is imperative that we use all the skills at our disposal to thwart them. What can we do?

...

http://www.bcinthecloud.com/2017/08/dont-be-a-victim-of-ransomware-detect-protect-and-recover/

The Business Continuity Institute

Organizations are now less confident in their ability to recover from an incident, according to a new study conducted by Databarracks, which suggests that contributing factors include a lack of testing, budgetary constraints and the growing cyber threat landscape.

The Data Health Check report found that almost one in five organizations surveyed (18%) "had concerns" or were "not confident at all" in their disaster recovery plan; an increase from 11% in 2015 and 15% in 2016. Organizations are increasingly making changes to their cyber security policies in response to recent cyber threats (36 per cent this year, up from 33% last year), yet only a quarter (25%) have seen their IT security budgets increased. Small businesses are particularly affected with just 7% seeing IT security budgets increase. 

Financial constraints (34%), technology (24%) and lack of time (22%) are the top restrictions when trying to improve recovery speed. Fewer organizations have tested their disaster recovery plans over the past 12 months – 46% of respondents had not tested in 2017, up from 42% in 2016.

Peter Groucutt, managing director of Databarracks, commented on the results: "It isn't surprising that confidence in disaster recovery (DR) plans is falling. We have seen major IT incidents in the news regularly over the last 12 months, which has raised awareness of IT downtime and we have seen what can go wrong if recovery plans aren't effective.

"What is surprising is that fewer businesses are testing their DR plans. The number of businesses testing their DR plans increased from 2015 to 2016 but has fallen this year. We know that testing and exercising of plans is the best way to improve confidence in your ability to recover. The test itself may not be perfect, few if any are and there are always lessons to be learned. Working through those recovery steps, however, is the best way to improve your preparedness and organizational confidence.

Validation is one of the six main stages of the BCM Lifecycle according to the Business Continuity Institute's Good Practice Guidelines, and is essential for ensuring an effective business continuity, and by extension - disaster recovery, programme. By regularly exercising your programme, you can find out where any vulnerabilities are and make improvements, and you can help ensure that people know what is expected of them.

The Business Continuity Institute

More than one-third of businesses have experienced a ransomware attack in the last year, and more than one in five (22%) of these impacted businesses had to cease operations immediately, according to a study by Malwarebytes.

The Annual State of Ransomware Report found that the impact of ransomware on SMEs can be devastating. For roughly one in six impacted organizations, a ransomware infection caused 25 or more hours of downtime, with some organizations reporting that it caused systems to be down for more than 100 hours. Further, among SMEs that experienced a ransomware attack, one in five (22%) reported that they had to cease business operations immediately, and 15% lost revenue.

“Businesses of all sizes are increasingly at risk for ransomware attacks,” said Marcin Kleczynski, CEO, Malwarebytes. “However, the stakes of a single attack for a small business are far different from the stakes of a single attack for a large enterprise. Osterman’s findings demonstrate that SMEs are suffering in the wake of attacks, to the point where they must cease business operations. To make matters worse, most of them lack the confidence in their ability to stop an attack, despite significant investments in defensive technologies. To be effective, the security community must thoroughly understand the battles that these companies are facing, so we can better protect them.”

Most organizations make addressing ransomware a high priority, but still lack confidence in their ability to deal with it. 75% of organizations surveyed place a high or very high priority on addressing the ransomware problem. Despite these investments, nearly one-half of the organizations surveyed expressed little to only moderate confidence in their ability to stop a ransomware attack.

For many, the source of ransomware is unknown and infections spread quickly. For 27% of organizations that suffered a ransomware infection, decision makers could not identify how the endpoint(s) became infected. Further, more than one-third of ransomware infections spread to other devices. For 2% of organizations surveyed, the ransomware infection impacted every device on the network.

SMEs in the US are being hit harder than SMEs in Europe by malicious emails containing ransomware. The most common source of ransomware infections in US-based organizations was related to email use. 37% of attacks on SMEs in the U.S. were reported as coming from a malicious email attachment and 27% were from a malicious link in an email. However, in Europe, only 22% of attacks were reported as coming from a malicious email attachment. An equal number were reported as coming from malicious link in an email.

Most SMEs do not believe in paying ransomware demands. 72% of respondents believe that ransomware demands should never be paid. Most of the remaining organizations believe that demands should only be paid if the encrypted data is of value to the organization. Among organizations that chose not to pay cyber criminals’ ransom demands, about one-third lost files as a result.

Current investments in technology might not be enough. Over one-third of SMEs claim to have been running anti-ransomware technologies, while about one-third of businesses surveyed still experienced a ransomware attack.

With the infected computers or networks becoming unusable until a ransom has been paid or the data has been recovered, it is clear to see why these types of attack can be a concern for business continuity professionals. The latest Horizon Scan Report published by the Business Continuity Institute revealed cyber attacks as the number one concern.

“It’s clear from these findings that there is widespread awareness of the threat of ransomware among businesses, but many are not yet confident in their ability to deal with it,” said Adam Kujawa, Director of Malware Intelligence, Malwarebytes. “Companies of all sizes need to remain vigilant and continue to place a higher priority on protecting themselves against ransomware.”

Connectivity in the pockets of first responders and mobile team members

By Glen Denny, Baron Services, Inc.

One of the biggest challenges in weather forecasting has always been alerting people who are away from home of severe weather threats. The radio was for years the primary viable method of doing so, but a radio can only give listeners so much pertinent information, such as county-wide watches and warnings. This kind of information can be helpful to some degree for people who find themselves out and about when weather hits, as it can be used as a basic indicator of danger and the need for mobile listeners to find shelter in a safe place. However, there are numerous shortcomings to radio-delivered weather reporting. Radio’s main shortcoming, which is responsible for all of the missing links in radio-delivered weather, is the medium of the radio itself. Radio is a purely aural medium, for one. Radar, one of the most essential weather data tools, is practically irrelevant to the medium of radio, as radar obviously offers a purely visual delivery of weather data. Radio is also a non-specific medium. Via radio, a set amount and set kind of weather information is broadcast to a wide-ranging listening area. The amount and kind of information cannot be customized or altered in any way to fit the specific interests or needs of listeners located within a specific region of the listening area of the station.

The Mobile Solution to Weather

The solution to the problem of effective on-the-go weather forecasting came with the advent of smart phones and mobile radar apps. Smart phones are now a near ubiquitous technology in the United States (and most of the rest of the world, too), so the majority of people in the present day who find themselves out and on the go during a time when they need weather information can access that information on their smart phone. AccuWeather, the Weather Channel, and other weather data providers all have their own mobile apps which people can download and use to this end.

However, the current mobile weather application landscape is still not 100% effective. Weather apps like those provided by The Weather Channel and AccuWeather offer extensive data and radar, but, like most weather apps, they still mostly deliver non-specific, commodity data. Apps such as these can give the user a 10-day forecast, current radar and projected radar of their surrounding area, and of course, can send the user notifications of National Weather Service (NWS) watches and warnings as they occur. This kind of information is mostly sufficient for general users. However, users in areas of frequent inclement weather, or professional users involved in emergency response or planning for schools, hospitals, businesses, and governments will find this kind of limited weather data lacking for their purposes.

A New Class of Mobile Monitoring

Baron1A new generation of advanced weather apps, such as Baron’s Threat Net mobile app, are the kind of product these kinds of users need to do their jobs well and to keep safe. Apps in this new generation are focused on providing hyper-local, one-to-one critical weather intelligence to advanced users and lay-users alike. Baron’s Threat Net Mobile app, for example, features detailed data and visual monitoring on precipitation and forecasted road conditions and hazards, (a Baron-exclusive product featuring advanced data on severe weather threats such as damaging winds, hail, and flooding), a monitoring system that displays real-time cloud-to-ground lightning strikes at street level, and storm vectors enabling accurate storm tracking up to an hour in advance. These and other similarly advanced weather monitoring products have more value than commodity weather data in that they are in-depth, specific, and customizable. A good example of this is another feature of Baron’s Threat Net Mobile app called Critical Weather Indicators. This Baron exclusive product highlights to users in real-time the most dangerous storm situations near their location, effectively warning users of possible severe weather threats before they happen. The alerts from the NWS, while certainly valuable to many people, don’t work in this way. NWS alerts are aimed at the widest possible audience in order to ensure the safety of as many people as possible during inclement weather. Apps like Baron’s, however, are aimed at each individual’s safety and efficacy in keeping others in their area safe. For example, Baron’s mobile alerts will notify users who are in the actual path of a storm of its imminent arrival, will warn users of nearby lighting strikes, and could point out the possible flooding of a nearby river based on projected rainfall. Because these alerts are based on algorithms and aren’t required to be approved by at the NWS, they arrive well before the storm or other threat has, which is a feature commodity weather apps lack.

If we revisit the mediums of radio and commodity weather apps discussed earlier, we can see how large an advantage these advanced weather apps have on any other method of delivering weather data to people on the go. Imagine a severe storm is approaching a town. A mobile user in this town away from home using a radio to monitor the weather will not have much of an idea where a nearby severe storm is in relation to her exact location, and as a result will be able to do little in terms of creating a specific plan. A commodity mobile app user will be able to see where the storm currently is and where it might be in an hour, but she will have to pick herself out on the map (which likely displays a large area) and project the storm’s long-term path herself, planning accordingly based on this information. A user who has an advanced app, like Baron Threat Net mobile, will be notified of the storm in advance if it is heading towards and projected to hit her exact location. This user can also learn what kind of specific threats this imminent storm may bring to her exact location, such as high winds, hail, heavy rain, or a possible tornado (determined by Baron’s Critical Weather Indicators).

Advanced Apps are Perfect for Public Safety

The above description shows how much more pertinent information can be delivered via an advanced mobile app compared to other methods, which is what makes these advanced apps so appropriate for both professionals and laypeople, and also so appropriate for use by organizations such as schools, hospitals, businesses, and governments. Schools, for instance, could benefit largely from an advanced mobile app like Baron’s in many situations. If weather hits while students are being transported to an event off campus or even simply being brought home in the afternoon, having each bus equipped with an advanced mobile app could aid in coordination with the schools’ center of operations, and could allow school staff on the busses to make the right decisions to ensure the safety of the students being transported. Hospitals could use such apps in a similar way. A hospital operation center could, in times of severe weather, rely on its individual mobile employees, such as individuals driving ambulances or helicopters, to make decisions best for them and their patients while in the field during critical weather situations. For businesses and local governments, the same idea applies. The mobile parts of these organizations, if equipped with advanced weather apps like Baron’s, could be more reliably responsible for their own safety during severe weather, taking some of the burden off of their home bases, and most importantly, keeping themselves out of dangerous situations.

Advanced mobile apps like Baron Threat Net mobile are clearly the most effective medium through which to deliver important weather information in critical situations, because the data delivered via these apps is specific, hyper-local, in depth, and customizable. All of these characteristics added up equate to mobile apps which can be useful to anyone, and can be especially useful to professional users involved in public safety, such as in hospitals, schools, local governments, and businesses.

...but it’s not as easy as you think

 

By ERIK POUNDS

Whether for functional need, budgetary alignment, or due to top-down pressure, all companies will move to the public cloud at some level. If an organization has less than, say, 50 terabytes of data to manage, it’s easy to move everything there. For those of you in this boat, you can stop reading this article and proceed directly to the cloud, and collect $200.

