Spring World 2017

Conference & Exhibit

Attend The #1 BC/DR Event!

Spring Journal

Volume 30, Issue 1

Full Contents Now Available!

Industry Hot News

Industry Hot News (7047)

VIRGINIA BEACH, Va. —Even if you have homeowners’, renters’ or flood insurance, you are urged to register with the Federal Emergency Management Agency (FEMA). Registering with FEMA is a primary step in qualifying for disaster assistance after contacting your insurance agent to see if disaster damage is covered.

In the aftermath of Hurricane Matthew, FEMA is advising survivors who live in Chesapeake, Newport News, Norfolk or Virginia Beach with property damage to contact both their insurance company and FEMA. Tuesday, Jan. 3, 2017 is the last day to apply to FEMA for disaster assistance.

If you are a homeowner or renter with insurance and your home or personal property was damaged by the storm:

  • You must contact your insurance agent to file a claim with your insurance company.

  • You should be prepared to fully describe to your agent the damage caused by the storms.

  • You should keep a record of all contact you have with the agent and the insurance company.

  • You should keep a record of the claim number and the date you called to make the claim.

  • Always keep all damage repair receipts.

  • FEMA will send you a letter requesting insurance claim documentation, such as a decision letter (settlement or denial) from your insurance company, in order to further process your application.

FEMA cannot duplicate benefits that are covered by insurance, but you may be eligible for help with losses not covered or those in excess of your insurance coverage. However, you will not be considered for this assistance until FEMA receives a decision letter from your insurance company.

Homeowners and renters may be eligible for FEMA Other Needs Assistance (ONA) grants to help with uninsured or underinsured expenses and serious needs caused by the disaster, including:

  • Medical

  • Dental

  • Child care and

  • Funeral cost

Survivors who register and receive a Small Business Administration (SBA) low-interest disaster loan application should return the application. SBA applicants are not obligated to accept a loan; however, completing the application may make available additional FEMA assistance. Applicants who may not qualify for a SBA loan may be eligible for Other Needs Assistance.

FEMA encourages both insured and uninsured survivors who sustained disaster-related damage or losses to apply by phone (voice, 711 or relay service) at 800-621-3362 (TTY users should call 800-462-7585) or online at DisasterAssistance.gov. The toll-free lines are available from 7 a.m. to 11 p.m., seven days a week. Multilingual operators are available. Jan. 3, 2017 is the last day for survivors to file an application.

The Business Continuity Institute - Nov 14, 2016 00:01 GMT

Organizations exposed to significant risk due to lack of workplace recovery arrangements

Caversham, UK – A disconnect exists between business continuity professionals and end users when it comes to workplace recovery, according to a report published by the Business Continuity Institute and supported by Regus Workplace Recovery. The global study showed that, while only 12% of business continuity experts confirm their organization lacks a workplace recovery arrangement, 31% of end users claimed their employers don’t have any arrangements in place, or they are unaware of what they are.

The Workplace Recovery Report noted that even organizations with workplace recovery arrangements in place face risk and uncertainty when it comes to actual recovery plan implementation. One of every five experts feel uncomfortable that their organization’s employees will execute their work area recovery solution as planned, while 17% of end users are not comfortable they can carry on services in the case of an area-wide event.

Other findings of the report include:

  • 37% of end users are either unaware or unable to provide feedback on their organization’s workplace recovery arrangements
  • 26% of end users and 16% of experts feel that their organization’s business continuity priorities are not fully consistent with end user priorities
  • Three quarters of end users consider themselves critical, while 64% of experts believe only 20% of employees fall in this category
  • Nearly four out of every five end users believe that there is a workplace recovery plan for them in the case of a disruption
  • Work-from-home received less consideration as a workplace recovery approach from experts than from employees (26% vs 44%)
  • 45% of end users are not happy to work from home for more than two weeks
  • When deciding whether to work from an alternative location or from home, 32% of employees base their decision on ease of reaching alternative sites, while 20% focus on access to key enterprise systems, and 15% on having appropriate office infrastructure

The success of a chosen strategy such as workplace recovery depends on its proper implementation by staff, led by a capable business continuity or resilience team. The results reveal that experts have a basic level of confidence in the capability of staff to effectively execute workplace recovery during disruption. However, there are still gaps in awareness and implementation that need to be addressed.

The safety of employees remains a key priority for both workplace recovery experts and end users. This needs to be articulated by practitioners as it can facilitate staff buy-in into workplace recovery and enable embedding of business continuity throughout the organization. While priorities among experts and end users differ down the line, it is useful to communicate the importance of workplace recovery as a chosen strategy in appropriate language and along staff priorities.

Many employees also reveal a preference for working from home during an incident. This may be related to their desire to be close to their families during a crisis – a fact that should be strongly considered prior to selecting a single recovery facility that is a long distance from where the employee lives. This also carries significant implications to organizations such as ensuring that employees’ homes are conducive to such an arrangement from a business continuity, risk or health and safety perspective.

Patrick Alcantara DBCI, Senior Research Associate at the BCI and author of the report, commented: “When executed properly, in line with a holistic business continuity programme, workplace recovery can help build resilience within organizations. As part of business continuity strategy for many organizations, it is important to benchmark workplace recovery leading to better planning and implementation. The BCI Workplace Recovery Report aims to respond to practitioner demand and provide much needed insight in this subject, and we would like to thank Regus for supporting this work.

Joe Sullivan, Managing Director for Workplace Recovery at Regus, commented: “With natural disasters impossible to predict and an increased risk from other world events, the need to have an established workplace recovery plan is greater than ever. We feel that when disaster strikes, ensuring your people have a secure and productive work environment is harder than recovering your IT. We need to understand how employees will react in the aftermath of a crisis – this research starts to take a look at these behaviours and it is the first of its kind to do so.

Download a copy of the Workplace Recovery Report by clicking here.

About the Business Continuity Institute

Founded in 1994 with the aim of promoting a more resilient world, the Business Continuity Institute (BCI) has established itself as the world’s leading Institute for business continuity and resilience. The BCI has become the membership and certifying organization of choice for business continuity and resilience professionals globally with over 8,000 members in more than 100 countries, working in an estimated 3,000 organizations in the private, public and third sectors.

The vast experience of the Institute’s broad membership and partner network is built into its world class education, continuing professional development and networking activities. Every year, more than 1,500 people choose BCI training, with options ranging from short awareness raising tools to a full academic qualification, available online and in a classroom. The Institute stands for excellence in the resilience profession and its globally recognised Certified grades provide assurance of technical and professional competency. The BCI offers a wide range of resources for professionals seeking to raise their organization’s level of resilience, and its extensive thought leadership and research programme helps drive the industry forward. With approximately 120 Partners worldwide, the BCI Partnership offers organizations the opportunity to work with the BCI in promoting best practice in business continuity and resilience.

The BCI welcomes everyone with an interest in building resilient organizations from newcomers, experienced professionals and organizations. Further information about the BCI is available at www.thebci.org.

About Regus

Regus is the world’s largest provider of flexible workspace solutions and workplace recovery services, with a mission to enable individuals and businesses to work where they want, when they want, how they want, and at a range of price points. Leveraging a global network of 3000 business centres in 900 cities across 120 countries, their solutions are designed to meet the needs of today’s global, mobile and remote workforce.

The Regus Dynamic Workplace Recovery solution has revolutionised workplace recovery by enabling businesses to choose where and how to recover after an event, and was awarded the 2016 BCI European and Asia Awards for Continuity and Resilience Innovation.

Regus was founded in Brussels, Belgium, in 1989 and is based in Luxembourg. It is listed on the London Stock Exchange and is a constituent of the FTSE 250 Index. To learn more about how we are changing the world of workplace recovery, please visit

www.regusworkplacerecovery.com

There’s no question that there is a need for solid cybersecurity awareness training. Yet, how effective is it, really? A couple of studies I’ve seen recently make it seem like you can provide all of the cybersecurity education you want, but it won’t make any difference if your employees are ignoring whatever they are taught.

Research from CEB found that 90 percent are not following cybersecurity policies that are meant to prevent data breaches and other security threats, and doing so willingly. One of the biggest rule breakers is the use of shadow IT, with employees using their own devices and applications without company permission or approvals. For the employees, it’s about convenience, familiarity and better productivity. For IT and security staff, it’s a potential cybersecurity nightmare. As Brian Lee, Data Privacy practice leader with CEB, told Infosecurity Magazine:

Employees will often work around controls — especially ones they feel are onerous — as a way to make their job easier. This 'rationalized noncompliance' can not only increase privacy risks, but even jeopardize corporate strategy and ultimately growth.

...

http://www.itbusinessedge.com/blogs/data-security/cybersecurity-training-and-policies-are-useless-if-ignored.html

On October 21, 2016, the U.S. was the victim of a massive, malicious and blindsiding assault—without a foreign machine gun, grenade launcher or tank so much as touching American soil. How is that possible? Because we’re not talking not about a physical attack, but about a cyber attack. And here’s the worst part: While this recent event might have been the largest of its kind to date, it’s not going to be the last.

Understanding the Attack

So how did cyber attackers manage to take down the internet? That’s where it gets really scary. They used malware to infect the personal devices of hundreds of thousands of unsuspecting people, then used them to flood a middleman website, Dyn, with so much traffic that users were unable to access their online destinations, including prominent websites like Spotify, Amazon, Twitter, PayPal and Netflix. A Dyn spokesperson described the attack, which was conducted in three waves throughout the day and involved “tens of millions of IP addresses all hitting Dyn servers at the same time,” as “well-planned and sophisticated.”

The disruption wasn’t just inconvenient, it was also costly. According to CNN, the attack may have amounted to as much as $110 million in lost revenue and sales for the impacted businesses.

...

http://blog.sendwordnow.com/a-cyber-attack-may-be-headed-your-way-are-you-ready

What is your company’s level of Active Shooter Preparedness? How ready are you for the unthinkable?

With active shooter incidents on the rise, it is more important than ever that companies are prepared for this threat. However, recent research from Everbridge and Emergency Management and Safety (EMS) Solutions shows that is not the case, with 69 percent of organizations viewing active shooter as a top threat, yet only 23.1 percent responding that they’re fully prepared. How can you ensure your organization is prepared for this significant evolving threat?

It doesn’t matter whether you are a business continuity, security, crisis manager, crisis communications or human resource professional…this narrative has something for everyone. Everyone has skin in the game.

...

https://ems-solutionsinc.com/blog/7-best-practices-active-shooter-preparedness/

Key Drivers

I recently saw an article from Campus Safety magazine that discussed how college campuses are attempting to maximize the ROI of their alert systems. This isn’t a surprise, as it has become mandatory for schools to have some sort of mass communication system in place for emergencies. Sadly, school campuses from elementary through college have lost their sense of security after so many stories of campus violence. We’ve all mourned the tragedies of Sandy Hook, Columbine, and Virginia Tech. There have been 142 school shootings in the U.S. since 2013 and nearly every state has been affected…see the above map.

On top of everything schools have to contend with each year , these horrific crimes have quickly placed campus security at the top of the priority list. The mass notification system market is responding and is expected to grow to nearly 10 billion USD by 2021, due in part to the growing demand for public safety and increased awareness for emergency communication solutions.

..

https://www.alertmedia.com/mass-texting-software-becoming-standard-protocol-for-emergency-notification/

Master data and Big Data sit on opposite ends of the data spectrum. They look different, are managed differently, and ultimately serve different purposes. However, with the proper enterprise data practices in place, these two seemingly unrelated data sets working in tandem can add value to each other, thus becoming greater than the sum of their parts.

Master data is slow changing data. Master Data refers to attributes such as name, address, phone number, emails, contacts of your customers or attributes and features of a product. Master data can also be used to slice and dice transactional data, in order to better understand a company’s business operations and opportunities. Master data is typically small – the largest online retailers may have a master customer list that is a few millions rows of data, but for the most part, master data is much smaller in scale. Master data is also significantly cleansed and is scrubbed periodically to ensure its accuracy. On the opposite end of the spectrum is Big Data. Known for its massive volume, variety and velocity, big data is generally acquired from external sources with little or no room for cleansing or scrubbing it.

Master data and big data do share one important similarity – They can both serve as great assets for those organizations that pay close attention to them. More and more companies are expanding their horizons by exploring the vast world of unstructured data from external sources, such as social media, mobile, chats and other online interactions. As a result, there is a growing challenge within these organizations to monetize the benefits, and thoroughly understand what the data is telling them beyond insights at an aggregate level.

...

http://www.enaxisconsulting.com/big-data-and-master-data-better-together/

Friday, 11 November 2016 00:00

Automation And Sharing Are Common Themes

After years of shunning automation and information sharing efforts, the security industry is now embracing them. Every vendor conference I attended this fall talked about the need to automate some security functions in order to increase security teams' efficiency and ability to quickly detect and respond to incidents. The vendors also focused on the need to break down the silos and share information across the security and IT organizations, between vendors, and throughout the security community.

Why the change? The pace of attacks along with the continued stress of resource-constrained organizations are forcing security leaders to find new solutions.

Automating some security processes helps to fill the infamous cybersecurity skills gap and provides faster threat response. Most of the automation comes in the form of orchestrating processes which support threat investigation and hunting. Automated mitigation functions like process stopping, user quarantining, IP blocking, etc. are also possible through integrations between security analytics solutions and security controls.

After years of shunning automation and information sharing efforts, the security industry is now embracing them. Every vendor conference I attended this fall talked about the need to automate some security functions in order to increase security teams' efficiency and ability to quickly detect and respond to incidents. The vendors also focused on the need to break down the silos and share information across the security and IT organizations, between vendors, and throughout the security community.

Why the change? The pace of attacks along with the continued stress of resource-constrained organizations are forcing security leaders to find new solutions.

Automating some security processes helps to fill the infamous cybersecurity skills gap and provides faster threat response. Most of the automation comes in the form of orchestrating processes which support threat investigation and hunting. Automated mitigation functions like process stopping, user quarantining, IP blocking, etc. are also possible through integrations between security analytics solutions and security controls.

...

http://blogs.forrester.com/joseph_blankenship/16-11-09-automation_and_sharing_are_common_themes

The Business Continuity Institute - Nov 11, 2016 15:20 GMT

Winning a BCI Award, whether regional or global, is a considerable achievement. It demonstrates your dedication to the industry and reflects the effort you have put in, either as an individual or as an organization. BCI Award winners act as a shining light to those around them, giving them something to aspire to and work towards. To win a BCI Award on a regular basis however, that takes something extra special.

The Business Continuity Institute is pleased to announce that the latest inductee to the Hall of Fame is ContinuitySA, the winners of three consecutive Business Continuity Provider of the Year Awards at the BCI Africa Awards.

"Winning this award for three consecutive years was a huge honour for ContinuitySA because it represents affirmation not only from our peers but also our clients. Becoming members of the BCI's Hall of Fame provides a welcome, permanent record of that achievement, and we are most grateful to the Institute for this accolade," says Michael Davies, CEO of ContinuitySA. "I wish to recognise the fact that our place in the Hall of Fame is testimony to the fantastic people of ContinuitySA past and present – this is recognition of the massive contribution they have made to our success and to the industry as a whole."

The BCI’s Hall of Fame, set up in 2015, is for those who have not only displayed a high standard of achievement, but have done so consistently. As such, only those who have won three BCI Awards within the same category will be permitted to enter.

The Business Continuity Institute - Nov 10, 2016 16:27 GMT

At a Gala Dinner at the Novotel London West Hotel, the Business Continuity Institute presented its annual Global Awards to recognise the individuals and organizations who have excelled throughout the year.

The BCI Global Awards consist of nine categories – eight of which are decided by a panel of judges with the winner of the final category (Industry Personality of the Year) being voted for by their peers.

The BCI hosted regional awards throughout 2016 with the best in business continuity and resilience from different regions across the world being celebrated in front of their peers. The Global Awards ceremony is the culmination of the awards calendar with each of the regional winners competing to be crowned the global winner. Those celebrating at the end of the evening were:

Continuity and Resilience Consultant
Paul Trebilcock FBCI, Director, JBT Global

Continuity and Resilience Professional Private Sector
Linda Laun AFBCI, Chief Continuity Architect, IBM

Continuity and Resilience Professional Public Sector
John Ball AFBCI, Business Continuity Coordinator, Surrey and Sussex Police

Continuity and Resilience Newcomer
Tamara Boon AMBCI, Business Continuity Manager, Adidas Group

Continuity and Resilience Team
Belfius Bank Belgium Business Continuity and Crisis Management Team

Continuity and Resilience Provider (Service/Product)
Fusion Risk Management Inc and the Fusion Framework BCM Software

Continuity and Resilience Innovation
Westpac Group Protective Services, Education and Awareness Team

Most Effective Recovery
VTB Capital Plc

Industry Personality
Brian Zawada FBCI, Director of Consulting Services at Avalution Consulting

In my two years as Chairman of the BCI it has been a great privilege to present the Global Awards, and to celebrate the strength and depth of talent we have in the industry," said David James-Brown FBCI, Chairman of the BCI. "The entries this year were again of an extremely high calibre and all the winners can justifiably be proud of their achievement. Those who didn't win their category are still global finalists and should be rightly proud of their achievement. The awards demonstrate that we are graced with talented people striving for excellence in what they do. There is no higher accolade in Resilience than a BCI Global Award. Thank you and well done to all the 2016 finalists.

Others celebrating on the night included Jane Grey CBCI who won the Alan Reid Education Award for achieving the highest score out of the 1284 people who sat the CBCI exam during the previous year, while Christopher Lewis DBCI won the Gold Award for being the top BCI Diploma student.

Merit Awards went to Mohan Menon AFBCI and Jim Barrow MBCI, while Achievement Awards went to Gianna Detoni AFBCI and Howard Kenny FBCI - all in recognition of the work they have done on behalf of the Institute in their local communities.

James Crask became an Honorary Member of the BCI, while Peter Power and Lesley Grimes both became Honorary Fellows - all three being awarded for the commitment they have shown to the Institute throughout their distinguished careers.

Enhanced focus on internal controls by corporate boards and regulators sometimes appears to be a post-financial crisis phenomenon. Those tasked with designing, executing and assuring the resiliency of a corporation’s internal control infrastructure sometimes struggle with articulating the business case for it, as well as defining the business need for internal controls. It is, hence, important to recognize and understand what “controls” are and their value in achieving desired outcomes.

Controls have been utilized for millennia as a means to assure that objectives are met within a range of tolerable outcomes. They have been developed and deployed to reduce uncertainty (or unwanted deviations) within a process or system to achieve a desired outcome. In the third century B.C., Ktesibios’s water clock in Alexandria, Egypt kept time by controlling the water level in a vessel. Today, internet protocol thermostats are available to remotely regulate and control temperature in our homes. There are applications of controls all around us that have become a ubiquitous part of our daily lives. Without effective and reliable controls, it is difficult to ensure outcomes, and this is particularly true for complex processes and systems in the exchange-listed options space.

...

http://corporatecomplianceinsights.com/resilient-risk-management-internal-control-infrastructure-matters/

Wednesday, 09 November 2016 00:00

Earthquake Spike in Oklahoma Linked to Fracking

A magnitude 5.0 earthquake that rocked Cushing, Oklahoma, on Nov. 6 damaged part of the city’s downtown district, but left no major damage to bridges or highways.

Early reports indicate the damage is not insignificant. A 16-block area in the hard-hit downtown has been cordoned off because of the danger posed by unstable structures and broken glass. No serious injuries or fatalities have been reported, however. Power in Cushing was out for less than an hour following the quake, and several gas leaks were attended to.

The city, which has a population of 7,900, is noted as the world’s largest oil storage terminal and has experienced 19 earthquakes in just the past week, raising safety concerns. As of last week, the town’s tank farms held 58.5 million barrels of crude oil, according to the U.S. Energy Information Administration. The number of earthquakes in the area has also risen exponentially. During the first half of this year, 618 temblors of M2.8 or greater have shaken Oklahoma.

...

http://www.riskmanagementmonitor.com/earthquake-spike-in-oklahoma-linked-to-fracking/

In developing functional disaster recovery strategies and plans, planners should consider these 10 ideas to ensure effectiveness:

  1. Don’t confine yourself to traditional methods or thoughts. For example, you may develop the documentation during an exercise while the individuals are performing the tasks. Participants can note the steps and take screen shots while performing the actions.
  2. Maintain risk management, conduct risk assessments, and develop a risk management culture. Your risk profile will drive changes to the defined strategies and requirements. Mitigation of risk may allow for less complex or lower cost solutions. It also creates a “risk and continuous improvement” environment vs. a “recovery is a project with an end” based culture.

...

https://www.mha-it.com/2016/11/developing-disaster-recovery-strategies/

Tuesday, 08 November 2016 00:00

What Now for the Hybrid Cloud?

It may have taken a little while, but a critical mass of enterprises has now developed private cloud architectures at sufficient scale to start thinking about tying them to public resources to create the so-called hybrid cloud.

And in traditional IT fashion, it turns out that the reality of this moment is quite a bit different from the expectation. Not only are hybrids more complicated than originally thought, there is growing suspicion that the rationales for creating them in the first place are not all they were cracked up to be.

In the first place, it is becoming clear that cloud architectures – whether public, private or hybrid – will not follow the standard generic infrastructure model of legacy infrastructure. Rather, hybrids will be built from the ground up with specific use cases in mind, which means they will differ in both form and function depending on the applications and processes they are to support.

...

http://www.itbusinessedge.com/blogs/infrastructure/what-now-for-the-hybrid-cloud.html

Tuesday, 08 November 2016 00:00

CDC: This is Your Brain on Emergencies

There’s a fire in your building. Your plane is about to crash. A woman beside you on the street suddenly collapses.

What do you do?

Well, that depends. Every one of us is at risk for these kinds of unexpected intrusions into our day-to-day lives. What you do about it depends on whether or not you’re prepared – not just physically, but also mentally.

In any situation, some things are likely to be out of your control: the size of the fire; who’s flying the plane; what’s wrong with the woman. Some things, however, are up to you. Being aware of how you might react can go a long way toward making a bad situation better.

Know thyself

In a crisis, your brain is going to want to make decisions, and not always the best ones. The good news is there are steps you can take to be a better decision-maker in emergencies. There is science behind the way people react to stressful situations, and we can use it to our advantage.

Science tells us that people behave in high stress incidents in certain ways. What you do will be dependent in large part on what your stress level is. If your heart rate soars above about 175 beats per minute, you’re more likely to go into shutdown mode and not be able to think clearly or act. A technique called “combat breathing” (inhale through your nose, hold, exhale through your mouth, hold) has been shown to reduce your heart rate by 20-30 beats per minute. Controlling your emotion and stress level will help as you go through the decision-making process.