For those with hundreds of terabytes, even petabytes, of data this is challenging and unrealistic. The business value of public cloud infrastructure is desirable, but when there are such large volumes of data, it’s hard to get there. “Lift and shift” strategies to mimic on-site infrastructure in the cloud are not often viable when petabytes of data are involved, and many businesses need to keep at least some data on the premises. Luckily the utilization of public and private infrastructure does not have to be an either/or decision.

fig1

Figure 1: The business dynamics of public infrastructure are desirable, but with so much data to manage, it’s hard to figure out how to get there.

Fortunately, you can realize many of the business benefits of the public cloud in your own data centers. Elimination of silos, data that’s globally accessible, and pay-as-you-grow pricing models are all possible on-premises, behind your firewall. The “hybrid cloud” approach is not simply having some apps running in your data center and other apps running in Amazon or Google. Workflows do not have to wholly reside within either private or public infrastructure – a single workflow can take advantage of both. True hybrid cloud is when public and private resources can be utilized whenever it’s best for the application or process.

Here are four key steps to accelerate your journey to the cloud.

Step 1: Go Cloud-Native

Storage is the primary inhibitor preventing movement towards the public cloud and cloud architectures in general. Data is siloed – stuck in separate repositories – and locked down by specific access methods required by specific applications. This makes it impossible, or at least extremely expensive, to effectively manage, protect, share, or analyze data.

“Classic” applications use older protocols to access data, while newer cloud-native applications use unique interfaces. Converting everything to cloud-native format will save much time, money, and headache in the long run. This does not have to be a massive project; you can start small and progress over time to phase out last generation’s technology.

fig2

Figure 2: Start on your journey to the cloud by leveraging cloud-native storage on-premises.

Once you’re cloud-native, not only is your data ready to take advantage of public cloud resources, but you immediately start seeing benefits in your own environment.

Step 2: Go According to Policy

fig3

Figure 3: Use policies to place data where it’s needed, across private and public cloud.

On-premises data on cloud-native storage can be easily replicated to the public cloud in a format all your applications and users can work with. But remember, we’re talking about hundreds of terabytes or more, with each data set having different value and usability.

Data management policies in the form of rules help decide where data should be placed based on the applications and users that need it – parts of your workflow behind your firewall and other parts in the public cloud. For example, you may be working with hundreds of terabytes of video, but would like to take advantage of the massive, on-demand processing resources in Google Cloud Platform for transcoding jobs instead of local hardware. Set a policy in your cloud storage software to replicate that on-prem video to the public cloud, then let Google do all the work, and set a policy that says move the transcoded assets back down when complete for the next step in the flow.

fig4

Don’t worry – the cloud data management software “views” the entire infrastructure as a single pool, universally accessible, regardless of the kind of storage or location.

Step 3: Go Cloud to Cloud

Policies help automate and orchestrate services to your applications based on business requirements (e.g. cost, capacity, performance, and security), according to the different capabilities of your on-premise or cloud resources. This also means data is efficiently discoverable and accessible across multiple clouds – the cloud data management platform considers the differences in services provided by the different clouds and moves or copies data to the right one.

fig5

When data is organized by storage silo or tracked by databases that only a single application has access to, the data can most often only be utilized that single application or a small number of users. Instead start to use metadata as the organizing principle for your data, which is enabled by cloud-native storage. When metadata sits right alongside the data it’s representing, it can be globally indexed and made available to many applications and groups of users.

As an example, data may be generated in a research lab that you manage, but the analysis can occur in Google Cloud platform. Then, the data is synched to Amazon Web Services when the results are ready to be shared to outside researchers and customers.

Step 4: Go Deep

When data placement policies enable a true hybrid cloud workflow, not constrained by physical infrastructure, you can unlock more capabilities. You can start to use metadata – the data about the data – as what we call the organizing principle. Cloud-native data holds its own metadata right alongside it, not in a separate database only its own specific application can read. Your metadata can now be globally indexed and made available to many applications and groups of users. This allows you to perform large-scale analysis projects (etc., some examples needed).

Whether you like it or not, you will be in the cloud in some capacity. Follow these steps to not only make the transition to public infrastructure hassle-free, but to bring many of the business dynamics of cloud – pricing based on consumption, massive scalability, collaboration, etc. – into your datacenter and increase the value of your data.

 

Erik Pounds is head of product marketing at SwiftStack (www.swiftstack.com).

Friday, 04 August 2017 20:30

You WILL go to the cloud

Dallas Area Rapid Transit (DART) & STORServer

 

PROFILE 

Organization: Dallas Area Rapid Transit 

Industry: Regional transit agency 

Location: Dallas, Texas, USA 

Size: Serves more than 220,000 passengers per day

 

Needs

  • Upgrade older data backup appliance and software
  • Platform stability and system supportability
  • Turnkey solution that includes installation, implementation, training and maintenance support
  • Seamless integration with existing data backup configuration for its radio and CAD/AVL bus dispatch system 

 

Solutions:

STORServer EBA852 enterprise backup appliance with Storwize® V3700 20TB Disk Storage IBM TS3100 tape library

 

Dallas Area Rapid Transit (DART) was ready to refresh its existing data backup appliance and software to take advantage of the newest IBM Spectrum Protect™ features and STORServer’s turnkey solution. 

Since the initial implementation STORServer completed for the regional transit agency in 2010, the features of the IBM Spectrum Protect, formerly IBM® Tivoli® Storage Manager (TSM), software have been greatly enhanced, including the change of the underlying software database to DB2®. The availability of this robust DB2 database, as well as IBM Spectrum Protect’s new deduplication feature designed to reduce backup storage requirements, prompted DART to upgrade its existing data storage configuration. 

It was imperative to select the right partner for its data backup needs, as DART relies heavily on the data collected and reported by its radio and CAD/AVL bus dispatch system. The data tracks important metrics like on-time performance, which is analyzed and used in planning for scheduling, route assignments, vehicle assignments and to make other critical decisions.

“Knowing our main priority was to ensure platform stability and system supportability, STORServer carefully considered our current needs while also recommending scalable solutions that will allow us to easily accommodate potential future needs as our data backup requirements change over time,” said David Bauchert, senior control systems programmer, Dallas Area Rapid Transit.

Because the existing configuration STORServer installed and implemented had worked seamlessly with the agency’s data backup needs for this dispatch system, DART’s IT team trusted STORServer’s recommendations for this upgrade. 

 

The Solution

STORServer helped DART implement a new backup appliance and transition an existing tape library to serve as the disaster recovery target for its backup data:

 

  • Primary BackupSTORServer EBA852 – This enterprise backup appliance with SSDs enabled the agency to take advantage of new features, like deduplication, now available in IBM Spectrum Protect. The IBM Spectrum Protect database is now housed on SSDs in the appliance with faster processing power. In this configuration, 20TB of Storwize® V3700 disk storage was included. The primary backup data is kept on disk for quick restore and to take advantage of Spectrum Protect’s deduplication feature, which reduces backup storage requirements. This configuration also includes IBM Spectrum Protect Suite licensing, which offers simplified pricing and licensing with a tiered per-terabyte metric. This licensing enables the agency to have access to a suite of backup software products, including database and mail agents, along with IBM Spectrum Protect™ for Virtual Environments, should the agency need to enable that in the future.
  • Disaster Recovery:  IBM TS3100 Tape Library – This entry-level tape library, which was previously installed by STORServer in 2010, is now used for disaster recovery copy purposes. Reusing this existing library provided flexibility and reduced the costs associated with the appliance server refresh. As part of the agency’s disaster recovery plan, the tapes are taken offsite every day. Incremental backups also take place daily. The appliance server and configuration recommended by STORServer allows DART to plan for future data growth, as additional external storage can be added as needed to the appliance server. With the newest Spectrum Protect and STORServer Console (SSC) versions included as part of this upgrade, DART can now manage and move its data more efficiently. Highly scalable to future-proof the agency’s needs, Spectrum Protect also reduces backup and recovery infrastructure costs. SSC is designed to let administrators configure and manage their Spectrum Protect environment with a single, intuitive user interface. It also helps users save time, reducing daily administration tasks to less than 30 minutes per day. 

 

The Results 

  • Fifty-nine percent data deduplication savings for a deduplication ratio of 3:1 
  • Even as DART experienced 40 percent data growth since the implementation, the deduplication capabilities enabled them to use 38 percent less storage. 
  • Reduced overall costs for data protection by removing redundant data 
  • Data is now moved more efficiently, allowing for best implementation of data protection business practices. 
  • Automated delivery of daily reports allows for easy review and confirmation that backups have completed successfully. These reports can be individually tailored and distributed to multiple levels within the organization.

 

“It’s been incredibly advantageous for us, both from a cost and time perspective, to have access to IBM Spectrum Protect’s deduplication capabilities. We’ve experienced substantial savings in storage since then. Previously, we were running at 100 percent of our disk capacity, and now we are only using 26 percent of it,” added Bauchert.

 

ABOUT STORSERVER 

STORServer is a leading provider of data protection solutions and offers the only enterprise data backup appliance that is built to order. Each backup appliance solution is tailored to the customer’s unique environment to simplify management of complex backup, archive and disaster recovery needs. STORServer’s appliances feature enterprise class data backup, archive and disaster recovery software, hardware, services and U.S.-based customer support. STORServer is proud to now offer SoftLayer® containers and DRaaS in SoftLayer virtual machines. Companies of all sizes trust in STORServer’s proven appliances to solve their most complex data protection problems. For more information on STORServer, please visit storserver.com.

storserver.com (800) 550-5121 Copyright 2017 STORServer, Inc.

IBM, IBM Spectrum Protect, DB2, Storwize, IBM Spectrum Protect Suite, IBM Spectrum Protect for Virtual Environments are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. SoftLayer is a registered trademark of SoftLayer, Inc., an IBM Company.

In the last ten years, the workplace has transitioned from stationary to mobile. As technology has advanced it’s changed the way we work, where we work, and when we work. In fact, this report by Global Workplace Analytics discovered that employees are not at their desks as much as 50-60% of the time. Many employees change locations multiple times a day, and others frequently travel or do offsite work. With the rise of staff on the go, there is an increase in external risks in addition to those that occur in the office. So how do you keep your people safe? You need a system that can adapt to people’s changing location and the changing landscape around us.

Having access to your employees’ location data can improve your ability to respond to disaster in many ways.  Location improves your emergency plan by allowing the message to get to the right people in the affected area. A robust emergency notification system should quickly find the appropriate audience based on location, only reach the people who need the message, have geofencing capabilities, and give you extended map functionalities to see the proximity of emergencies to your users and notify them of the situation immediately.

...

https://www.alertmedia.com/4-ways-location-improves-your-emergency-communication-plan/

The Business Continuity Institute

The electric grid is one of the most critical infrastructure systems for modern life, but it is also one of the most vulnerable, yet recent graduates of the Johns Hopkins University School of Advanced International Studies (SAIS) supported by Swiss Re have released a study that examines how extreme weather and other natural disasters are evolving in the Pacific Northwest, and the implications for electric infrastructure and potential economic disruption.

Lights Out: The Risks of Climate and Natural Disaster Related Disruption to the Electric Grid,” finds that climate change, expanding populations, and insufficiently diversified energy sources make the future of energy more unpredictable. The US insurance industry has already identified a $20–$55 billion annual financial loss from power outages caused by flooding, hurricanes, and extreme temperatures.

The group focused on the Pacific Northwest as an illustrative case study in climate and natural disaster related electric grid disruption. The region is prone to high-frequency, low-intensity natural disasters such as droughts and flooding, as well as being at risk of catastrophes like the Cascadian Subduction Zone (CSZ) event - an earthquake-tsunami combination that is expected to devastate the coastline from northern California to southern British Columbia. As climate change alters the seasonality of water runoffs in the Pacific Northwest, electricity generation, as well as the operation and maintenance of hydroelectric dams, face additional challenges.