A Perfect Stranger FEMA video‘A Perfect Stranger’ tells the story of Kinneil and Angelia and the event that brought the two women together.

During the decision-making process, your mind will most likely move through three stages:

  • Denial
  • Deliberation
  • Decisive action

Knowing these stages – and preparing for them ahead of time – can help you recognize and deal with what’s going on around you more effectively.

Denial: This is not happening

Have you ever heard gunfire in your neighborhood and blamed it on a firecracker? That’s denial. And it’s perfectly normal. We don’t want to believe bad things are happening. We don’t want to panic or look silly.

In emergencies, we often look to people around us for cues about what we should do. (Is everyone else running and screaming, or are they sitting quietly in their chairs? Are others stopping to help?) This is known as social proof. Social proof is a psychological phenomenon that happens whenever people aren’t sure what to do. We assume others around us know more about the situation, and so we do what they do, whether it’s the right thing or not.

We also know that a person is less likely to take responsibility when others are present. We assume that other people are responsible for taking action, or that they’ve already done so. This is called diffusion of responsibility, and it means you’re actually more likely to get help when you’re with a single person than when you’re in a large group of people.

We are all susceptible to believing these things, which make it easy to deny that 1) an emergency is really happening, or 2) we need to do something about it.

Deliberation: What are my options?

Once you’ve recognized the emergency, you’ll begin to consider your options. If you’re smart, you’ve already started this process before the emergency happens. Maybe you participated in a fire drill at work, or you counted exactly how many rows there are between you and the emergency exit on the plane, or you took a first aid class in your community. The more you’ve prepared, the more options you’ll have to work with.

One thing you can do to prepare everywhere you go is called scripting. All it requires is a little bit of imagination. Pay attention to your surroundings and see what’s available to you. Check for exits (and consider windows as possible exits). Be nosy, especially when it concerns your safety. Then run different scenarios in your head. Where would you go if you had to get out? Who would you call if you needed help? What will you do if there’s a fire? A robbery? A bomb threat? Think about the possibilities ahead of time.

Everybody hates the idea that we practice for emergency events. Fire drills… ugh. But it’s practice, and practice helps you understand what to do or how to react when you don’t have a lot of time. Not only can practice save your life, but if you know how to save yourself, emergency responders on the scene can use their time and effort to save others. You’re one less person who needs saving, and that saves lives.

Decisive action: It’s go time!

You’ve acknowledged there’s a problem. You’ve considered your options. The next step is to take decisive action. With all the information you have, what are you going to do next?

Before you take action:

  • Calm yourself
  • Shift your emotion. If you do get mad, use that anger as energy.
  • Stay fit – if you’re more fit, you’re likely to be more rational

Now is the time to put your plans into motion. Go to the exit, call for help, take cover, give CPR… whatever you’ve decided to do.

In most crisis situations, there is no definite right or wrong. There is no perfect way – only the best we can do. The most important thing is to do something. In almost every case, an imperfect plan is better than no plan, and action is better than inaction.

Remember, if you depend on everyone else to take care of you, you’re leaving the most important person out. Don’t wait to make a plan. Know yourself, know your situation, and be prepared to save your own life.

References and Resources

  • Advanced Law Enforcement Rapid Response Training, Texas State University, Civilian Response To An Active Shooter Event (CRASE).  
  • Ripley, Amanda (2008).  The Unthinkable: Who Survives When Disaster Strikes And Why. New York. Three Rivers Press.
  • Video: “A Perfect Stranger” (FEMA)
  • Video: The Bystander Effect
  • Podcast: Stress Response

Complacency puts them at legal and professional risk, LeClairRyan attorney Christopher Wiech says in recent blog post

ATLANTA, Ga. — When cyber criminals attack retailers and other businesses – potentially placing the data of millions of people at risk – C-level executives like CEOs and CIOs may lose their jobs and could be exposed to crippling lawsuits, warns Christopher A. Wiech, a partner in national law firm LeClairRyan’s Atlanta office.

There may be a lack of understanding and communication across the C-Suite when it comes to cybersecurity practices, says Wiech, a member of LeClairRyan’s Privacy and Data Security Practice who explores these issues in a recent blog, The C-Suite’s Perspective on Cybersecurity and Liability. His post appears in the firm’s Information Counts blog, which focuses on privacy, data security, information technology, e-commerce and other digital issues.

A good defensive plan begins with an understanding of how your organization gathers, stores, accesses and utilizes its data, Wiech notes. “Also be aware of any government regulations that apply, as well as industry or other standards that address data gathering, storage, protection and use, like PCI (Payment Card Industry) data compliance standards,” he advises. “You need to be diligent, because your actions will be closely scrutinized in the event of a hack or other data breach.”

...

http://corporatecomplianceinsights.com/c-level-executives-may-liable-cyber-breaches/

Tuesday, 08 November 2016 00:00

Don’t Ignore Winter’s Fury: Back Up Now

As the end of year nears, businesses typically revise their fourth-quarter plans, check their progress in accomplishing annual goals, and start working on budget proposals for the following year.

Fall is a time of reflection, and MSPs should capitalize on this by bringing up business continuity strategies with clients. Winter isn’t far off and, as we reminded you in the spring, businesses will take weather patterns into consideration when planning budgets and reviewing business continuity plans.

It’s the perfect time to ask clients: “If a snowstorm shuttered your business tomorrow, how confident are you that you’ll recover your data?”

...

http://mspmentor.net/blog/don-t-ignore-winter-s-fury-back-now

The Business Continuity Institute - Nov 08, 2016 13:32 GMT

Tea. Biscuits. Gin. Tonic. Ant. Dec.

Some things are just made for each other.

They fit together. They are seamless. And they just plain work.

That is the concept at the heart of Daisy Group’s next generation business continuity offering, ‘Continuum’ – which is putting always-on infrastructure and service availability front and centre in UK’s digital transformation journey.

Business continuity has its roots in IT disaster recovery; recovering technology after fire, flood or other such disastrous events. Recovery was often measured in days and hugely reliant on manpower and deep technical expertise to succeed;

Then it became more holistic. More about the business. The people. The buildings. The detailed plans required to recover the processes and services needed to ensure the business could continue; and yet still it was focused on recovery, more than achieving truly continuous operations.

Organizational resilience became the next iteration; the ability of an organization to anticipate, prepare for, and respond/adapt to change and sudden disruptions. Many perceive resilient as ‘cannot fail’ and have abandoned the concept of planning for recovery, or securing a failsafe. For others, achieving and maintaining resiliency is a huge task – where do you start? And at what cost?

‘Continuum’ from Daisy changes everything.

No longer an insurance type approach to disasters; this next generation of BC is more resiliency meets business agility; each aspect operating above a safety net of all that is good from years of IT disaster recovery and business continuity expertise and experience.

Daisy’s Managing Director of Business Continuity - Mike Osborne - explains: “I like to think of it as joining the dots between the need to build a resilient, digital organization, whilst still maintaining the discipline of planning and testing for recovery that provides an ultimate backstop.

Continuum takes into account resilient system design using IT/Cloud dependency mapping; cyber protection and proactive monitoring; always-on connectivity; critical data protection and workplace availability. All of which support normal operations and fully functional recovery in the event of the worst case scenario. It blends modern resilient technology solutions and traditional business continuity assets to allow for a seamless transfer between businesses as usual and business during an incident.

It means one organization owning the entire SLA – whether day to day or in a disaster - all of a business’ digital components are umbrellered beneath the cohesive infrastructure of a single, capable, reliable, service availability partner.

Daisy Group – the UK’s largest independent provider of converged B2B communications and IT infrastructure services and a leading UK provider of business continuity services - launched the new offering this week at BCI World in London, the global event for business continuity professionals.

It represents a seismic shift in the way business continuity has been traditionally provisioned. Whilst the technology and workplace infrastructure delivered by Continuum includes the support of operations in a disaster, it can also flex to support peaks in demand and changing work patterns. Continuum moves away from the insurance mentality of planning and investing solely to recover from disasters; instead placing the investment emphasis on end-to-end digital resilience and increased business agility.

Osborne concludes: “Embracing the relentlessness of technological change is a prerequisite for businesses wishing to grow. Yet in doing so they also introduce new risks, new competitors and heightened customer expectations.

They have to be connected and protected. They have to be always on. And they have to have an agile workforce. But, more than ever today, they have to ensure that all of their inter-dependent digital components are seamlessly joined up, available and when necessary, recoverable.

In short, whether triggered by disaster or not, when one component stops working, the others kick-in to support the whole. That is what ‘Continuum’ is all about.

Daisy are Platinum Sponsors of the BCI World Conference where you can visit them on Stand 47 to find out more about ‘Continuum from Daisy’. The BCI World Conference and Exhibition takes place on the 8th and at the Novotel London West Hotel. The largest business continuity conference and exhibition in the UK, BCI World has a packed programme as well as an exhibition hall promoting all the BC products and services you need.

The Business Continuity Institute - Nov 08, 2016 00:01 GMT

Ineffective management of supply chains is leaving organizations open to severe disruptions and the high financial costs incurred as a result

CAVERSHAM, UK – One in three organizations has experienced cumulative losses of over €1 million during the last year as a result of supply chain disruptions. That is according to a report published today by the Business Continuity Institute and supported by Zurich Insurance Group.

The report showed that, despite a decrease in the percentage of organizations that experienced at least one disruption (70% from 74%), those organizations suffered more of them, with the percentage of organizations that experienced at least eleven disruptions during the year increasing from 7% to 22%.

The increased cost of disruption could be attributed to significant increases in the loss of productivity (68% up from 58% in 2015), cost of working (53% up from 39%) and damage to brand or reputation (38% up from 27%), all as a result of supply chain disruptions. 43% of organizations do not insure these losses meaning that they are bearing the full brunt of the cost themselves.

Arguably one of the reasons for the increase in the number of disruptions for many organizations is that fewer of them are maintaining adequate visibility over their supply chain, with the percentage of organizations that do so decreasing from 72% in 2015 to 66% this year. This could have major consequences when it comes to managing the supply chain and ensuring that disruptions are minimised.

The report concludes that ensuring supply chain visibility remains one of the biggest challenges to organizations with the data showing increased dependencies between suppliers and downstream organizations, reinforcing the need for organizations to understand their supply chain in more depth, identify key suppliers and improve reporting of disruptions.

The report also highlights that top management commitment is required in driving supply chain resilience and performance. The findings affirm how leadership input can significantly influence good practice and help build an appropriate organizational culture and structure.

Other findings of the report include:

  • 41% of disruptions occur with the immediate supplier, compared to 50% last year, however 40% of respondents report that they do not analyse the source of disruption.
  • The percentage of organizations reporting losses in excess of €1 million from a single incident remains static at 9%.
  • Unplanned IT and telecommunications outage remains the top cause of disruption with loss of talent/skills moving up to 2nd place from 6th in 2015. The remaining members of the top five causes of disruption were outsourcer failure, transport network disruption and cyber-attack/data breach.
  • The top five consequences of disruption are loss of productivity, increased cost of working, customer complaints received, service outcome impaired and damage to reputation/brand.
  • Only a little over a quarter of respondents (27%) report high top management commitment to supply chain resilience, a worrying decrease from 33% last year.
  • Just under three quarters of respondents (73%) report having business continuity arrangements in place to deal with supply chain disruptions.