“The cost of disasters has increased fourfold over the last 30 years. The total loss of $55 billion a year from unplanned electric outages in the US is more than the US government spends on all federal highways,” said Alex Kaplan, Senior Vice President of Global Partnership at Swiss Re. “We have to think not only about the physical destruction of these assets and the cost to replace them, but also the impact of the extreme weather and how it destroys economic productivity over the longer period of time.”

Adverse weather, one type of event that can lead to the disruptions outlined within this report, is the fifth greatest concern for business continuity professionals have, as identified in the Business Continuity Institute's latest Horizon Scan Report, with more than half (51%) of respondents to a global survey expressing concern about the potential of a disruption caused by such an event. Earthquakes and tsunamis were much further down in 18th place, with 25% expressing concern, although these types of event are much more region specific.

“Natural disasters and climate-related, severe weather events pose real risks to vulnerable communities and are currently costing billions in damages globally,” said Celeste Connors, a former White House official on climate change and Johns Hopkins SAIS faculty advisor. “Local governments are taking the lead in reducing this risk by investing forward in resilient infrastructure systems. New and innovative financing mechanisms and partnerships can play a key role in helping governments manage their risk.”

The Business Continuity Institute

Ransomware has soared since 2012, with criminals lured by the promise of profit and ease of implementation. The threat continues to evolve, becoming stealthier and more destructive, increasingly targeting organizations more than individuals because the potential returns are much higher.

The indiscriminate WannaCry attack in May affected more than a quarter of a million computers across 150 countries in its first few days, crippling critical infrastructure and organizations. Some organizations are still struggling to recover from NotPetya attacks in June.

The total number of users who encountered ransomware between April 2016 and March 2017 rose by 11.4% compared to the previous 12 months, from 2,315,931 to 2,581,026 users around the world.

To help combat the threat, the No More Ransom initiative was launched a year ago by the Dutch National PoliceEuropolMcAfee and Kaspersky Lab. Today there are more than 100 partners, as major ransomware attacks continue to dominate the news, hitting organizations, governments and individuals all over the world. The site now carries 54 decryption tools, provided by nine partners and covering 104 types (families) of ransomware. So far, these tools have managed to decrypt more than 28,000 devices, depriving cyber criminals of an estimated €8 million in ransoms.

The success of the No More Ransom initiative is a shared success, one that cannot be achieved by law enforcement or private industry alone. By joining forces, it has enhanced the ability to take on the criminals and stop them from harming people, organizations and critical infrastructure, once and for all.

Law enforcement globally, in close cooperation with private partners, has ongoing investigations into ransomware criminals and infrastructure. However, prevention is no doubt better than cure. Internet users need to avoid becoming a victim in the first place.

With the infected computers or networks becoming unusable until a ransom has been paid or the data has been recovered, it is clear to see why these types of attack can be a concern for business continuity professionals. The latest Horizon Scan Report published by the Business Continuity Institute revealed cyber attacks as the number one concern.

The Business Continuity Institute

In 2014, the UK experienced what was described as extensive flooding, and while the BCI’s Central Office wasn’t directly impacted, or at least water didn’t access the building, it did prove to be disruptive in terms of staff getting to work. Several employees were forced to work from home for a few days as the roads they would normally have taken to get to work were under water.

That winter a succession of storms hit the UK leading to record rainfall and flooding in many regions. The south-east was affected quite badly with many towns, particularly those along the River Thames, experiencing severe flooding. But it was the south-west that was worse hit as much of Somerset was underwater for over a month. December 2015 brought more bad weather to the UK when Storm Desmond hit the north-west causing widespread flooding and storm damage.

The Met Office in the UK claim that, by their very nature, extreme events like this are rare, but how rare are they exactly? The Met Office decided that a novel research method was needed to quantify the risk of extreme rainfall within the current climate, and came up with the UNprecedented Simulated Extremes using Ensembles (UNSEEN) method which has been used as part of the recent UK Government National Flood Resilience Review (NFRR)+ when the Met Office was asked to estimate the potential likelihood and severity of record-breaking rainfall over the UK for the next 10 years.

The good news is that we are now better able to predict the weather. The bad news is that the forecast isn’t very good. The research carried out by the Met Office found that, for England and Wales, there is a 1 in 3 chance of a new monthly rainfall record in at least one region each winter.

In the south-east there is a 7% risk of a monthly record extreme in any given winter during the next few years. Across the whole of England and Wales that risk rises to 34% chance of an extreme event happening in at least one of those regions each year. Furthermore, the research indicated that there was a 30% that these events could break existing records by up to 30%.

What does this mean for business continuity and resilience professionals? In the first instance it means that there’s a very good chance of an extreme weather event hitting somewhere in England and Wales, but where? The 2014 storms largely affected the south of country while the 2014 storms affected the north. So while one part of the country was badly affected, many other places were not.

How do business continuity and resilience professionals determine what level of investment is required to protect against the impact of such events? How do you balance the level of investment required with probability of the event occurring? Presumably similar discussions take place on the other side of the Atlantic. We know with a great deal of certainty that a hurricane will, in all likelihood, hit the eastern seaboard of the US each year, but where? Should you invest heavily when there is a very good chance that the severe weather won’t actually affect your region?

Of course the other argument is that organizations shouldn’t be preparing for specific events anyway and it doesn’t really matter whether a storm hits. What matters is that the organization has a plan in place to deal with loss of building, loss of IT, loss of staff etc, regardless of what the cause is.

What is for sure is that business continuity professionals should be using data like this to help inform their own horizon scanning process and get a get a clearer understanding of what their overall risk exposure is, which can then be incorporated into the development of their business continuity programme.

How does your organization prepare for such events and what tools do you use to assess the threat?

Your thoughts, as always, are welcome.

David Thorp
Executive Director of the Business Continuity Institute

Tuesday, 25 July 2017 14:37

BCI: Preparing for a storm

The Business Continuity Institute

Global economic losses resulting from natural disasters during the first half of 2017 were estimated at US$53 billion – 56% lower than the 10-year average of US$122 billion, and 39% lower than the 17-year average of US$87 billion. This is according to Aon Benfield's Global Catastrophe Recap: First Half of 2017 Report. Meanwhile, insured losses were preliminarily estimated at US$22 billion – 35% lower than the 10-year average of US$34 billion, and 12% lower than the 17-year average of US$25 billion.

According to the report, the severe convective storm peril was the costliest disaster type on an economic basis (nearly US$26 billion) during the first half of 2017, comprising 48% of the loss total. The majority of these losses (US$23 billion) were attributable to events in the United States. These types of events also caused the majority of insurance losses (US$17+ billion), comprising 78% of the loss total, and with nearly US$16 billion attributable to widespread hail, damaging straight-line winds, and tornadoes in the US.

Natural disasters claimed at least 2,782 lives during the first half of 2017, the lowest figure since 1986 and significantly below the long-term (1980-2016) average of 40,867. Flooding was the deadliest peril during the period, being responsible for at least 1,806 deaths.

Steve Bowen, Impact Forecasting director and meteorologist, said: "The financial toll from natural catastrophe events during the first six months of 2017 may not have been historic, but it was enough to lead to challenges for governments and the insurance industry around the world. This was especially true in the United States after the insurance industry faced its second-costliest first half on record following a relentless six months of hail-driven severe weather damage. In fact, nearly eight out of ten monetary insurance payouts for global disasters were related to the severe convective storm peril. Other events – such as Cyclone Debbie in Australia, flooding in China and Peru, wildfires in South Africa, and a series of windstorms in Europe – led to notable economic damage costs. As we enter the second half of the year, much of the focus will be on whether an El Niño officially develops. Such an event could have a prominent influence on weather patterns and associated disaster risks."

The report highlights that the US recorded 76% of the global losses sustained by public and private insurance entities during the first half of 2017, while EMEA (Europe, Middle East and Africa) and Asia-Pacific (APAC) each accounted for 10%.

Around 42% of the global economic losses during this time period were covered by insurance, above both the near- and medium-term average of 32% and due to the fact that the majority of losses occurred in the US However, insurance take-up rates continued to grow in other areas, notably Asia-Pacific (APAC) and the Americas.

Adverse weather has consistently been a top ten threat for business continuity and resilience professionals, according to the Business Continuity Institute’s annual Horizon Scan Report. In the latest edition, more than half of respondents to a global survey expressed concern about the prospect of this type of disruptive event materialising. When you analyse the results further to only include respondents from countries where these types of events are relatively frequent, countries such as the United States, the level of concern increases considerably.

The Business Continuity Institute

IT professionals believe that compliance and regulation and the unpredictable behaviour of employees will have the biggest impact on data security, according to a survey commissioned by HANDD Business Solutions.

The UK study found that 21% of respondents say regulations, legislation and compliance will be one of the two greatest business challenges to impact data security. The General Data Protection Regulation (GDPR) is causing real concern among professionals in their bid to be compliant by the deadline in less than 12 months. GDPR will not only raise the privacy bar for companies across the EU, but will also impose extra data protection burdens on them.

HANDD CEO and Co-Founder, Ian Davin, commented: “Companies must change their mindset and look at data, not as a fungible commodity, but as a valuable asset. Data is more valuable than a pot of gold, which puts companies in a challenging position as the stewards of that data. C-suite executives must understand the data protection challenges they face and implement a considered plan and methodical approach to protecting sensitive data.”

Worryingly, 41% of those surveyed assign the same level of security resources and spend for all company data, regardless of its importance. Analysing and documenting the characteristics of each data item is a vital part of its journey through an organization. A robust data classification system will see all data tagged with markers defining useful attributes, such as sensitivity level or a retention requirement and ensuring that an organization understands completely which data requires greater levels of protection.

While 43% of those surveyed think that employees are an organization’s greatest asset, more than a fifth (21%) believe that the behaviour of employees and their reactions to social engineering attacks, which can trick them into sharing user credentials and sensitive data, also poses a big challenge to data security.

Danny Maher, CTO at HANDD, commented: “Employees are probably your biggest asset, yet they are also your weakest link, and so raising user awareness and improving security consciousness are hugely important for companies that want to drive a culture of security throughout their organization.”

Storage is also a key problem area, with more than a third (35%) citing that ensuring data is stored securely, and whether it's on premise or in the cloud, as their biggest challenge and most likely to keep them awake at night. A data record’s classification will enable a company to make these decisions, automatically and definitively dictating its location and whether an encryption policy should apply.

Having stored data to comply with its security policy, an organization must ensure that an access management system is in place, which understands roles and responsibilities and allows users to see only the information that they need. In HANDD’s survey, less than half (45%) of IT professionals are confident that they have an identity access management process in place which dictates that users must have different privileges depending on their roles and responsibilities, while 15% have no access management system in place at all.

Data breaches, and the disruptive impact they can have on an organization, are the second greatest concern for business continuity and resilience professionals, according to the Business Continuity Institute's latest Horizon Scan Report. 81% of respondents to a global survey expressed concern about the prospect of a breach occurring, making it essential that organizations have mechanisms in place to reduce the chances of a breach occurring, and also have plans in place to respond to such an incident and help lessen its impact.

The Business Continuity Institute

 

Canadian businesses are lagging in their risk management approach and are more vulnerable to disruption when compared to their global counterparts, according to a report published by PwC Canada.

Managing risk from the front line revealed that 66% of Canadian respondents (vs 75% globally) had mandatory ethics and compliance training for all employees. When new risks emerge, less than 33% of Canadian businesses (vs 50% globally) reported periodic staff education about new or existing potential risks.