Patrick Alcantara DBCI, Senior Research Associate at the BCI and author of the report, commented: “Our study reinforces observations about the growing cost of supply chain disruptions and its negative impact on an organization’s reputation. More than ever, it is important to focus on supply chains, identify areas of risk, and deploy appropriate arrangements which increase resilience. Business continuity has an essential role to play in this. Our research abundantly shows how business continuity professionals, working with their supply chain counterparts, can build supply chain resilience and direct management efforts in this area.

Nick Wildgoose, Global Supply Chain Product Leader at Zurich Insurance Group, commented: “Adequate supply chain resilience is a prerequisite for improving organisational performance. You need senior management support to achieve this, in terms of breaking down the organisational silos and providing appropriate resources. The businesses that invested in this area have recognised there is a compelling business case to do this and are seeing the benefits.

For the last eight years, the BCI Supply Chain Resilience Report in partnership with Zurich Insurance Group has provided valuable insight into supply chain disruption and benchmarked the business continuity arrangements of organizations in this area. It has also demonstrated how specific key behaviours reinforce good practice and build an organizational culture contributing to supply chain resilience and performance.

Download a copy of the Supply Chain Resilience Report by clicking here.

About the Business Continuity Institute

Founded in 1994 with the aim of promoting a more resilient world, the Business Continuity Institute (BCI) has established itself as the world’s leading Institute for business continuity and resilience. The BCI has become the membership and certifying organization of choice for business continuity and resilience professionals globally with over 8,000 members in more than 100 countries, working in an estimated 3,000 organizations in the private, public and third sectors.

The vast experience of the Institute’s broad membership and partner network is built into its world class education, continuing professional development and networking activities. Every year, more than 1,500 people choose BCI training, with options ranging from short awareness raising tools to a full academic qualification, available online and in a classroom. The Institute stands for excellence in the resilience profession and its globally recognised Certified grades provide assurance of technical and professional competency. The BCI offers a wide range of resources for professionals seeking to raise their organization’s level of resilience, and its extensive thought leadership and research programme helps drive the industry forward. With approximately 120 Partners worldwide, the BCI Partnership offers organizations the opportunity to work with the BCI in promoting best practice in business continuity and resilience.

The BCI welcomes everyone with an interest in building resilient organizations from newcomers, experienced professionals and organizations. Further information about the BCI is available at www.thebci.org.

About Zurich Insurance Group

Zurich Insurance Group (Zurich) is a leading multi-line insurer that serves its customers in global and local markets. With around 55,000 employees, it provides a wide range of general insurance and life insurance products and services. Zurich’s customers include individuals, small businesses, and mid-sized and large companies, including multinational corporations, in more than 170 countries. The Group is headquartered in Zurich, Switzerland, where it was founded in 1872. The holding company, Zurich Insurance Group Ltd (ZURN), is listed on the SIX Swiss Exchange and has a level I American Depositary Receipt (ZURVY) program, which is traded over-the-counter on OTCQX. Further information about Zurich is available at www.zurich.com.

Bullish IT decision makers are migrating their data to the cloud in record numbers. But in their enthusiasm, are they also underestimating the magnitude of the challenges that lurk over the horizon?

Until now, any such concern hasn’t slowed down the momentum of cloud adoption. Lingering holdouts are moving off the sidelines in droves to engineer the cloud-based digital transformation of their operations. Nowadays the argument that the cloud should be an essential part of an enterprise’s business model isn’t controversial; it’s the conventional wisdom.

But at the same time, many companies still struggle to prepare for a range of potential obstacles they will need to hurdle when it comes to building digital organizations. For example, when Gartner surveyed IT professionals in 30 nations, it found that most IT departments remain unprepared for sundry digital business challenges.

...

http://mspmentor.net/cloud-services/don-t-get-caught-unprepared-meet-cloud

As recent as last week, the California DMV suffered a 17 hour power outage which shut down business for two days across most sites. Many companies are unprepared for business disruptions caused by power outages, and are often unaware of the true costs and impact on their operations.

For added business continuity safeguards, take advantage of disaster recovery workspace and multi-data center platforms to ensure complete nationwide redundancy of IT systems.

...

http://www.cyrusone.com/blog/avert-disaster-dont-get-left-dark/

(TNS) — As the one-month anniversary of Hurricane Matthew's brush with Volusia and Flagler counties approaches on Monday, more than $18 million in assistance has been provided to residents and businesses through two federal programs.

Local and federal agencies are reminding businesses, non-profits and local governments that a variety of assistance is available, but at least one application deadline is quickly approaching.

So far, FEMA has provided more than $11 million to Florida homeowners and renters who have registered for help after Hurricane Matthew.

...

http://www.emergencymgmt.com/disaster/Help-available-for-disaster-recovery-for-businesses-non-profits.html

Three years after Target missed alerts warning them about a massive data breach, the amount of threat information coming in from security systems is still overwhelming for many companies, according to new reports, due to a lack of expertise and integration issues.

Seventy percent of security pros said that their companies have problems taking actions based on threat intelligence because there is too much of it, or it is too complex, according to a report by Ponemon Research released on Monday. In particular, 69 percent said that their companies lacked staff expertise. As a result, only 46 percent said that incident responders used threat data when deciding how to respond to threats, and only 27 percent said that they were effective in using the data.

"There's too much data to really make sense of if you have a limited resource staff of security operations center analysts or threat analysts," said Travis Farral, director of security strategy at Anomali, which sponsored the report. "It can be overwhelming to sit and figure out which of these 100,000 things to look at first."

It takes a special kind of person to be able to do this, he added.

...

http://www.csoonline.com/article/3138003/security/flood-of-threat-intelligence-overwhelming-for-many-firms.html

By Jeff Ton, EVP of Product & Service Development at Bluelock

Ton JeffOver the past few years, the cloud computing marketplace has grown exponentially. Spending on cloud services has increased and the industry has grown more than traditional IT, and it only continues to move in that direction.

While many cloud computing organizations see these rising industry trends as a positive outlook for the future of their business, at Bluelock, we realized that such fast growth in the market was going to create some major challenges for us in the future — good challenges that we were excited about, but obstacles to overcome, nonetheless.

Bluelock began to evaluate the playing field and came to the conclusion that, in order to continue our growth as intended, we needed to carve out a niche for ourselves and hone our expertise in a smaller segment of the marketplace. While competition in an industry often means you're doing something right, setting yourself apart from competition is key when it comes to major growth and establishing industry authority.

To establish our niche, we didn't simply sit down one day and announce, "From this point forward, Bluelock's niche is fill-in-the-blank." Instead, we took a look at our clients, to whom we were providing quality IT service, and asked ourselves, "Where are we offering up the most value? What problem are we solving for them that they can't find anywhere else?"

The importance of finding a niche in the market came to light for the Bluelock team while I was actually still in leadership at Goodwill Industries of Central Indiana. Like any business in today's day and age, Goodwill had been needing a backup and disaster recovery solution for our data. As a nonprofit company with a tight budget and a small IT staff, we had been spending a lot of money on a service that required several of our key administrators to be frequently off-site for testing, patches or updates to our recovery systems.

While our first year and initial tests with a traditional DR plan had been successful, the next year, we experienced changes in personnel which added two additional months of preparation for recovery tests. The year after that, the same thing occurred, leaving our Goodwill team straddled between two different working environments and unable to work on other strategic initiatives that were key to the business's growth.

When Goodwill came to Bluelock, the Bluelock team was able to provide us with Disaster-Recovery-as-a-Service (DRaaS) that could be administered by an IT professional, was compatible with VMware environments and allowed for scalable automated performance. By switching from a physical DR solution to a DRaaS solution with Bluelock, we saved $25,000 — a significant sum when you're in the nonprofit sector.

Through working with clients like Goodwill and many others, the Bluelock team learned that their unique selling point was also their niche — affordable DRaaS services that help free up IT teams to do the work that truly matters. Since my transition from my role at Goodwill to my current role at Bluelock, I've truly seen a continued emphasis on surveying clients and honing in on their greatest impacting solutions. Through this focused attention, we've established our niche in a market where differentiation is the key to survival.

If you're considering shifting your organization into more of a niche-driven business, there are a few questions you should ask yourself:

Is there an element of our business that customers and clients gravitate towards?
Think about your different product or service offerings. If there's one that clients and customers buy or request more often than the others, that's a good place to start. Unfortunately, your most popular product or service is not always the product or service you want to spend your time working on. Try not to let any personal bias get in the way of the hard numbers and facts when it comes to deciphering your niche.

Is your most popular product or service also your most expensive?
If so, it may make focusing on that particular niche easier. However, you need to look at the competition. Is your offering at a price point that is equivalent to your competitors? If not, you need to understand why. Can you articulate clearly the value difference between your product and the others in the market? Is it a market being commoditized? If so, you may need to consider offering a more commoditized version in addition to your premium version.

Even if the product or service is not among your most expensive, you will need to address the competition question and the market questions. If the market for the product or service truly is becoming commoditized, you have to ask if you can still be profitable in that segment as you scale. In the end, you have to answer "do I want to be the Walmart or Nordstroms in this space", both successful, but entirely different markets.

Does your niche align with the overall vision, goals and values of your organization?
Carving out our niche in DRaaS made sense for us at Bluelock for many reasons, but one of the main reasons was because it fully aligned with where we were headed and wanted to go as a company. Keep your long-term vision in mind when selecting a niche and unless you've done heavy research and planning, don't select a niche out of left field.

Once you've landed on your niche, or at least what you think your niche might be, test it. By focusing on a smaller segment of the market, you might open the flood gates to more business, or you might find that business is drying up and it's time to pivot once again. Either way, focus on providing as much value as possible to your clients and customers and you'll set yourself apart in a saturated market.

Wednesday, 09 November 2016 00:00

Four Ways to Simplify Your Performance Management

Using the newly released SteelCentral solutions

I don’t know if you’re like me, but twice year—spring and fall—I declutter. I go through my closets, garage, and basement and clean up, donate, give away, recycle, and throw away everything that no longer belongs. For example, I donate clothes that no longer fit, I haven’t worn in a year or more, or I just don’t like any more. It’s liberating.

Riverbed SteelCentral has had a fall cleaning of sorts, only it’s much, much bigger and better than my annual fall cleaning. We’ve consolidated and integrated several products. Actually, we’ve rebuilt several of them from the ground up, and that is going to allow you to simplify your performance management significantly.

...

https://www.riverbed.com/blogs/four-ways-to-simplify-your-performance-management.html

Tuesday, 08 November 2016 00:00

Office 365, at Warp Speed

Beam me up Scotty, the Internet is so slow on this insurgent planet I can barely make any headway on this SharePoint presentation that I am collaborating on with my crew. That crazy transporter, and those crazy little flip communicators. I was always filled with wonder watching the Star Trek crew materialize out of thin air. One second about ready to get pummeled by some wild interplanetary beast, then the next second transported back on the starship with Captain Kirk making a beeline to the cocktail lounge and understandably so, having your molecules optimized like that must have been a tad uncomfortable.

Although the transporter is something that has not made it mainstream, those little flip communicators are now part of our everyday lives. There were plenty of intermittent problems with those communicators over the course of the show however. Transport to 2016, the reality of our current world is that we transport data (and lots of it) over our own galaxy, also known as the internet and just like the problems with those communicators, we have plenty of issues transporting voice and data communications over distances.

...

https://www.riverbed.com/blogs/office-365-at-warp-speed.html

Monday, 07 November 2016 00:00

Cookbook for Successful Cloud Adoption

There is a fundamental change in thinking that's needed if you want to succesfully adopt the cloud. What is it and how do you make it happen? Let's find out...

In my last blog, I talked about cloud being the forcing function to break down silos in IT. It’s an aspiration for any organization—and I speak from experience. To reiterate, cloud agility and cloud workflow will leave you in the dust if you are not ready. The business units have the ability to completely circumvent traditional IT when it comes to adopting cloud workflows. So, it’s keep up or die. The good news is that technology and ease of use in the form of SD-WAN is finally here. The days of banging away on keyboards to make the change are gone.

...

https://www.riverbed.com/blogs/cookbook-for-successful-cloud-adoption.html

I’d like to imagine that one day my grandkids will be reading about artificial intelligence (AI) in their digital history books or via cranial implants or whatever the equivalent is in the future. Just few chapters after Newton’s apple or Apollo 13, they’d scour details about the early days of AI. Future generations will likely look back at early AI efforts with a wiser, aged perspective. Because, and let’s not lie: making AI commonplace will take a lot of work. And nobody will feel this pressure more than IT’s back-end folks.

First, consider the scale of this new era, which, by the way, is upon us now. Gartner has ranked AI among 2017’s top strategic trends. In everything from self-driving cars to virtual assistants, AI will have an increasingly important role. But it’s not only consumers who will be affected. Gartner also believes 50% of all analytics in 3-5 years will be AI-powered. Any decision that requires business intelligence can benefit—that’s certainly plenty of enterprise use cases! Just look at customer service, where businesses can use natural language processing to facilitate better interactions, and also analyze user patterns to create better customer profiles. There’s also talk of enterprise resource planning (ERPs) solutions, the most legacy of applications, being revolutionized and rendered more efficient. And while I believe near-term AI efforts will focus on “augmentation” rather than pure “replacement” of business decisions, it’s critical for businesses to look beyond just the near-term.

...

https://www.riverbed.com/blogs/artificial-intelligence-future-depends-on-SD-network-IT.html

When hackers breached the networks of Kansas Heart Hospital in Wichita last May, locked data files and demanded payment for decryption keys, hospital administrators decided it most expedient to just buy some Bitcoin, pay the modest ransom and get the facility back to work.

But after paying off the perpetrators of the May 18 ransomware attack, the criminals released only part of the records, then demanded more money for the rest.

...

http://mspmentor.net/technologies/don-t-pay-ransomware-hackers-kaspersky-lab-says

Product recalls can go one of two ways. In the first, worst-case scenario, a product is determined to be dangerous or defective; its manufacturer ignores or reacts sluggishly to the issue; people are unnecessarily put at risk; and consumer trust is irreparably damaged. In the best-case alternative, meanwhile, the manufacturer assumes responsibility; takes quick action; and minimizes harm to both consumers and its reputation alike.  What one thing can ensure that your company ends up in the latter category, not the former? A product recall communication plan.

Product Recalls on the Rise

While product recall problems are not exactly new, they’re rising in number. So why don’t companies have plans in place to deal with them when they arise? As a Harvard Business Review article on recall management pointed out more than a decade ago, “In the frenzy of a product launch, the last thing most managers think about is how to get a new product back if something goes wrong.”

Unfortunately, things can and do go wrong—to the tune of 6.5 recalls a day in this country, according to USA Today.  And when they go wrong in our digital, social era, they do so in a far more catastrophic way than they did 50 or 20 or even 10 years ago.

...

http://blog.sendwordnow.com/does-your-business-have-a-product-recall-communication-plan-in-place

The Business Continuity Institute - Nov 04, 2016 15:41 GMT

When it comes to assessing an organization’s ability to recover from a disaster, a significant disconnect exists between C-Suite executives and IT professionals. While nearly 7 in 10 CEOs, CFOs or COOs feel their organization is very prepared to recover from a disaster, according to a study by Evolve IP, less than half of IT pros (44.5%) are as confident.

The Disaster Recovery and Business Continuity Survey found that DR compliance was a clear driver of confidence in the ability to recover IT and related assets in the event of an incident. In fact, 67% of respondents in banking, 58% in the government sector and 55% at technology companies feel very prepared. Of these, DR compliance was noted as a requirement by 97%, 73.5% and 71% respectively. The healthcare industry remains an outlier however: despite a high percentage of respondents noting DR compliance requirements (89%), just over half of respondents at healthcare organizations feel very prepared to recovery from an outage or incident.

The report also highlights that organizations need to expect the inevitable as approximately one third (33%) of companies reported having suffered from at least one incident or outage that required disaster recovery. Hardware failure / server room issues remain the leading cause of an outage, reported by 48% of respondents.

Deliberate attacks being the cause of an incident or outage were cited twice as often compared to the 2014 survey. This year, 13% of respondents noted attacks as the cause of an outage, up from 6.5%, while other top causes include power outages (28%), environmental disasters (25.5%) and human error (19%).

It is perhaps the reality of the threat, as experienced by the IT professionals, that have consistently placed cyber attack, data breach and IT/telecoms outage as the top three concerns for business continuity professionals according to the Business Continuity Institute's Horizon Scan Report.

In the years Evolve IP has conducted the survey, we’re assured by the fact that companies are becoming increasingly aware of the need to protect critical business assets from a major outage: malicious or unintentional, human error, hardware failure or a natural disaster,” said Scott Kinka, Chief Technology Officer and Founding Partner of Evolve IP. “More companies are avoiding risky backup policies considered “good enough” in years past, using backup tape or replicating data to a secondary mirror site less than 50 miles from their main data center, for instance. Instead, we’ve seen notable growth in the number of companies developing a disaster recovery plan and educating themselves to the benefits of new DR approaches like DRaaS.

By Liz Bardetti

Extensive preparations were made in the wake of Hurricane Matthew, and many victims are still suffering from this natural disaster. The storm was labeled a Category 3 hurricane, meaning winds reached nearly 130 mph, causing significant damage. Hurricane Matthew took the lives of 500 people in Haiti, and at least 22 known victims in the U.S. There is still substantial flooding throughout Florida, Georgia and both Carolinas, with thousands of people still without power.

The nation watched the disaster of Hurricane Matthew unfold, and many people are trying to find ways to help the victims. As an employer, you have the ability to bring your employees together and help support the victims in need. The main steps to remember when trying to find ways your team can give back to Hurricane Matthew victims are to realize money is the best donation for this circumstance, do your research and keep on giving.

Give Cash via a Payroll Deduction Campaign (and match it!)
It’s important for people to note that they should resist the urge to go to the disaster site. It’s dangerous to go into the aftermath, and people rushing to the site can cause problems. If everyone decides to go to the disaster site it will cause traffic, also noting that gasoline supplies in the area are already hindered.

Instead of immediately offering physical volunteer help (which will be needed at a later time, after everything has cleared), encourage your team to offer monetary donations. Food, clothing and supplies are all generous donations, however, volunteers will have to divert their attention to sort through supplies. Monetary donations are flexible and available for use immediately upon the disaster. A small contribution from everyone on your team can make a big difference to someone who has lost their home or is suffering from medical issues. As an employer, you can double or even triple the contributions using our corporate philanthropy software.

For example, the Bristol-Myers Squibb Foundation partnered with organizations to provide relief and support to the impacted communities using corporate philanthropy software. The Foundation is using their employee giving program to match gifts made to disaster relief programs in aid of Hurricane Matthew victims. See how these internal portal pages align employees with their employers to make a bigger impact.

Do your research
The shared value your employees can create with your leadership needs to be properly accounted for and go to an organization that is really helping.  Following Hurricane Sandy, many donations were sent to disaster relief scams. You can contact the Better Business Bureau, or simply head to their website, and determine if an organization is legitimate. Below is a list of some credible organizations already assisting with the Hurricane Matthew efforts:

There are many other credible organizations out there, and to make the process easier many employers are turning to corporate philanthropy software. To make the most of your team’s giving resources, it’s easiest to have a platform in which team members can contribute uniformly.

For instance, the Anthem Cares Fund has teamed up with the American Red Cross in response to this time of need. Anthem associates have been donating through the Associate Giving Program that CyberGrants offers, and donations are 100% matched!

CyberGrants offers a user-friendly platform in which team members can donate specifically for Disaster Relief. Your team can donate to Hurricane Matthew efforts within minutes. CyberGrants also offers real-time giving to your team, so you can each submit monetary gifts via PayPal and give money straight to an organization’s bank account!

Keep on giving ... and giving ... and giving!

Hurricane season started in May, and continues through November. This year is expected to be one of the most active hurricane seasons due to warmer sea surface temperatures around the world. As there may be more hurricanes for the Caribbean and Southeastern United States ahead, your team can help make an impact by continuing to give.

CSR Software can be helpful when trying to improve team contribution. CyberGrants offers a mobile optimized platform, which can be personalized and improves employee participation. Features include Matching Gifts, Payroll Campaign (can pull “selected amount” from paycheck on a recurring basis, or can be a one time deal), and even searching events that your team could participate in once the disaster of Hurricane Matthew has cleared.

Hurricane Matthew has taken a great toll on the Southeastern United States and the caribbean, and it’s important for these victims to receive the assistance they need. It’s necessary that before you jump right into something that you may not intend, its best to remember: give cash, do your research, and keep on helping.

About Liz Bardetti:
Seasoned advertising and marketing professional with 15+ years experience, including work for Gatorade, Welch’s and most recently, CyberGrants. CyberGrants is the preferred CSR software provider to the best philanthropic corporations around the globe. Our clients represent over 50% of the Fortune 100 and nearly one-third of all corporate giving. In the last twelve months alone, CyberGrants helped 250 customers give $6.5 billion plus more than 50 million volunteer hours to over 400,000 non-profit organizations.

Thursday, 03 November 2016 00:00

Rethinking Security – Never Assume

I’ve been thinking back on my conversation with a cybersecurity pro named Stuart that I covered earlier in “The Frightening State of Unseen Security Breaches,” and his approach to not just protect the file and email servers but wrap everything with monitoring. The one thing that I’ve seen kill companies over and over again -- the thing he was addressing -- is the assumption that everything you aren’t looking at is OK. It actually cost me a job once.

We can actually see assumptions working against the presidential candidates as I write this. Someone in Hillary Clinton’s camp evidently thought a way around a disclosure demand was to use their husband’s computer, and Donald Trump seems to assume that what is said “off the record” is off the record. Had either of these assumptions not been made, the race for the White House would be very different at the moment.

What made Stuart’s approach with Varonis unique is that he wasn’t assuming anything; he created a solution that was comprehensive enough that he never has to. And I think there is an important lesson here that I’ve learned a number of times.

...

http://www.itbusinessedge.com/blogs/unfiltered-opinion/rethinking-security-never-assume.html

Data is the lifeblood of business. So a slow data transfer rate makes it harder to analyze, back-up, and restore data. Many organizations have to battle data latency on a daily basis, hampering their ability to deliver new digital products and services, be profitable, handle customer relationships, and retain operational efficiency. Data latency is a serious business issue that needs to be addressed. In contrast, network latency is a technical issue; but they both correlate with each other.

...

http://www.datacenterknowledge.com/archives/2016/11/03/reduce-data-network-latency-others-fail/

What does it take to keep your clients' information and infrastructure safe today? Part of the answer involves understanding "dumb" cybersecurity threats, meaning those that don't rely on sophisticated hacks to steal data or take control of devices.

In the popular imagination, the malicious hackers who wreak havoc on computer networks and data are unshaven geniuses. They invent brilliant, sophisticated solutions for defeating the mechanisms that are supposed to keep information safe.