The report also found that future areas of risk and disruption for Canadian businesses will be in technology advancements (70% disruption predicted to 55% disruption globally), human capital (49% compared to 40%) and operations (37% to 26%). 

While Canadian businesses acknowledged that a big part of addressing their vulnerability to risk can be accomplished by moving risk management to the 'front line', many business operations are keeping risk management at the 'second line' (risk management/compliance) or 'third line' of service (internal audit).Respondents indicated that a lack of sufficient resources (skilled people) is the primary factor in preventing a shift in risk management to the first line.

The report reiterates that risk management from the second and third line does not give upper management a clear understanding of their own vulnerabilities. This type of risk management structure has resulted in an inability to manage risks effectively and adapt over time. 

"While Canadian businesses have made some progress when it comes to risk vulnerability, there is still a lot of work that needs to be done in order to catch up with their global competitors," said Kishan Dial, Partner, Risk Assurance, PwC Canada. "By moving risk management to the front line, the organization's leadership will obtain a greater understanding of the risks to their operations and enhance their capacity to manage risks in an agile and proactive way." 

The report makes three key recommendations for addressing business vulnerability:

  1. Shift duties and assign responsibilities: Each line of service should have a defined role regarding risk decisions, monitoring, oversight and assessment of vulnerabilities.
  2. Define risk appetite: Organizations must define risk appetite and leverage the technical tools available to them, including aggregation tracking and reporting.
  3. Establish a risk reporting system: Reporting structures should enable the first line of service, but also require the second and third line to monitor the first line's effectiveness.

"In order to address current and future challenges, Canadian firms must commit to strong risk management structures and processes in order to excel in an ever-evolving economy of the future," adds Dial.

The Business Continuity Institute

 

UK business leaders identify far fewer risks affecting their businesses, when compared to Germany and France, according to research from the Gowling WLG, suggesting an overly optimistic picture among UK business leaders. UK respondents consistently identified between 2% and 25% less than non-UK respondents for each risk area analysed.

The Digital Risk Calculator revealed that external cyber risks (69%) are thought to be the most concerning category of digital threat for businesses across all countries surveyed. This risk is anticipated to grow even further, with 51% of respondents believing that it will increase within the next three years. 

Commenting on the research Helen Davenport, director at Gowling WLG, said: "The recent wide ranging external cyber attacks such as the WannaCry and Petya hacks reinforce the real and immediate threat of cyber crime to all organisations and businesses.

"However, there tends to be an "it won't happen to me" attitude among business leaders, who on one hand anticipate external cyber attacks will increase over the next three years, but on the other fail to identify such areas of risk as a concern for them. This is likely preventing them from preparing suitably for digital threats that they may face."

Other digital risks of concern to participants include customer security (57%), identity theft / cloning (47%) and rogue employees (42%). More than a third of respondents (40%) also believe that the lack of sufficient technical and business knowledge amongst employees is a risk to their business.

Additionally, one third (32%) of UK businesses feel that digital risks related to regulatory issues have increased during the past three years. However, less than a third (29%) believe that regulatory issues are a risk to their business.

 

 

The Business Continuity Institute

There’s no point in saying “it will never happen to me” as disruptions are always just around the corner, regardless of what sector or location you are in. This reality was brought home to us overnight as thunderstorms with strong winds and heavy rain swept across the south of England. The problem was exacerbated by dry weather in recent months leaving the ground hard, so rain water could not easily soak away, resulting in flash floods.

The aftermath was plain to see this morning – standing water, trees down and debris brought by the flooding scattered everywhere. Last night there were reports of the urgent need for sandbags as water levels rose, and several local restaurants had to be evacuated as the water eventually did enter the building.

Of course there’s no reason to worry and BCI Central Office is in not in any danger of flooding. But it is a reminder that we, the BCI, along with every other organization, need to have a business continuity plan to deal with such events. What would have happened if flood water had entered the building, what would have happened if staff could not get to work because of travel disruptions, what would have happened if power had been cut off due to the storms? All these things need to be considered in advance if we are to remain a functional organization despite whatever disruption comes our way.

Thankfully we do have a business continuity programme in place, so should the worst happen then we will be prepared for it. For well over a year we have had a team made up of CBCIs and DBCIs working in Central Office, led by one of our Fellows and championed by a member of the Board.

The team have been working hard to ensure that threats and consequences are analysed, priority activities are declared, and processes are in place to make sure those priority activities can continue in the event of a disruption. To date it has worked, but we would never rest on our laurels and become complacent, rather we ensure it is an evolving process that continues to develop based on changes at Central Office, the result of actual disruptions, or the outcome of exercises.

This programme will be developed further as we are now recruiting for a dedicated business continuity professional to take it forward.

Business continuity is clearly important to our members, so it is vital that we practice what we preach and have a business continuity programme to be proud of, and we like to think we have achieved this.

David Thorp
Executive Director of the Business Continuity Institute

The Business Continuity Institute

One in eight global business decision makers believe that poor information security is the ‘single greatest risk’ to the business, according to a study by NTT Security, which also found that 57% believe a data breach to be inevitable at some point.

The 2017 Risk:Value Report highlighted that the impact of a breach will be two-fold, with respondents expecting a breach to affect their long-term ability to do business, together with short-term financial losses. More than half (55%) cite loss of customer confidence, damage to reputation (51%) and financial loss (43%), while 13% admit staff losses and 9% say senior executive resignations would impact them.

56% of business decision makers say their organization has a formal information security policy in place, up from 52% in 2015. Just over a quarter (27%) are in the process of implementing one, while 1% have no policy or plans to do so. However, while the vast majority (79%) say their security policy has been actively communicated internally, a minority (39%) says employees are fully aware of it. Germany and Austria (85%) are above average in communicating the policy, together with the US (84%) and the UK (83%).

Less than half (48%) of organizations have an incident response plan, although 31% are implementing one. But just 47% of decision maker respondents are fully aware of what the incident response plan includes.

The study also found that many global business decision makers are still unaware of the implications of the forthcoming General Data Protection Regulation (GDPR), as well as other compliance regulations, with one in five admitting they do not know which regulations their organization is subject to. Just four in ten (40%) respondents globally believe their organization will be subject to the EU GDPR.

Coming into force in May 2018, the legislation leaves companies with less than a year to comply with strict new regulations around data privacy and security and could result in penalties of up to €20 million or 4% of global annual turnover, whichever is higher.

With data management and storage a key component of the GDPR, the report also reveals that a third of respondents do not know where their organization’s data is stored, while just 47% say all of their critical data is securely stored. Of those who know where their data is, fewer than half (45%) describe themselves as ‘definitely aware’ of how new regulations will affect their organization’s data storage.

Data breaches are already the second greatest cause of concern for business continuity professionals, according to the Business Continuity Institute's latest Horizon Scan Report, and once this legislation comes into force, bringing with it higher penalties than already exist, this level of concern is only likely to increase. Organizations need to make sure they are aware of the requirements of the GDPR, and ensure that their data protection processes are robust enough to meet these requirements.

“In an uncertain world, there is one thing organizations can be sure of and that’s the need to mark the date of 25 May 2018 in their calendars," according to Garry Sidaway, SVP Security Strategy & Alliances at NTT Security. “While the GDPR is a European data protection initiative, the impact will be felt right across the world for anyone who collects or retains personally identifiable data from any individual in Europe. Our report clearly indicates that a significant number do not yet have it on their radar or are ignoring it. Unfortunately many organizations see compliance as a costly exercise that delivers little or no value, however, without it, they could find themselves losing business as a result, or paying large regulatory fines."

The Business Continuity Institute

Employees at 40% of businesses across the globe hide IT security incidents in order to avoid punishment, according to a study conducted by Kapersky Lab, and the dishonesty is most challenging for larger-sized businesses. 45% of enterprises (over 1,000 employees) experience employees hiding cyber security incidents, with 42% of SMBs (50 to 999 employees), and only 29% of VSBs (under 49 employees).

The report - Human Factor in IT Security: How Employees are Making Businesses Vulnerable from Within - revealed that not only are employees hiding incidents, but also that the uninformed or careless employees are one of the most likely causes of a cyber security incident - second only to malware. While malware is becoming more and more sophisticated each day, the surprising reality is that the evergreen human factor can pose an even greater danger. 46% of IT security incidents are caused by employees each year - that’s nearly half of the business security issues faced triggered by employee behaviour.

Staff hiding the incidents that they have encountered may lead to dramatic consequences for businesses, increasing the overall damage caused. Even one unreported event could indicate a much larger breach, and security teams need to be able to quickly identify the threats they are up against to choose the right mitigation tactics.

“The problem of hiding incidents should be communicated not only to employees, but also to top management and HR departments,” said Slava Borilin, security education program manager at Kaspersky Lab. “If employees are hiding incidents, there must be a reason why. In some cases, companies introduce strict, but unclear policies and put too much pressure on staff, warning them not to do this or that, or they will be held responsible if something goes wrong. Such policies foster fears, and leave employees with only one option - to avoid punishment whatever it takes. If your cyber security culture is positive, based on an educational approach instead of a restrictive one, from the top down, the results will be obvious.”

Borilin also recalls an industrial security model, where a reporting and ‘learn by mistake’ approach are at the heart of the business. For instance, in his recent statement, Tesla’s Elon Musk requested every incident affecting worker safety to be reported directly to him, so that he can play a central role in change.

The fear businesses have of being put at risk from within is clear in the results of the survey, with the top three cyber security fears all related to human factors and employee behaviour. Businesses worry the most about employees sharing inappropriate data via mobile devices (47%), the physical loss of mobile devices exposing their company to risk (46%) and the use of inappropriate IT resources by employees (44%).

While advanced hackers might always use custom-made malware and high-tech techniques to plan a heist, they will likely start with exploiting the easiest entry point - human nature. According to the research, every third (28%) targeted attack on businesses in the last year had phishing/social engineering at its source. Sophisticated targeted attacks do not happen to organizations every day - but conventional malware does strike at mass. Unfortunately though, the research also shows that even where malware is concerned, unaware and careless employees are also often involved, causing malware infections in more than half (53%) of incidents that occurred globally.#

The human element of cyber security was the key focus of Business Continuity Awareness Week 2017, organized by the Business Continuity Institute, with the report published by the BCI identifying the simple steps that everyone can take in order to play a part in improving cyber security.

“Cyber criminals often use employees as an entry point to get inside the corporate infrastructure. Phishing emails, weak passwords, fake calls from tech support - we’ve seen it all,” said David Jacoby, security researcher at Kaspersky Lab. “Even an ordinary flash card dropped in the office parking lot or near the secretary’s desk could compromise the entire network - all you need is someone inside, who doesn’t know about, or pay attention to security, and that device could easily be connected to the network where it could reap havoc.”

The watchword for business continuity (BC) now and in the coming years will be complexity.

Evolutions in technology, organizational structure, banking, leadership, the global economy, and practically every existing discipline have begun to outstrip traditional methods that hoped to address and contain such complexity. As our everyday work moves from simple and complicated contexts (as envisioned by Ralph D. Stacey and explicated by Snowden and Boone) into complex contexts, we must create new approaches to function within the complexity. The Agile framework for project management is one such example of a new approach that embraces and thrives within complex contexts.

BC has begun to struggle with the reality of increasing complexities. Detailed recovery scripts, time-consuming BIA data collection, binders of documentation, and a linear lifecycle relatively unchanged since Y2K seem inefficient and outdated in this “Agile Age” of rapid acquisitions, social media, blockchain, holacracies, and the internet of things. The stark unpredictability of disasters combined with the nearly unimaginable constitution of the near future should give pause to anyone who believes BC can be done properly by just anyone armed with an internet template.