...

http://mspmentor.net/technologies/cybersecurity-today-keeping-clients-secure-dumb-hackers

The man in question is Nassim N. Taleb. He coined the term “black swan” in risk management to describe events that are unforeseeable, even highly unlikely, yet that happen and in doing so change the course of history.

World War One was such a Black Swan; so was the arrival of the Internet. Now, Nassim Taleb may not have looked at the specific case of IT risk management, but observations he made with his colleagues Daniel Goldstein and Mark Spitznagel carry over well from the general to the particular.

...

http://www.opscentre.com/risk-management-seen-man-black-swan/

Thursday, 03 November 2016 00:00

An Urgent Need – Deep Learning In The C-Suite

A character in Ernest Hemingway’s novel The Sun Also Rises is asked “how did you go bankrupt?”, he replied, “gradually and then suddenly”. Just the same, many C-Level executives become irrelevant in the age of smart machines “gradually and then suddenly”.  The pace of technology advancement, propelled by boundless low cost computing and storage resources, is accelerating at a velocity that far surpasses previous decades. This rapid advancement in technology is instigating change across many, if not all, corporate functions, from sales to operations. Smart machines are progressing from early stage infancy to adolescence, promising to take the place of not only the labor force population that performs routine jobs, but also knowledge workers – a segment of the workforce that has historically been immune from such disruption.

The potential benefits of technology acceleration are now becoming evident in our everyday lives. We need to look no further than our highways and financial institutions. Uber just completed its first self-driving truck shipment that included 50,000 cans of Budweiser. Bank of America just announced their introduction of an artificial intelligence-based chatbot named Erica, that has both cognitive and predictive analytics capabilities to help customers pay debt, check balances and save money.

A responsible C-Suite leader has an obligation to understand the bearings the smart machine era will likely pose to their business and workforce.  Ignoring or avoiding the tidal wave of change may very well be the ultimate career limiting move (CLM). Thus, C-Level executives should undergo deep learning. In general, a machine’s deep learning approach mimics how humans learn: First, by ingesting general concepts and then by using experiences (data), cultural surroundings and training to build knowledge and insight over time. Through employing some of the principles used in deep learning, the modern executive can remain relevant and ultimately, gainfully employed in the smart machine age.

...

http://www.enaxisconsulting.com/an-urgent-need-deep-learning-in-the-c-suite/

Thursday, 03 November 2016 00:00

The Data Center in the IoT Era

The Internet of Things is poised to make major changes to enterprise infrastructure, not only to deal with staggering volumes of information but to foster the dynamic connectivity to, from and between legions of digital devices.

While much of the load will be handled by dedicated analytics engines and so-called “data lakes,” the impact will be felt on the traditional data center as well, given that the insights gleaned from all this information must be incorporated into ongoing digital processes.

So exactly how will the data center need to evolve in the IoT era?

...

http://www.itbusinessedge.com/blogs/infrastructure/the-data-center-in-the-iot-era.html

COLUMBIA, S.C. (Saturday, Oct. 29) — Following initial application review by the Federal Emergency Management Agency (FEMA), South Carolina survivors who have applied for disaster assistance will receive a “letter of eligibility.” Applicants may be told they are eligible for disaster assistance or that they have been determined ineligible.

If you are eligible, the letter explains the amount of your grant and how it is to be used. If the letter says you are ineligible, the grant amount reads “0”, but in many cases that is not the last word.

FEMA officials in South Carolina report that the most common reasons for denial of assistance in Hurricane Matthew are:

  • Insufficient storm-related damage to affect the habitability of the damaged home. FEMA will provide assistance to assure your home is habitable – that it is safe, functional and sanitary.
  • Survivors have chosen to remain in their damaged homes while repairs are being made. In these cases they may be eligible to receive assistance for repairs, but are ineligible for housing assistance.
  • Duplication of applications. Two people (husband and wife, for example) have applied for assistance for the same damaged home. Only one application per household is allowed.

A letter may indicate your application is missing information such as verification of occupancy or proof that the damaged property was your primary residence at the time of the Hurricane Matthew storms and flooding that began Oct. 4, 2016.

If you are instructed, you can simply submit missing documentation to FEMA online, by mail or fax, or by visiting a Disaster Recovery Center (DRC). You can find the location of the nearest DRC by visiting  DisasterAssistance.gov .

Applicants who do not receive a letter or who have questions about their determination of denial should call the FEMA Helpline at 800-621-3362 for an explanation, or visit their FEMA account at DisasterAssistance.gov.

A copy of “Help After a Disaster” will be included with your letter of determination. The booklet explains additional assistance that may be available to survivors and answers questions about filing an appeal.

Any applicant that has been denied assistance may file an appeal. Call the FEMA Helpline at 800-621-3362 or visit a DRC for more information about the appeal process. You can submit your appeal and the required documentation online at DisasterAssistance.gov.

In South Carolina, the “One SC Fund” supports and directs funds to nonprofit organizations providing disaster relief & recovery assistance. For more information, visit  yourfoundation.org/community-impact/one-sc-fund-sc-flood-relief/. Survivors in the state who need food, clothing, and shelter are urged to call 2-1-1, and for storm clean up to call 800-451- 1954.

For more information, visit the South Carolina Emergency Management Division at  scemd.org/recovery-section/ia .

All FEMA disaster assistance will be provided without discrimination on the grounds of race, color, sex (including sexual harassment), religion, national origin, age, disability, limited English proficiency, economic status, or retaliation. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-FEMA (3362). If you have a speech disability or hearing loss and use a TTY, call 800-462-7585 directly; if you use 711 or Video Relay Service (VRS), call 800-621-3362.

You can  receive weather alerts, safety tips and learn about disaster resources by downloading the free FEMA App, available for Apple, Android, and Blackberry mobile devices. Visit  fema.gov/mobile-app  for more information.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. Follow us on Twitter at  https://twitter.com/femaregion4 and the FEMA Blog at http://blog.fema.gov.

The SBA is the federal government’s primary source of money for the long-term rebuilding of disaster-damaged private property. SBA helps businesses of all sizes, private non-profit organizations, homeowners and renters fund repairs or rebuilding efforts and cover the cost of replacing lost or disaster-damaged personal property. These disaster loans cover losses not fully compensated by insurance or other recoveries and do not duplicate benefits of other agencies or organizations. For more information, applicants may contact SBA’s Disaster Assistance Customer Service Center by calling 800-659-2955, emailing This email address is being protected from spambots. You need JavaScript enabled to view it., or visiting SBA’s website at www.sba.gov/disaster. Deaf and hard-of-hearing individuals may call 800-877-8339.

Thursday, 03 November 2016 00:00

FEMA: By the Numbers

COLUMBIA, S.C. (Thursday, Oct. 27) – In the three weeks since Hurricane Matthew struck South Carolina spawning damaging storms and floods, the Federal Emergency Management Agency (FEMA) and U.S. Small Business Administration have approved more than $21.8 million in disaster assistance grants, loans and flood insurance payments.

As of the close of business Oct. 26, FEMA had approved $15.2 million through its Individuals and Households Program, and nearly $5 million in National Flood Insurance Program payments.

Additionally, the U.S. Small Business Administration has approved 42 low-interest disaster loans for

$1,670,500.

Survivors have until Dec. 13, 2016 to complete the FEMA application process. The State of South Carolina and FEMA encourage anyone with housing needs caused by the devastating storms and floods of Hurricane Matthew to register for disaster assistance.

  • Visit DisasterAssistance.gov.
  • Call toll-free 800-621-3362 (voice, 711 or video relay services) or 800-462-7585 (TTY). Lines are open daily until further notice.
  • Visit a Disaster Recovery Center (DRC) for help. Eight DRCs are operating in Orangeburg (2), Marion (2), Williamsburg, Dorchester, Horry and Florence counties. Representatives from FEMA, SBA and various state agencies are on hand to answer questions.

All FEMA disaster assistance will be provided without discrimination on the grounds of race, color, sex (including sexual harassment), religion, national origin, age, disability, limited English proficiency, economic status, or retaliation. If you believe your civil rights are being violated, call 800-621-3362 or 800-462-7585(TTY/TDD).

You can  receive weather alerts, safety tips and learn about disaster resources by downloading the free FEMA App, available for Apple, Android, and Blackberry mobile devices. Visit fema.gov/mobile-app for more information.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. Follow us on Twitter at https://twitter.com/femaregion4 and the FEMA Blog at http://blog.fema.gov.

The SBA is the federal government’s primary source of money for the long-term rebuilding of disaster- damaged private property. SBA helps businesses of all sizes, private non-profit organizations, homeowners and renters fund repairs or rebuilding efforts and cover the cost of replacing lost or disaster-damaged personal property. These disaster loans cover losses not fully compensated by insurance or other recoveries and do not duplicate benefits of other agencies or organizations. For more information, applicants may contact SBA’s Disaster Assistance Customer Service Center by calling 800-659-2955, emailing This email address is being protected from spambots. You need JavaScript enabled to view it. or visiting SBA’s website at  www.sba.gov/disaster. Deaf and hard-of-hearing individuals may call 800-877-8339.

According to the results of a recent survey of 1,072 security industry professionals, 73 percent of respondents admit they aren't using threat data effectively to pinpoint cyber threats.

The top reasons for that lack of effectiveness include lack of staff expertise (69 percent of respondents), lack of ownership (58 percent), and lack of suitable technologies (52 percent).

The survey, sponsored by Anomali and conducted by the Ponemon Institute, also found that just 46 percent of respondents are using threat data at all in deciding how to respond to malicious activity.

...

http://www.esecurityplanet.com/network-security/73-percent-of-security-pros-arent-using-threat-intelligence-data-effectively.html

(TNS) - On a March evening in 1933, the Newport-Inglewood fault ruptured violently along the Huntington Beach coast. The quake brought down scores of buildings from Santa Ana to Compton, with Long Beach hit particularly hard.

The Long Beach quake, the deadliest in Southern California history, focused attention like never before on the seismic dangers the region faces.

But a new study suggests that the quake may have been caused by another factor: Deep drilling in an oil field in Huntington Beach.

...

http://www.emergencymgmt.com/disaster/Southern-Californias-deadliest-quake-may-have-been-caused-by-oil-drilling-study-says.html

Wednesday, 02 November 2016 00:00

High Density Compute is Here; Are You Keeping Up?

The connected lifestyle is here, and whether you are reaching consumer or business users, the growth in the use of devices and data is staggering.  In the U.S., the number of devices and connections is expected to grow from 7.3 per person in 2015 to over 12 per person in 2020. Video continues to grow according to Cisco’s VNI with business internet video growing 4.2 fold between 2015 and 2020 reaching 4.8 exabytes, and consumer video 3.1 fold to reach 29.1 exabytes by 2020.  This will have a big overall impact on the data center as more than 83 percent of all data center traffic will be in the cloud by 2019.

To meet the rapid growth in data usage, high-density data centers will be critical in order to scale to support cloud, big data IT and new data-intensive technologies.  And since data centers are all about power and cooling, high density is how you maximize the usage of both of these.

...

http://www.datacenterknowledge.com/archives/2016/11/02/high-density-compute-keeping/

After you have spent the time needed to develop Business Continuity and Disaster Recovery plans, training and testing are your next steps. Training those who will use the plan, especially secondary resources who may not have participated in its development, is critical to the success of your efforts, as is the validation of the functional capability and accuracy of your plans.