There is a way for BC to evolve to meet these challenges. First, it must establish a robust, theoretical foundation for the discipline, moving beyond an ad hoc collection of “professional practices.” Second, it must identify and implement alternative approaches that are nonlinear, iterative, and adaptive. Third, practitioners must find new and better ways to share proven practices with each other, and to offer real critique of both new and old practices. Fourth, the best BC professionals will no longer frame their work in terms of plans, but now in terms of portfolios, an evolving collection of recovery capabilities that can be brought to bear in times of adversity and disaster.

In this lecture, I provide an approach to establish a Business Continuity Portfolio Management Office (BC PMO). While this very brief presentation covers a lot of material (perhaps too much), it contains almost all the necessary theoretical and practical elements to provide a proper foundation for those who will create the very first BC PMOs in the industry.

– David Lindstedt, PhD, PMP, CBCP

David Lindstedt is the founder of Readiness Analytics, an organization focused on metrics, measures, and KPIs for recovery capabilities. Dr. Lindstedt is the co-author (along with Mark Armour) of the "Adaptive BC Manifesto and the Adaptive Business Continuity." He is also the creator of several supporting web sites including AdaptiveBCP.org, ReadinessTest.com, and Jeomby.com. Dr. Lindstedt has published in international journals and presented at numerous international conferences. He taught for Norwich University's Master of Science in Business Continuity Management.

The Business Continuity Institute

In the context of the manufacturing industry, business continuity is about ensuring products continue to reach and be delivered to customers, regardless of any internal problems or issues as that arise.

Like all businesses, manufacturers need to identify their critical value adding business activities and processes, focus on keeping them operational or getting them back to full operational capacity in a set time frame, regardless of the issues. This will then maintain the product delivery to the end consumers.

The basic principle of a manufacturer is to convert inputs (raw materials, ingredients, chemicals) into an output/product for sale. This is achieved by inputs undergoing transformational processes along the production line which add value at each stage. Labour, machinery and other tools combine to produce this production capability and thus, by the end of the whole production line, there is a product ready for sale.

What does a manufacturer need to consider to ensure business continuity?

To run a manufacturing production line effectively, you need to avoid disruptions in three key areas;

  • Staffing
  • Materials/Inputs
  • Machinery

Staff

In manufacturing, staff are needed to maintain and control the production line, ensure it stays operational and to spot early warning signs of any problems. Staff are integral in keeping the production line functional.

Ensuring staff have the proper training needed is vital to operational success. Lack of training amongst staff will cause mistakes and cause disruptions anywhere along the production line. Investing time and money in preparing a training package for new and current staff will help minimize mistakes and disruption.

Cross-training should also be considered. Training staff across the full range of business activities will ensure business activity continues if at any time a vital member of staff were to leave, fall sick or take holidays at busy periods.

Efficient staff recruitment processes may also be of value. Losing a number of employees simultaneously will cause disruptions and increased pressure on remaining staff (again, highlighting the importance of cross-training). Having other options such as agency workers or temporary staff is much quicker and easier to implement in the short term, allowing business to continue until more permanent positions are filled.

Materials/Inputs

Inputs and raw materials are particularly important for manufacturers because without inputs, there can be no final output which in turn means no sales.

If a manufacturer limits themselves to one supplier of a material, and that supplier is unable to supply the material needed, then the manufacturer is also unable to produce their products. Therefore, manufacturers should have a diverse supply chain. Sourcing multiple suppliers of raw materials will minimize the risk and impact on the manufacturing process. If the primary supplier is unable to supply, the manufacturer has secondary options and ensure business continues.

No business wants faulty goods as this may mean product recalls and tarnish the brand image. Faulty goods can be a direct result of poor quality materials or inputs. Therefore, manufacturers should implement a quality Inspection procedure upon receiving the materials. This will help to ensure the inputs are of the required standard the manufacturer desires and reducing disruptions further along the production process.

Other non-tangible aspects also must be considered. For example, electricity supply is paramount to a manufacturer as it powers the machinery and other processes. Without it, the whole business grinds to a halt. Having a back-up generator installed will ensure business and manufacturing activities continue despite of power shortages or prolonged power cuts.

Machinery

It is essential that you have factory equipment and tools fully functioning to carry out the manufacturing process. As a result, maintaining and checking that equipment is safe to use to critical.

You need to spend enough to ensure your machinery and equipment meets regulatory standards, preventative maintenance is a must for all manufacturing businesses. Preventive maintenance works on the same principle as servicing your car, except that servicing factory machinery tends to be a lot more costly! This is very important. Waiting until the machine breaks means you’ve waited too long!

The harsh reality is that customers have little interest in understanding manufacturing problems. They react in the same way you react to your suppliers, all you care about is the fact that they’re late. Customers are the same, they need their products, and if they can’t get them from their chosen source they might just go elsewhere!

Michael Conway is a founding director of Renaissance Contingency Services since 1987. He established Renaissance as Ireland’s premier IT Security Distributor and leading Independent Business Continuity Consultancy provider.

The Business Continuity Institute

“Trust takes years to build, seconds to break, and forever to repair,” or so the quote says. While there may be a degree of flexibility with those timings, the principle that it takes much longer to build a reputation than to break it is absolute. Reputation means a lot to organizations and constitutes a significant proportion of its value.

I have been reading a lot of articles recently about reputation and the number of organizations that have had their reputation damaged, sometimes through no fault of their own.

We published an article recently about false claims against travel operators and the affect these claims, however inaccurate they are, can have on the reputation of the business. Why would you go on holiday with a travel operator that has a high rate of sickness among its guests?

There was a story this morning published by the BBC that discussed how it will take a generation for Chelsea and Kensington Council to be trusted again following the Grenfell Tower fire. When people feel so let down by an organization, especially in a situation when lives have been lost, it is not easy to forget that and move on.

And we are inundated with stories of organizations that have experienced a data breach and consumers beginning to question why it cannot protect its data.

Damage to reputation can be devastating for an organization and perhaps the most famous story of all when it comes to reputation and the sudden loss of it, is that of Ratners, the high street jewellers. In his speech to the Institute of Directors, the chief executive of the company – Gerald Ratner – included the line:

"We also do cut-glass sherry decanters complete with six glasses on a silver-plated tray that your butler can serve you drinks on, all for £4.95. People say, "How can you sell this for such a low price?", I say, "because it's total crap."

The next day the share price plummeted and the company was on the brink of collapse.

It is this potentially disastrous impact that damage to your reputation can have that makes it a business continuity issue. Of course, that’s not to say that reputation management is the responsibility of the business continuity department, because clearly it’s not. But it is something that the business continuity department can play a role in.

Arguably loss of trust should be considered in the same light as loss of IT, loss of power, loss of building etc. The organization needs to consider what the potential impact could be, how the impact could be mitigated against, and what mechanisms could be put in place to ensure the organization continues to operate effectively and prevent it from being too disruptive

This is perhaps the perfect example of what we at the BCI have been speaking a lot about recently - management disciplines cannot work in silos any longer. On matters of reputation business continuity professionals should be engaging with communications professionals to ensure that crisis communications plans are in place and that the organization is prepared.

Is that easier said than done? Are we making progress in this respect? Your thoughts, as always, are welcome.

David Thorp
Executive Director of the Business Continuity Institute

Wednesday, 12 July 2017 15:56

BCI: Protecting your reputation

The Business Continuity Institute

The latest Salary Benchmarking Report published by the Business Continuity Institute has shown a clear gender pay-gap across multiple demographics within the business continuity industry. The report suggests that the profession, and arguably society as a whole, contains some major disadvantages that need to be addressed urgently.

The BCI's Global Salary Benchmarking Report is a study of over 1,000 business continuity and resilience professionals that seeks to discover the remuneration packages that those in the industry receive, whether it is salary, bonus or other benefits. In addition to the global report, there are also region-specific reports for AustralasiaEuropeNorth AmericaUK and USA.

Perhaps the most alarming finding of the report is that Europe has the most notable pay-gap between genders as, on average, males earn a salary that is 64% higher than females. In North America they earn 24% more, while in Central and Latin America the gap is 19%. In Sub-Saharan Africa and Australasia the gap drops to 12% and 11% respectively. In the Middle East and North Africa, the gap is significantly reduced with only 3% difference between males and females. The report identified that only in Asia did females, on average, earn more than males.

When the results are broken down by level of education, regardless of whether the respondents had the equivalent of A-levels, an undergraduate degree or a postgraduate degree, males still earned more than females. For those with A-Levels, or their equivalent, there is a 7% gap, and for those with a postgraduate degree there is an 11% gap. However, for those with an undergraduate degree, males earn a third more than females.

Analysing the results on the basis of age shows that the difference in the ‘18-34’ category was marginal, but it increased to 16% in the ‘35-44’ category, and up to 25% in the ‘45-64’ category, showing that the gap widens as careers progress. Or, more to the point, it perhaps suggests that females are not progressing in their career at the same pace as males.

Experience also affected the gender pay gap. One of the few categories where females had a higher salary than males was in the ‘0-9 years' experience’ category, but this soon changed as males with ‘10-19 years' experience’ earned about a third more than females in the same category. The gap narrowed again as males with ‘20-29 years’ experience’ and ‘30+ years' experience’ earned 21% and 14% more respectively.

Whatever way the data is broken down, in the vast majority of cases, males receive greater remuneration than females, even when they are at the same level. Of course there may be other factors involved, but the results very much suggest an imbalance in pay between male and female business continuity professionals.

“As a profession we need to do more to ensure that there is diversity and equality,” said David Thorp, Executive Director of the BCI. “We should not have barriers in place that exclude 50% of the population from wanting to be a business continuity and resilience professional, and clearly taking home less pay at the end of the month is a barrier.”

Founded in 1994 with the aim of promoting a more resilient world, the Business Continuity Institute (BCI) has established itself as the world’s leading Institute for business continuity and resilience. The BCI has become the membership and certifying organization of choice for business continuity and resilience professionals globally with over 8,000 members in more than 100 countries, working in an estimated 3,000 organizations in the private, public and third sectors.

The vast experience of the Institute’s broad membership and partner network is built into its world class education, continuing professional development and networking activities. Every year, more than 1,500 people choose BCI training, with options ranging from short awareness raising tools to a full academic qualification, available online and in a classroom. The Institute stands for excellence in the resilience profession and its globally recognised Certified grades provide assurance of technical and professional competency. The BCI offers a wide range of resources for professionals seeking to raise their organization’s level of resilience, and its extensive thought leadership and research programme helps drive the industry forward. With approximately 120 Partners worldwide, the BCI Partnership offers organizations the opportunity to work with the BCI in promoting best practice in business continuity and resilience.

The BCI welcomes everyone with an interest in building resilient organizations from newcomers, experienced professionals and organizations. Further information about the BCI is available at www.thebci.org.

The Business Continuity Institute

Quite often with cyber security, the public sees what might appear to be a game of cat and mouse: the perpetrators (bad guys) attack, then the cyber security establishment (government, private companies, and so on; the good guys) defend and try to plug, patch, and repair the problem after the fact. What we are missing in this picture—what may not be reported, or underreported - is how many companies and organizations are unaffected, as well as those who may have been impacted but are hesitant to admit this and risk bad publicity.