Training for business continuity is used to familiarize people with the plan elements and processes, and to reinforce basic knowledge of the plan. Having a team well versed in the initial steps of the BC/DR plan will help to ensure an effective and early response. Regardless of how you implement training and testing, there are specific elements that must be covered:

...

https://www.mha-it.com/2016/11/training-for-business-continuity/

SAVANNAH, Ga. – Georgia disaster survivors who suffered damage or loss from Hurricane Matthew and were referred to the U.S. Small Business Administration could lose some income-based FEMA grants if they don’t complete and submit SBA’s loan application.

FEMA’s Other Needs Assistance grants may cover uninsured losses for furniture, appliances and other essential personal property, even vehicles. Survivors will not be considered for this type of assistance unless they complete and return the SBA loan application. The information on the application is used to determine eligibility for income-based assistance.

Disaster survivors in Bryan, Bulloch, Chatham, Effingham, Evans, Glynn, Liberty, Long, McIntosh and Wayne counties are encouraged to register with FEMA and, if referred, complete and submit an SBA loan application, even if they don’t want a loan. The application is used to check eligibility for additional grants.

SBA is the federal government’s primary source of money for the long-term rebuilding of disaster-damaged private property. The SBA offers low-interest disaster loans to businesses, private nonprofit organizations, homeowners and renters.

Survivors should start the loan process as soon as possible, and those who qualify for an SBA loan are under no obligation to accept it.  If approved and the loan is not accepted, the survivor may be ineligible for additional federal assistance.

Submit an SBA loan application even if you are waiting for an insurance settlement. Survivors do not have to wait for an insurance settlement. A survivor’s insurance policy may not cover all the replacement, repair and rebuilding costs. A disaster loan is available to cover the difference.

To repair or help rebuild a primary residence, a homeowner may borrow up to $200,000 from SBA. Homeowners and renters may borrow up to $40,000 from SBA to replace personal property.

Businesses may borrow up to $2 million for any combination of property damage or economic injury. SBA offers low-interest working capital loans (called Economic Injury Disaster Loans)

to small businesses and most private nonprofit organizations of all sizes having difficulty meeting obligations as a result of the disaster.

Damage from Hurricane Matthew must have occurred Oct. 4-15. Survivors can register with

FEMA the following ways:

The filing deadline to return SBA loan applications for physical property damage is Dec. 16. The deadline to return economic injury applications is July 17, 2017.

For more information about SBA loans, call SBA’s disaster assistance customer service center at 800-659-2955, email This email address is being protected from spambots. You need JavaScript enabled to view it. or visit sba.gov/disaster. TTY users can call 800-877-8339.  Applicants may also apply online using the electronic loan application via SBA’s secure website at disasterloan.sba.gov/ela.

Disaster survivors may also visit any disaster recovery center where SBA customer service representatives can answer questions, help complete loan applications and close loans. For the nearest location go to asd.fema.gov/inter/locator/home.htm.

For updates on Georgia’s Hurricane Matthew response and recovery, follow @GeorgiaEMA and @FEMARegion4 on Twitter and visit gemhsa.ga.gov and fema.gov/disaster/4284.

Wednesday, 02 November 2016 00:00

The Frightening State of Unseen Security Breaches

I get a semi-regular update from Varonis on what it’s seeing in accounts, and this last briefing was particularly frightening. So much so that I asked to speak to one of the firm’s customers, which had uniquely moved its implementation of Varonis’ tool, from IT management and compliance and email and file servers, to every server the company had in order to assure compliance and catch breaches that other firms were missing.

What I think is particularly concerning is that breaches are now being identified that most companies aren’t even aware are happening. This suggests that a lot of you may be on the verge of a Yahoo-level event that may have actually already occurred. And, like Yahoo, once that kind of a breach is discovered, the whole “ignorance is bliss” thing that most firms seem to be operating on will be proven false.

Let’s talk about some of the discoveries.

...

http://www.itbusinessedge.com/blogs/unfiltered-opinion/the-frightening-state-of-unseen-security-breaches.html

Wednesday, 02 November 2016 00:00

CDC: Tips on Cleaning Mold After a Flood

IMG_1277_banner

moldReturning to your home after a flood is a big part of getting your life back to normal. But you may be facing a new challenge: mold. What can you do to get rid of it?  How do you get the mold out of your home and stay safe at the same time? CDC has investigated floods, mold, and cleanup, and offers practical tips for homeowners and others on how to safely and efficiently remove mold from the home.

In 2005, thousands of people along the Gulf Coast were faced with cleaning up mold from their homes after Hurricanes Katrina and Rita. One of our first concerns was to let homeowners and others know how they could clean up mold safely. After Hurricane Sandy in 2012, we teamed up with other federal agencies to provide practical advice on mold cleanup. This guidance outlines what to do before and after going into a moldy building, how to decide if you can do the cleanup yourself or need to hire someone, and how you can do the cleanup safely.

Prepare to Clean Up

It isn’t necessary to identify the type of mold in your home, and CDC doesn’t recommend routine sampling for mold. If you are susceptible to mold, there may be a health risk; therefore, no matter what type of mold is present, it needs to be removed.

Before you start any cleanup work, call your insurance company and take pictures of the home and your belongings. Throw away, or at least move outside, anything that was wet with flood water and can’t be cleaned and dried completely within 24 to 48 hours. Remember – drying your home and removing water-damaged items is the most important step to prevent mold damage.mold_infographicv3

Protect Yourself

We offer specific recommendations for different groups of people and different cleanup activities. This guidance educates people about the type of protection (think: gloves, goggles, masks) you need for different parts of your mold cleanup. It also identifies groups of people who should and should not be doing cleanup activities.

Be Careful  With Bleach

Many people use bleach to clean up mold. If you decide to use bleach, use it safely by wearing gloves, a mask, and goggles to protect yourself. Remember these four tips to stay safe:

  • NEVER mix bleach with ammonia or any other cleaning product.
  • ALWAYS open windows and doors when using bleach, to let fumes escape.
  • NEVER use bleach straight from the bottle to clean surfaces. Use no more than 1 cup of bleach per 1 gallon of water when you’re cleaning up mold. If you are using stronger, professional strength bleach use less than 1 cup of bleach per gallon of water.
  • ALWAYS protect your mouth, nose, skin, and eyes against both mold and bleach with an N-95 mask, gloves, and goggles. You can buy an N-95 mask at home improvement and hardware stores.

You can take steps to keep yourself and others protected while cleaning up mold after a flood. Make sure to follow CDC’s recommendations so you can return home safely.

Resourcesmold2

Every fall Forrester’s Security & Risk team comes together to make a set of predictions on the issues that will have the greatest impact on our clients in the next year. We don’t make broad, Nostradamus-like predictions like “There will be a breach at a large company in a great city.”  Instead, we go out of our way to make detailed predictions that force us to take strong stances, can easily prove wrong or right and are actionable by security and risk professionals. Before we provide a sneak peek into our 2017 predictions, it’s worth looking back and grading our 2016 predictions. 2016 was a particularly tumultuous year for cybersecurity. News agencies kept themselves busy as companies and public figures struggled with breaches, companies experienced embarrassing downtime and individuals felt their privacy rights slip away. The result? Cybersecurity has now vaulted from the boardroom to the Senate floor and to the Presidential debate stage. So how'd we do?

...

http://blogs.forrester.com/amy_demartine/16-11-01-grading_forresters_2016_cybersecurity_predictions_plus_a_sneak_peek_into_our_2017_predictions

Wednesday, 02 November 2016 00:00

BCI: The necessity of organizational buy-in

The Business Continuity Institute - Nov 02, 2016 09:37 GMT

In preparing to enter the business continuity industry, I could foresee that technological advances and organizational buy-in were going to be the greatest challenges for business continuity professionals. I interviewed at dozens of organizations across the United States before accepting a Business Continuity and Information Security position at one of the leading financial institutions.

I still firmly believe that organizational buy-in is paramount to a business continuity programme’s success. Lacking robust continuity plans will cause an organization to have difficulty recovering from an incident - if they can recover at all. By investing in business continuity professionals and programmes, an organization is providing the opportunity for thorough plans and recovery tactics. I have found that in my division, business continuity is heartily supported by senior management and that is essential to our success.

As a continuity planner, my job entails working with business areas to ensure they are meeting the continuity standards and requirements. Having a capable business continuity programme allows the business areas to understand and comply with the resiliency requirements. The business areas we support hold greater stock in our testing and resiliency requests knowing that senior management is backing our initiatives.

In my capacity working with both Business Continuity and Information Security I maintain that technological advances pose challenges for continuity professionals, though I concede that my views have changed based on my experience. While social media, the cloud, and virtualization are still very prominent challenges for organizations, I believe that automation of processes and appropriate and ethical use of access is of greater concern. Automated processes remove human error, though if systems are down, the business would need this issue resolved within their Recovery Time Objectives. Having manual workarounds in place to guarantee that recovery will be successful is imperative to ensure critical tasks are completed. Ethical and appropriate use of access can result in fines, legal issues, and public embarrassment. Ensuring that users are neither sharing passwords nor over-provisioning their access mitigates these risks.

While organizational buy-in is still a challenge for business continuity professionals, I am fortunate to be working in a division that has recognized the importance of this field, and encourages growth and understanding from its businesses. Our CEO has emphasized the importance of identifying and mitigating risk and as such seeks to limit human error and strictly control access. Interviewing at so many organizations throughout the country allowed me to see the varying emphasis companies place on business continuity programmes. As such, business continuity professionals may still need to fight for their place in an organization, though I hope that companies who are not fully invested in business continuity programmes are able to see the benefits of those who are leading their industries.

Tanya Fischer AMBCI currently holds a position as a Continuity Analyst at a financial institution in Eastern Massachusetts. As a Continuity Analyst, Tanya supports business continuity plans for numerous Business Units throughout North America and EMEA. Still fairly new to the field, she has an optimistic outlook for business continuity professionals! Tanya holds an MSc in Emergency Management with a concentration in Homeland Security from Adelphi University. Tanya was also an original contributor to the Business Continuity Institute's '20 in their 20s' publication.

Tuesday, 01 November 2016 00:00

FEMA: Help for Renters

COLUMBIA, S.C. – With so much attention given to businesses and homeowners, survivors who are renters may think they are not eligible for disaster assistance even though they suffered losses from the storms and floods spawned by Hurricane Matthew. But they are.

Like homeowners, renters must first register with the Federal Emergency Management Agency (FEMA):

  • Go online to DisasterAssistance.gov
  • Call toll-free 800-621-3362 (711, voice or video relay services) or 800-462-7585 (TTY). Lines are open daily from 7 a.m. to 10 p.m. until further notice.
  • Visit one of the nine Disaster Recovery Centers (DRCs) operating in Beaufort, Dorchester, Florence, Horry, Marion, Orangeburg and Williamsburg counties. Find the DRC closest to you at “Quick Links” on DisasterAssistance.gov. Representatives from FEMA, the U.S. Small Business Administration and various state agencies are on hand to answer questions.

Registering with FEMA is the first step toward qualifying for disaster assistance, which may include grants to help renters and homeowners pay for temporary housing, personal property replacements and other serious disaster-related needs not covered by insurance.

After registering with FEMA, renters may also be eligible for low-interest loans from the U.S. Small Business Administration (SBA). SBA offers such loans to businesses of all sizes, private non-profit organizations, and homeowners as well as renters. SBA loans to renters may cover the cost of repairing or replacing lost or disaster-damaged personal property.