The latest example of this is the WannaCry attack, which now looks like it came from the North Korean-affiliated Lazarus group. This attack would have been defeated if organizations simply allowed computers running Microsoft-based operating systems to install the update that would have fixed the vulnerability. With personal computers, most users allow this to operate automatically, but with corporate computers this task is generally taken care of by an IT department that often runs several versions of Windows behind.

It is interesting that, according to reports, this ransomware attack - which claims to encrypt all of users’ files and offers a payment-based decryption service to restore them - has only generated $50,000 in ransom. However, it is our guess that this number is severely underreported; we have found few people like to admit to having been a victim of this kind of attack, just as users affected by Nigerian scams often deny being victims. It’s also interesting to speculate whether people will continue to pay any ransom given that, according to reports, no one who’s paid the ransom thus far has had their files decrypted.

How can organizations break this vicious cat-and-mouse cycle? One way to effectively build and maintain organizational resilience on an enterprise level is creating a cyber security program that repels and recovers from cyber attacks, following the Four Rs of Resilience: Robustness, Redundancy, Resourcefulness, and Rapidity. For our purposes with regards to WannaCry, let’s focus on just two factors: Robustness and Redundancy.

Robustness is the ability of systems and elements to withstand disaster forces without significant degradation or loss of performance. The simple fix here is making sure all operating systems are updated, including any systems by vendors, home systems that may be used (or prevented from accessing corporate systems) and tertiary systems an organization relies on. More sophisticated solutions such as software defined perimeter would also have prevented the attack, by establishing a dark layer and credentialing process, restricting access.

Redundancy is the extent to which systems and elements or other units are substitutable or capable of satisfying functional requirements, if significant degradation or loss of functionality occur. Regular backups would remove the concern about having data encrypted or destroyed as users could just retrieve the same data from their backup.

So in short, what’s the best way to keep your personal and organizational data safe in the age of WannaCry? It may seem simple, but it’s the most basic cyber security advice for a reason: update and backup your files. Frequently.

Andrew Boyarsky and Douglas Graham are the academic director of the master’s program in enterprise risk management at the Mordecai D. and Monique C. Katz School of Graduate and Professional Studies at Yeshiva University and an advisory council member at the Katz School, respectively. The opinions expressed above are solely those of the authors and should not be attributed to Yeshiva University.

The UK may not be hit by monsoons, but it has had its share of overflowing rivers and torrential rain wreaking havoc on British homes over the last decade.

It’s particularly England and Wales that have suffered from flooding issues; Hull in 2007, Cumbria in 2009 and many UK areas in the 2013/14 winter. The Environment Agency estimate that five million Brits actually live or work in flood danger zones.

Needless to say, if your home is listed as a flood risk, it’s important to protect the property as much as you can from any potential dangers. You should also be sure to have adequate home insurance in the event your property is affected by flooding. It’s also worth knowing a little about Flood Re, a collaborative project between the Government and insurance companies. This scheme, launching during 2015, will ensure home insurance is available and affordable for properties at high risk of flooding.

With that said, no insurance can cover you protect you from the disruption and emotional trauma caused from flooding in your home or business. What’s more, many people seem unsure how best to protect their properties. What action can you take to minimise the impact of flooding on your property?

...

http://www.polygongroup.com/resources/flood-preparation-planning/

The Business Continuity Institute

Lax approaches to popular threats such as email attachments, and inadequate threat-awareness, poor work-practices and out-of-date technology, are exposing organizations to hacking, ransomware and zero-day attacks, says a report published by Glasswall Solutions.

Your employees won't protect you noted that the vast majority (82%) of respondents to a survey usually or always opened email attachments if they appear to be from a known contact, despite the prevalence of well-known sophisticated social engineering attacks. Of these respondents, 44% open these email attachments consistently every time they receive one, leaving organizations highly vulnerable to data breaches sourced to malicious attachments.

"Employees need to trust their emails to get on with their work, but with 94% of targeted cyber-attacks now beginning with malicious code hidden in an email attachment, the security of major businesses should no longer be the responsibility of individual office-workers," said Greg Sim, CEO of Glasswall Solutions. "Conventional antivirus and sandboxing solutions are no longer effective and relying on the vigilance of employees clearly leaves a business open to devastating cyber-attacks that will siphon off precious data or hold the business to ransom."

A large majority of workers could at least identify characteristics of a phishing attack, with 76% acknowledging that they had received suspicious attachments. However, the survey also found that 58% of respondents usually opened email attachments from unknown senders, while 62% didn't check email attachments from unknown sources, leaving businesses open to breaches from documents carrying malicious exploits hidden inside common file-types such as Word, Excel, PDFs and more.

These findings help demonstrate why cyber attacks and data breaches are such a concern for business continuity and resilience professionals, as highlighted in the Business Continuity Institute's latest Horizon scan Report. It also reinforces the theme for Business Continuity Awareness Week which highlights that cyber security is everyone's responsibility, and with a little more awareness on the right policies and procedures, we can all play a part in building a resilient organization.

"This research confirms anecdotal evidence that, although security awareness campaigns have their place, all too often they fail to equip workers with effective strategies for protecting data and systems," said professor Andrew Martin at the University of Oxford. "Technology that's fit for purpose reduces risks without placing added burdens on those simply trying to do their jobs."

This implicit trust in both familiar and unknown emails stands in direct contrast to the scale of threats delivered via email. Despite thousands of attacks launched every year against businesses, only 33% of respondents maintained that they had been victim of a cyber attack. And almost a quarter (24%) said they did not know if they had been attacked or not.

North American insurers lead the way in IT spending globally and will invest $73 billion in tech areas such as data analytics, cloud, and insurtech in 2017.

Digital Insurance reports that global IT spending by insurers is slated to reach $185 billion by the end of this year, according to the Celent “IT Spending in Insurance 2017” report.

After North America, insurer technology spending by region is as follows: Europe ($69 billion); Asia ($33 billion); Latin America ($5 billion); then a group of territories comprising Africa, the Middle East and Eastern Europe (around $5 billion collectively).

...

http://www.iii.org/insuranceindustryblog/?p=4962

There's a good chance you've considered the implications of machine learning for your security team. As data increases, the skill gap widens, and hackers' strategies get more complex, businesses struggle to detect and address cyberattacks.

Machine learning enables behavioral analytics and cognitive security to detonate attachments before they arrive in someone's inbox, or correlate types of activity across a network of thousands of users.

The ability to stop attacks before they occur is powerful, but how should security leaders start the process of making their systems smarter with machine learning?

...

http://www.darkreading.com/analytics/machine-learning-in-security-4-factors-to-consider/d/d-id/1328704

The Business Continuity Institute

Cyber espionage is now the most common type of attack seen in manufacturing, the public sector and education, warns Verizon's latest Data Breach Investigations Report. Much of this is due to the high proliferation of propriety research, prototypes and confidential personal data, which are hot-ticket items for cyber criminals. Nearly 2,000 breaches were analyzed in this year’s report and more than 300 were espionage-related, many of which started life as phishing emails.

In addition, organized criminal groups have escalated their use of ransomware to extort money from victims with this year’s report showing a 50% increase in ransomware attacks compared to last year. Despite this increase and the related media coverage surrounding the use of ransomware, many organizations still rely on out-of-date security solutions and aren’t investing in security precautions. In essence, they’re opting to pay a ransom demand rather than to invest in security services that could mitigate against a cyber attack.

“Insights provided in the DBIR are leveling the cyber security playing field,” said George Fischer, president of Verizon Enterprise Solutions. “Our data is giving governments and organizations the information they need to anticipate cyber attacks and more effectively mitigate cyber risk. By analyzing data from our own security team and that of other leading security practitioners from around the world, we’re able to offer valuable intelligence that can be used to transform an organization’s risk profile.”

Cyber security is also a major concern for business continuity professionals, with cyber attacks and data breaches featuring as the top two threats yet again in the Business Continuity institute's latest Horizon Scan Report. It is for this reason that it was chosen as the theme for Business Continuity Awareness Week 2017 with the intention of improving an organization's overall resilience by enhancing its cyber resilience, and recognising that people are key to achieving this.

“Cyber attacks targeting the human factor are still a major issue,” says Bryan Sartin, executive director, Global Security Services, Verizon Enterprise Solutions. “Cyber criminals concentrate on four key drivers of human behaviour to encourage individuals to disclose information: eagerness, distraction, curiosity and uncertainty. And as our report shows, it is working, with a significant increase in both phishing and pretexting this year.”

With 81% of hacking-related breaches leveraging either stolen passwords and/or weak or guessable passwords, getting the basics right is as important as ever before. Some recommendations for organizations and individuals alike include:

  1. Stay vigilant - log files and change management systems can give you early warning of a breach.
  2. Make people your first line of defence - train staff to spot the warning signs.
  3. Keep data on a “need to know” basis - only employees that need access to systems to do their jobs should have it.
  4. Patch promptly - this could guard against many attacks.
  5. Encrypt sensitive data - make your data next to useless if it is stolen.
  6. Use two-factor authentication - this can limit the damage that can be done with lost or stolen credentials.
  7. Don’t forget physical security - not all data theft happens online.

“Our report demonstrates that there is no such thing as an impenetrable system, but doing the basics well makes a real difference. Often, even a basic defence will deter cyber criminals who will move on to look for an easier target," concludes Sartin.

Sixty-four percent of security professionals doubt their organizations can prevent a breach to employees' mobile devices, a recent Dimensional Research survey [PDF] of 410 security leaders found.

The survey, sponsored by Check Point Software, also found that 20 percent of businesses have experienced a mobile breach, and another 24 percent don't know, or can't tell, whether they've experienced one.

Strikingly, 51 percent of respondents believe the risk of mobile data loss is equal to or greater than that for PCs.

"Perhaps the high level of concern is based on the frequency of mobile device loss or theft, as well as the limited security measures companies use to protect enterprise mobile devices," the report states.

...

http://www.esecurityplanet.com/mobile-security/64-percent-of-security-pros-cant-stop-a-mobile-data-breach.html

The Business Continuity Institute

 

We have recently seen how quickly a crisis can impact on a business if not managed correctly by placing people at the heart of a crisis response.

The appalling treatment of a United Airlines passenger and the subsequent response from the company, showed a complete disregard for the very people who pay the wages, its customers. 

As crisis managers we all advocate the importance of plans and procedures to ensure that in the event of something going wrong, the crisis management teams responsible have a framework to guide them, however, at the heart of this has to be the right culture.

The power of the internet is immense and you only have one opportunity to set the tone of your response when something does go wrong. You should have clear processes, procedures and ways of working that staff fully understand, but most importantly you must have a culture that ensures that people are at the heart of what you do. 

If your customers are your number one priority, regardless of the nature of the incident, it is very likely your crisis managers will respond with that in mind.

I was reading an article during the past week written by Michael Balboni of Redland Strategies, and one of the keynote speakers at last year's BCI World Conference, where he highlighted the four key points to consider in your crisis communications. These points can be summarised as:

  1. Try to get out ahead of the story with statements like, "We are also concerned about the events as reported and are conducting an investigation."
  2. Whatever the message, be consistent. Changing statements leaves room for doubt on a whole bunch of aspects.
  3. Never attack the victim! Ever! The customer is the only reason that a business is in business, or a government official is in office.
  4. Respond to the internet firestorm with facts and apologies and a description of how you will try to prevent this situation from ever repeating. Never try to block people from commenting.

When you are next reviewing your ways of working and approach to crisis communications make sure you keep this in mind. Most importantly though remember: “It is not the employer who pays the wages. Employers only handle the money. It is the customer who pays the wages” --- Henry Ford.

Are you satisfied that your company culture sets the right tone to respond effectively to a major incident or crisis event?

Chris Regan is the Director of Blue Rock Risk Limited a specialist crisis and risk management consultancy. Chris works with both private and public sector clients to help them plan, prepare and respond effectively to a wide range of crisis and risk issues. Chris can be contacted by email at This email address is being protected from spambots. You need JavaScript enabled to view it. or by telephone 0117 244 0154.

The Business Continuity Institute

Ever wondered what all the different terms or acronyms relating to business continuity mean? Now the Business Continuity Institute has made it easier for you to find out with the creation of its joint BCI DRJ Glossary of Business Continuity Terms.

This new glossary is a result of merging the definitions from the ‘Business Continuity Glossary by DRJ’, the BCI’s Dictionary of Business Continuity Management Terms and the glossary in the Good Practice Guidelines.

The combined glossary contains all terms approved by the DRJ Editorial Advisory Board’s Glossary of Terms Committee, which includes representation from the BCI. This joint effort is evidence of the continuing and deepening partnership between DRJ and the BCI. The glossary is one of many resources available as part of our knowledge bank, and it can be downloaded from the BCI website.

The Business Continuity Institute

It seems impossible to think about preparedness planning without thinking about time. Time is often at the very heart of any discussion of business continuity and IT disaster recovery. Nonetheless, there are deep flaws in the continued attempts to incorporate it into preparedness planning. These flaws lead to frustrated participants, disengaged managers, wasted effort and dubious outcomes. However, these flaws are avoidable and correctable.

In the latest edition of the Business Continuity Institute's Working Paper Series, David Lindstedt asserts that time is not a target; rather, it is a constraint. While it has its place in preparedness planning, time does not warrant its central focus in our methodology or practice.

Deborah Higgins FBCI, Head of Professional Development at the BCI, commented: "I welcome this paper as it challenges our thinking associated with preparedness planning. I see this work as a fantastic opportunity for fellow professionals to share their own experiences and explore how the theoretical arguments posed in this piece translate into practice."

"I would be happy to get your feedback on this as your engagement will ultimately drive our profession forward – considering the thorny problems we face together and applying our collective expertise to improve current practice."

The paper concludes that, when considering time, "it depends” is now a perfectly acceptable answer from the planning participant, and accepting this answer allows the planning practitioner to be more receptive, adaptive, and effective. The approach enables participants to self-assess restrictions rather than relying on the practitioner to facilitate the assessment of time requirements, thus allowing the practitioner to engage at a more strategic level.

In practical terms, the professional avoids any potential confrontation with regard to discussions about time. In theoretical terms, the professional does not fall into any traps, as time is discussed only as a constraint to recovery activities, not a target that has to be set without the proper ability to do so. And in financial terms, the organization will not waste money preparing to hit targets of time that are arbitrary at best and misleading at worst.

Download your free copy of 'Our deep misunderstanding of time in preparedness planning' to understand more about the concept of time as a constraint rather than a concept when managing your business continuity management programme.

Fully 86 percent of small to medium enterprises (SMEs) have less than 10 percent of their total IT budget allocated to cyber security and 75 percent have between zero and two IT security staff members, according to the results of a recent EiQ Networks survey of more than 150 SME IT security professionals.

"One of the most striking results is how little SMEs are spending on cyber security as compared to the overall IT budget -- despite the very high risks they face daily from ransomware, phishing, and zero-day attacks, to name just a few," EiQ Networks founder and CEO Vijay Basani said in a statement.

"Without the IT security resources and expertise necessary to continually monitor, detect, and respond to security incidents, SMEs are simply exposing themselves to loss of revenue, brand equity, IP, and customer data on a daily basis," Basani added.

...

http://www.esecurityplanet.com/network-security/86-percent-of-smes-are-underfunding-cyber-security.html

By Louis Imershein, VP Products and Wayne Salpietro, Director of Marketing

Permabit Technology Corp

The cloud continues to dominate IT as businesses make their infrastructure decisions based on cost and agility. Public cloud, where shared infrastructure is paid for and utilized only when needed, is the most popular model today. However, more and more organizations are addressing security concerns by creating their own private clouds. As businesses deploy private cloud infrastructure, they are adopting techniques used in the public cloud to control costs. Gone are the traditional arrays and network switches of the past, replaced with software-defined data centers running on industry standard servers.

Efficiency features make the cloud model more effective by reducing costs and increasing data transfer speeds. One such feature, which is particularly effective in cloud environments is inline data reduction. This is a technology that can be used to lower the costs of data in flight and at rest. In fact, data reduction delivers unique benefits to each of the cloud deployment models.

Public Clouds

The public cloud’s raison d’etre is its ability to deliver IT business agility, deployment flexibility and elasticity. As a result, new workloads are increasingly deployed in public clouds.  Worldwide public IT cloud service revenue in 2018 is predicted to be $127B.  

Data reduction technology minimizes public cloud costs. For example, deduplication and compression typically cut capacity requirements of block storage in enterprise public cloud deployments by up to 6:1.  These savings are realized in reduced storage consumption and operating costs in public cloud deployments.   

Consider AWS costs employing data reduction;

If you provision a 300 TB of EBS General Purpose SSD (gp2) storage for 12 hours per day over a 30 day month in a region that charges $0.10 per GB-month, you would be charged $15,000 for the storage.

With data reduction, that monthly cost of $15,000 would be reduced to $2,500.  Over a 12 month period you will save $150,000.   Capacity planning is a simpler problem when it is 1/6th its former size.  Bottom line, data reduction increases agility and reduces costs of public clouds.

One data reduction application that can readily be applied in public cloud is Permabit’s Virtual Disk Optimizer (VDO) which is a pre-packaged software solution that installs and deploys in minutes on Red Hat Enterprise Linux and Ubuntu LTS Linux distributions. To deploy VDO in Amazon AWS, the administrator provisions Elastic Block Storage (EBS) volumes, installs the VDO package into their VMs and applies VDO to the block devices represented for their EBS volumes.  Since VDO is implemented in the Linux device mapper, it is transparent to the applications installed above it.

As data is written out to block storage volumes, VDO applies three reduction techniques:

  1. Zero-block elimination uses pattern matching techniques to eliminate 4 KB zero blocks

  2. Inline Deduplication eliminates 4 KB duplicate blocks

  3. HIOPS Compression™ compresses remaining blocks 

cloud1

This approach results in remarkable 6:1 data reduction rates across a wide range of data sets. 

Private Cloud

Organizations see similar benefits when they deploy data reduction in their private cloud environments. Private cloud deployments are selected over public because they offer the increased flexibility of the public cloud model but keep privacy and security under their own control. IDC predicts in 2017 $17.2B in infrastructure spending for private cloud, including on-premises and hosted private clouds.

One problem that data reduction addresses for the private cloud is that, when implementing private cloud, organizations can get hit with the double whammy of hardware infrastructure costs plus annual software licensing costs. For example, Software Defined Storage (SDS) solutions are typically licensed by capacity and their costs are directly proportional to hardware infrastructure storage expenses. Data reduction decreases storage costs because it reduces storage capacity consumption. For example, deduplication and compression typically cut capacity requirements of block storage in enterprise deployments by up to 6:1 or approximately 85%.

Consider a private cloud configuration with a 1 PB deployment of storage infrastructure and SDS. Assuming a current hardware cost of $500 per TB for commodity server-based storage infrastructure with datacenter-class SSDs and a cost of $56,000 per 512 TB for the SDS component, users would pay $612,000 in the first year. In addition, software subscriptions are annual, over three years you will spend $836,000 for 1 PB of storage and over five years, $1,060,000.

The same configuration with 6:1 data reduction in comparison over five years will cost $176,667 for hardware and software resulting in $883,333 in savings. And that’s not including the additional substantial savings in power cooling and space. As businesses develop private cloud deployments, they must be sure it has data reduction capabilities because the cost savings are compelling.

When implementing private cloud on Linux, the easiest way to include data reduction is with Permabit Virtual Data Optimizer (VDO). VDO operates in the Linux kernel as one of many core data management services and is a device mapper target driver transparent to persistent and ephemeral storage services whether the storage layers above are providing object, block, compute, or file based access.

VDO - Seamless and Transparent Data Reduction

cloud2

The same transparency applies to the applications running above the storage service level. Customers using VDO today realize savings up to 6:1 across a wide range of use cases.

Some workflows that benefit heavily from data reduction are;

  • Logging: messaging, events, system and application logs

  • Monitoring: alerting, and tracing systems

  • Database: databases with textual content, NOSQL approaches such as MongoDB and Hadoop

  • User Data: home directories, development build environments

  • Virtualization and containers: virtual server, VDI, and container system image storage

  • Live system backups: used for rapid disaster recovery

With data reduction, cumulative cost savings can be achieved across a wide range of use cases which makes data reduction so attractive for private cloud deployments.

Reducing Hybrid Cloud's Highly Redundant Data

Storage is at the foundation of cloud services and almost universally data in the cloud must be replicated for data safety. Hybrid cloud architectures that combine on-premise resources (private cloud) with colocation, private and multiple public clouds result in highly redundant data environments. IDC’s FutureScape report finds “Over 80% of enterprise IT organizations will commit to hybrid cloud architectures, encompassing multiple public cloud services, as well as private clouds by the end of 2017.” (IDC 259840)

Depending on a single cloud storage provider for storage services can risk SLA targets. Consider the widespread AWS S3 storage errors that occurred on February 28th 2017, where data was not available to clients for several hours. Because of loss of data access businesses may have lost millions of dollars of revenue. As a result today more enterprises are pursuing a “Cloud of Clouds” approach where data is redundantly distributed across multiple clouds for data safety and accessibility. But unfortunately, because of the data redundancy, this approach increases storage capacity consumption and cost.

That’s where data reduction comes in. In hybrid cloud deployments where data is replicated to the participating clouds, data reduction multiplies capacity and cost savings. If 3 copies of the data are kept in 3 different clouds, 3 times as much is saved. Take the private cloud example above where data reduction drove down the costs of a 1 PB deployment to $176,667, resulting in $883,333 in savings over five years. If that PB is replicated in 3 different clouds, the savings would be multiplied by 3 for a total savings of $2,649,999.

Permabit’s Virtual Data Optimizer (VDO) provides the perfect solution to address the multi-site storage capacity and bandwidth challenges faced in hybrid cloud environments. Its advanced data reduction capabilities have the same impact on bandwidth consumption as they do on storage and translates to a 6X reduction in network bandwidth consumption and associated cost.  Because VDO operates at the device level, it can sit above block-level replication products to optimize data before data is written out and replicated.

Summary

IT professionals are finding that the future of IT infrastructure lies in the cloud. Data reduction technologies enable clouds - public, private and hybrid to deliver on their promise of safety, agility and elasticity at the lowest possible cost making cloud the deployment model of choice for IT infrastructure going forward."

Global Economic losses from disaster events almost doubled in 2016 to $175 billion from $94 billion in 2015, according to the most recent Sigma Study from the Swiss Re Institute.

Insured losses also rose steeply to $54 billion in 2016 from $38 billion in 2015, the study found. This led to a “protection gap,” as the company calls it, of some $121 billion, the difference between economic and insured losses, a figure highly indicative of the opportunity for greater insurance penetration, according to Swiss Re. “The shortfall in insurance relative to total economic losses from all disaster events…indicates the large opportunity for insurance to help strengthen worldwide resilience against disaster events,” said the report. The gap was $56 billion in 2015.

Total economic and insured losses in 2015 and 2016:

...

http://www.riskmanagementmonitor.com/disaster-losses-climb-as-protection-gap-widens-sigma-study/

Gemalto yesterday released the findings of its Breach Level Index for 2016, which states that 1,792 data breaches worldwide led to the compromise of almost 1.4 billion data records last year, an increase of 86 percent over the previous year.

Identity theft was the leading type of data breach in 2016, accounting for 59 percent of all data breaches.

The second most common type of breach was account access based breaches, accounting for 54 percent of all breached records, a surge of 336 percent over 2015.

...

http://www.esecurityplanet.com/network-security/1.4-billion-data-records-compromised-in-2016.html

Wednesday, 29 March 2017 13:56

1.4 Billion Data Records Exposed in 2016

Not all emergency communication software is created equal. Here are four tips to help you choose the best system for your organization

There are several emergency notification software vendors who offer a variety of features and functionalities that organizations can leverage to improve their communication strategy. While many of these capabilities may seem beneficial, it is important to focus on the specific needs of your organization when evaluating technologies. Too many complex features can make the software overwhelming and difficult to use, slowing adoption and adding extra steps to the process of sending important communications. Ultimately, you want to find a reliable platform that can send quick and effective notifications to keep your people safe, informed, and connected.

Here are four key factors to consider when choosing the best emergency notification system for your organization:

Evaluate your needs and assess your risk

When designing an emergency communication plan, start by understanding what is at risk: your people, facilities, parts and products, intellectual property, technology, and automobiles and/or fleet. All of your assets, and the operations that depend on these assets, are at risk when an emergency arises.

Ask yourself, what are the emergencies that are most likely to occur? IT outages, weather-related incidents, power failures, and security lockdowns are the most common. Each location where your company operates, including home offices, may have different variables and risks to evaluate. Consider the weather and geological events prone in those areas, security and IT support in those facilities, the nearest emergency response organizations and hospitals, and the number of employees who may be affected.

Each facility likely differs as far as how buildings and workspaces are designed, evacuation routes, surrounding streets and neighborhoods, and even the demographics of the staff located in each building. Some locations may have handicapped employees, elderly, or even children in an office daycare. Are there elevators or stairwells? An easy route for emergency vehicles? Are there any hazardous materials stored at any of the locations? All of these factors may come into play during an emergency and you need to be equipped with the right technology to effectively communicate with your people. Thinking through all of the possible scenarios, and thinking through what communication steps will be required, will help you decide which software solution makes the most sense.
Look for software vendors that provide the features and functionality you need.

Emergency communication platforms differ greatly and the ideal product will be customized to your organization’s specific needs and requirements. Some of the key characteristics you will want to look for in an emergency communication system will include:

  • Intuitive user experience
  • Two-way communications
  • Multi-channel delivery
  • Compatibility with any device
  • Measurement tools, analytics, and reporting
  • Dedicated customer support

One of the most important features to look for in an emergency notification system is an intuitive user experience. When you are under time pressure or stress from an impending crisis, you need to know that you can quickly and accurately operate the system within seconds. Some solutions were built decades ago and have continued to add features to a legacy system. These often require time and effort to integrate with your existing systems. Instead, find modern software that was built during the smartphone era. Modern platforms will be much easier to adopt and maintain. In fact, the best solutions today are cloud-based so you never need to worry about maintenance. They can provide a more reliable and secure platform you know will be there when you need it most.

Two-way communication is relatively new and mirrors the expectations the audience has: to be a part of the conversation. Social media has changed our perceptions of how we should communicate and now more than ever, people insist on being a contributor and engaging in dialogue. Modern mass communication systems value employee feedback and input. In fact, it is the first-hand eyewitnesses that can often offer the most insight during a situation. The right system will allow your people to initiate communications, which makes sense since they may be the first ones to be witness to an incident.

Multi-channel communication options are critical, as employees are more mobile than ever, and as your people communicate in a greater variety of ways than ever before. A communication system needs to enable more than just phone and email communications. It must include any and all channels your employees are using, such as text messages, native apps, social media, Slack, and more.
Gone are the days of employees sitting at their desks from 8 a.m. to 5 p.m. Monday through Friday. We are constantly traveling, working remotely from home, an airport, a coffee shop, or a hotel. You need a system that can send notifications and alerts simultaneously across all devices, anywhere in the world. Not only will this ensure the highest receive rate, but it will also get the employees’ attention as all channels are activated at once.

Measuring the success of a notification is an important step in the process and the well-being of your people. A great communication system will give you the analytics you need to determine if your notification was effective, measuring how each delivery channel performed, open rates for notifications, response rates, and employee feedback. Using these metrics and additional detailed reports, you can help improve emergency plans, find gaps in message coverage, and identify areas for overall improvement.

And finally, the best emergency communication vendors provide you with dedicated customer support that you can access 24/7. From implementation to every day operations, it is important to know that you have a live resource at your fingertips to assist you or answer your questions.

Make sure the software is easy to implement

Adding a new communication system does not end with your software selection. The right software will offer you features and functionalities you did not have before, but those can only be effective if people are empowered to use them.

If your system of choice is intuitive and easy-to-use, then it will not require extensive training, and you can easily add new users who can access the platform and send messages during critical events without pause or confusion. Knowing when and how to use the system, knowing what situations are considered worth acting on, and knowing who is to receive the communications – this all takes planning, but you can soften those challenges by selecting the right partner. And the key to selecting the right partner is ensuring that they have a customer support representative dedicated to your account to walk you through each step of the process.

The most important step in implementing a communication system is to customize the software for your organization’s structure and geography. Every location will have its own list of employees, potential threats, and other considerations. The right communication system will automate much of this for you, particularly if it is integrated with your HR application. Setting up the directories should not take long but can save you invaluable time when a critical situation arises.

In our fast-paced world, you want to ensure that you can send messages on-the-go. One of your first priorities will be to download your vendor of choice mobile app on all of your devices to ensure you can send and receive notifications at all times.

You can further customize the software to include the channels you know are most prevalent in your organization. Does your company use two-way radios? Flashing lights? Whatever channel you want to include should be able to be easily added and modified at will using an Application Program Interface (API). Keep in mind that with the help of customer support, you can use an API to integrate all of your existing systems and any customized channels you will want to add to the communications software.

Look for a system that allows you to pre-build templates for every channel, as well as the ability to customize your messages. If you know of certain situations when an automated notification can be sent, such as weather alerts or schedule changes, go ahead and create it. Otherwise, learn how to build your own message on the fly quickly so you are familiar with the steps during an emergency event.

And finally, familiarize your organization with the system by sending a test message. Use the system to notify employees about the new system. Check to see if everyone received the notification, which channels delivered the notification, how long it took for the notification to be drafted and sent, and if the message sent was the right message.

Once a vendor is chosen do not be afraid to ask for help if you need it. The vendor should provide implementation and configuration support around the clock as part of the contract.

Consider other uses for the system

If you choose the right emergency communication system, you will quickly find that it is useful for a wide variety of other business needs. In fact, the system can be used in any situation where a large number of employees need critical or time-sensitive information.
Some of the more interesting ways a communication system can be used is with logistics and scheduling. Generally, organizations with scheduled shift workers and/or fleet drivers have to manage a lot of moving parts. Using the system to communicate back and forth with these employees can be much more efficient than most dispatch systems.

Event planning, guest communications, and volunteer coordination are all eased with a mass communication system. Again, because the system can engage people across channels and devices, messages, alerts, notifications, and tips can all be received more reliably. Some organizations are foregoing time-consuming email newsletters for instant notifications using a mass communication system.

Some common non-emergency uses of mass notification systems include:

  • Weather-related notifications that may impact classes, events, or games
  • Traffic alerts
  • Members-only notifications
  • Billing alerts
  • Venue changes
  • Event updates and reminders
  • Parking tips
  • Closings or delays
  • Shipping notifications
  • Appointment/reservation reminders
  • Guest, customer, or employee surveys

If you aren’t sure which system is best for your organization, see if the vendors you are considering offer demonstrations or trial periods. While you evaluate the technology, keep a close eye on the level of service. You want people who know not only communications, but your industry. They should provide around-the-clock support with real people answering the calls so you know in an emergency, you can talk to a live person.

No matter the size of your organization, you and your employees deserve to work in a safe environment. Once you have chosen a great solution, you will be able to take comfort in knowing you have something in place to keep everyone informed and connected. By doing your homework on the front end and choosing the right emergency notification vendor, you will greatly increase the odds of your organization getting through an emergency safely and with very little impact on operations.

brett1About the author
Brett Andrew is VP of Sales and Marketing for AlertMedia, the fastest-growing mass communications provider in the world, offering an easy-to-use software platform that combines multi-channel messaging and monitoring to keep people safe, informed, and connected. Brett can be reached at This email address is being protected from spambots. You need JavaScript enabled to view it. or 800 826-0777.

The Business Continuity Institute

With an increasing volume of conversation taking place around the concept of ‘organizational resilience’, business continuity management professionals are taking advantage of this to expand their own remit and improve their career opportunities. These are the findings of a new report published jointly by PwC and the Business Continuity Institute.

The report – What does the future hold of business continuity management professionals? – was the outcome of a survey carried out by the BCI, as well as a breakout session held at the BCI World Conference. The findings showed that nearly two-thirds of respondents (62%) reported that their remit is expanding beyond traditional business continuity management, with over half (53%) noting that they’re working more closely with information security, just less than half (45%) with risk management and 4 out of ten (42%) with IT.

Why is increased collaboration important? The vast majority (90%) agreed that resilience is greater when the management disciplines are more joined up.

The growing interest in resilience is increasing career opportunities for business continuity professionals with more than half (56%) saying it opens up more options. As a result, 6 in ten (60%) want additional qualifications, and over a quarter already have a Masters degree.

Of course there were other insights into the profession that were revealed by the survey. Nearly three-quarters of respondents (72%) were male, and while this may not be an accurate reflection of the industry, it is indicative of a significant gender imbalance.

The report concludes that business continuity management continues to present an interesting and varied career that gives post holders a "spectacular understanding of their organization" and a "brilliant network of contacts within it." These conclusions are consistent with the BCI’s position statement on organizational resilience published in 2016 and is a positive reflection that the business continuity profession is still evolving with the business continuity management discipline itself is a key contributor to a more resilient society.

You can learn more about organizational resilience by taking the BCI's new course - Introduction to Organizational Resilience. This course will provide students with a practical approach to build on the foundation of their existing skills and knowledge in order to develop and enhance the resilience capability within their organizations.

Rumors had been flying for some time about SimpliVity needing additional funding, and that HPE had made an offer that was unacceptably low at $650 Million. Clearly, these were more than casually well-informed rumors, since HPE announced on January 17 that it would be acquiring SimpliVity for $650 Million in cash. Was this a fair price? That is hard to say. Since I’m not really an equity analyst, I will spend no more time on this other than to say that it is far short of the kinds of valuations that the industry was expecting. Competitor Nutanix’s current market capitalization is slightly over $4B, which is more than a bit rich for such a company. Despite its high growth rates, it has yet to turn a profit.

But pricing aside, was it a smart move for HPE? Absolutely. It’s , and certainly one that helps shatter the perception that HPE always overpays for its acquisitions, even when they are strategically sound. SimpliVity was essentially tied for first place in our recent Forrester’s recent Wave™ report on Hyperconverged Infrastructure Solutions, coming in substantially stronger than HPE’s own HC380 product.

The fit with HPE for SimpliVity’s solution is impressive because:

...

http://blogs.forrester.com/richard_fichera/17-01-23-hpe_acquires_simplivity_strong_tactical_move_with_strategic_ramifications_for_the_hci_landscape

Page 2 of 2