For more information on SBA loans, call SBA’s Disaster Assistance Customer Service Center at 800 659-2955 or 800 877-8339 for TTY; email This email address is being protected from spambots. You need JavaScript enabled to view it.or visit  http://www.sba.gov/disaster. Applicants may also apply online at https://disasterloan.sba.gov/ela for the Electronic Loan Application on SBA’s secure website.

All FEMA disaster assistance will be provided without discrimination on the grounds of race, color, sex (including sexual harassment), religion, national origin, age, disability, limited English proficiency, economic status, or retaliation. If you believe your civil rights are being violated, call 800-621-3362 or 800-462-7585(TTY/TDD).

You can  receive weather alerts, safety tips and learn about disaster resources by downloading the free FEMA App, available for Apple, Android, and Blackberry mobile devices. Visit fema.gov/mobile-app for more information.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. Follow us on Twitter at https://twitter.com/femaregion4 and the FEMA Blog at http://blog.fema.gov.

The SBA is the federal government’s primary source of money for the long-term rebuilding of disaster- damaged private property. SBA helps businesses of all sizes, private non-profit organizations, homeowners and renters fund repairs or rebuilding efforts and cover the cost of replacing lost or disaster-damaged personal property. These disaster loans cover losses not fully compensated by insurance or other recoveries and do not duplicate benefits of other agencies or organizations. For more information, applicants may contact SBA’s Disaster Assistance Customer Service Center by calling 800-659-2955, emailing This email address is being protected from spambots. You need JavaScript enabled to view it., or visiting SBA’s website at   www.sba.gov/disaster. Deaf and hard-of-hearing individuals may call 800-877-8339.

BSI has launched BS ISO 37001, ‘Anti-bribery management systems: requirements with guidance for use’, a standard to aid the prevention and detection of bribery in organizations.

BS ISO 37001 assists organizations with turning the legal requirements of the 2010 UK Bribery Act into practical measures, by providing guidance on how to put the right controls in place. The standard sets out the requirements for an organization or business looking to set up a management system to prevent and detect bribery within an organization – and how to confront bribery should it arise.

Managing the risks posed by bribery is high on the agenda of many organizations globally. BS ISO 37001 covers the many forms of bribery which can damage an organization, including bribery of individual personnel; bribery of the organization by another party; bribery by the organization itself; and indirect bribery from a third party.

The standard provides a system for organizations to use to avoid funds being misappropriated, and safeguards against projects being undermined and not carried out with due diligence. Critically, BS ISO 37001 sets out how to maintain an effective anti-bribery system once it is in place, and reviewing and improving these safeguards periodically.

Anne Hayes, Head of Market Development for Governance and Resilience at BSI, said: “In a 24 hours news cycle, any association with bribery can be fatal for the reputation of an organization. It’s critical for public and private sector organizations to be seen to have a strong system of leadership in place to weed out corruption, root and branch. BS ISO 37001 is a tangible way for organizations of all sizes to demonstrate to their employees, suppliers and the public at large that they are managed with integrity and have the necessary safeguards in place to tackle bribery if it arises.” 

Should an organization fall foul of a bribery scandal by a rogue employee, BS ISO 37001 can be used to demonstrate to clients and contractors that the organization is committed to a comprehensive anti-bribery policy.

www.bsigroup.com

According to some sources, only 10% of any business strategy plans are ever effectively implemented.

With IT becoming more closely aligned with business, it seems that statistic might apply to IT strategy too. If this prediction sounds just too gloomy, chin up because there could be a silver lining to the cloud of despondency that is fast settling upon you.

You can increase your chances of getting into that fortunate 10% (those whose strategy plans give results), by avoiding the IT planning mistakes that follow.

...

http://www.opscentre.com/4719-2/

The recent hacking of software vendor Continuum sent shockwaves through the managed service provider (MSP) community and raised prickly questions about who’s liable when cyberattackers breach toolsets and gain access to the networks of MSPs and their clients.

In the Continuum attack – revealed to partners in early August and more broadly this month – hackers breached a legacy IP scanner tool, resulting in unauthorized administrative superuser accounts being created inside the networks of an undisclosed number of MSP customers.

...

http://mspmentor.net/msp-mentor/vendors-or-msps-who-should-pay-when-hackers-strike

To help security and risk professionals navigate the complex landscape of privacy laws around the world, Forrester created a data privacy heat map that highlights the data protection guidelines and practices for 54 different countries. Earlier today, we published the 2016 version to the tool, as well as a free version with access to only the U.K. and U.S. ratings. We have updated the map every year since it’s initial publication in order to keep pace with the constantly-evolving landscape of global data privacy laws.
 
As we roll out the 2016 update and reflect back on the past 5 years of annual assessments, three high-level trends emerge:
...
Tuesday, 01 November 2016 00:00

4 Essential IoT Security Best Practices

Securing the Internet of Things is an especially hot topic right now thanks to some bad botnets -- and, of course, some major IoT vulnerabilities.

This month the Mirai botnet waged the world's largest DDoS attack in history against Dyn, a major domain-name server. The attack wreaked havoc across the entire internet, taking down major sites, gaming networks and other online services over the course of three massive waves throughout the day before Dyn was finally able to beat the hackers back.

...

http://www.esecurityplanet.com/network-security/4-iot-security-best-practices.html

Tuesday, 01 November 2016 00:00

Cyberattacks a Growing Threat for Healthcare

Because of the high value of medical records and healthcare databases to criminals, they pose ever more attractive targets. In fact, a number of reports have shown that cyberattacks are costing the healthcare industry billions of dollars annually, with a median loss of $150,000 per incident. Cybersecurity risks in healthcare have also drawn attention to the vulnerability of hospitals, clinics and other healthcare providers.

The infographic below, which is part of a series by Advisen and Hiscox, looks at:

  • The frequency of Health Insurance Portability and Accountability Act (HIPAA) violations over the past five years
  • The median loss in healthcare cyberattacks
  • The percentage increase of protected health information (PHI) losses between 2006 and 2011 for printed records, servers, laptops, desktop, website, portable data storage devices, and other sources.

...

http://www.riskmanagementmonitor.com/cyberattacks-a-growing-threat-for-healthcare/

http://www.riskmanagementmonitor.com/cyberattacks-a-growing-threat-for-healthcare/
Tuesday, 01 November 2016 00:00

Next Colorado Threat: Erosion, Floods

(TNS) - Firefighters battling the Junkins Fire are getting the upper hand after firing operations have had “a major positive impact on the fire” and work is set to begin on assessing damage to the watershed. According to a Sunday update on the 18,403 acre fire, “The elimination of fuels close to the fire lines are now protected,” which led to a slight increase in acreage of the fire.

Aircraft operations made several reconnaissance passes over the fire throughout the burn period and only interior smokes were spotted. Fuels within the fire line will continue to burn, the statement said.

A Burned Area Emergency Response team, made up of officials from several federal agencies, is ready to start work to identify and manage potential risks to resources, such as erosion problems that could impact the watershed or increase flooding. Once the team determines whether there are imminent post-wildfire threats to human safety, property or natural resources, officials will take immediate action to manage the unacceptable risks, according to a report.

...

http://www.emergencymgmt.com/disaster/Next-Colorado-Threat-Erosion-Floods.html

The Australian Red Cross Blood Service recently apologized after 550,000 blood donors' personal information was mistakenly exposed online.

The breach appears to be the largest in the country's history.

The information exposed included the names, genders, email addresses, mailing addresses, phone numbers, and birthdates of people who donated blood between 2010 and 2016. It also included answers to the question, "In the last 12 months, have engaged in at-risk sexual behavior?"

The data was accessible from September 5 to October 25, 2016, and was accessed on October 24, 2016 by someone scanning for security vulnerabilities, who notified Troy Hunt of the data breach notification service Have I Been Pwned of the flaw.

...

http://www.esecurityplanet.com/network-security/australian-red-cross-data-breach-exposes-550000-peoples-personal-information.html

I’ve been in IT for over 25 years and spend much of my time rubbing elbows with IT pros that specialize in certain parts of the industry. So, when I talk a lot (and I do) about backups, there’s sort of an assumption that the IT pro I’m interacting with has the basics down.  

But, as those of you in SMBs know, it’s never that easy. You have so many hats (including backup) to wear, that you often need a little push in the right direction so that you don’t need to try and reinvent the wheel as it were.

So, what’s the right way to plan out your backup strategy for small business?

...

http://mspmentor.net/blog/step-step-guide-backup-strategy-small-business

Monday, 31 October 2016 00:00

Turning Telcos into Cloud Providers

The world’s telecommunications carriers are set on becoming cloud providers as well, and the enterprise is the prime customer.

With abstract networking technologies like SDN, NFV and OpenStack on the table, telcos are quickly building the kind of flexibility into their networks that support agile delivery of a wide range of cloud services. At the same time, they are partnering with service providers, software developers, infrastructure vendors and anyone else who can round out their offerings to provide full software-defined data center (SDDC) platforms at scale.

In the U.S., both Verizon and AT&T are vying to become the dominant figure in cloud networking services. Verizon recently inked a deal with Oracle to provide interconnect services to improve latency across distributed hybrid architectures. According to ZDnet, Verizon will link its Secure Cloud Interconnect with Oracle’s FastConnect platform to provide pre-provisioned resources on-demand and enable the kind of rapid connectivity required of highly dynamic data environments. The system will be overseen by Verizon’s Dynamic Network Manager that maintains connectivity between traditional IT resources and public clouds from AWS, Microsoft, Google and others.

...

http://www.itbusinessedge.com/blogs/infrastructure/turning-telcos-into-cloud-providers.html

Monday, 31 October 2016 00:00

How the CIO's Role Is Changing--a Lot

Those in the role of chief information officer have seen a lot of changes in terms of roles, responsibilities and duties. This has been especially true in the last few years, as the cloud and its associated technologies have become more prevalent.

Indeed, the job title of the CIO is one that is morphing to meet new requirements from all areas of business. Overseeing everything from rogue cloud usage to business units developing their own cloud environments can be a lot to manage. At the same time, these groups, under increased pressure to improve business cost savings and do more with less, may not be aware of, or care about, the security issues they could potentially be exposing the company to in the pursuit of these goals.

This situation has culminated into a perfect storm of pressure for these business units. All areas of the company are being tasked with making things happen ahead of the competition, doing more with fewer resources and creating virtually instantaneous results. Each of the business units is responsible for its own budget and getting the most bang for the buck. Why consult outside the unit--with IT and the CIO?  The perception is that if they control their own budgets, they should control their own "IT Destiny."

...

http://mspmentor.net/blog/how-cios-role-changing-lot

BATON ROUGE, La. — Request funds to make your structure safer and stronger within 60 days after your community notifies you it is substantially damaged.

If you’re rebuilding or repairing a substantially damaged home or business, your community may require you to elevate or make other changes. Substantial damage applies when the cost of restoring a structure equals or exceeds 50 percent of its pre-damage market value, but some communities have more restrictive regulations.

Your National Flood Insurance Program (NFIP) policy may provide up to $30,000 to update your structure so it meets local floodplain management regulations. You must first submit a signed Increased Cost of Compliance (ICC) Proof of Loss form to your insurance company.

Provide a contractor’s estimate for the proposed ICC-eligible measures to your home or business and copies of construction permits. Your insurance company needs these to consider an ICC claim.

Structures that comply with floodplain management regulations have an enhanced ability to withstand storms and floods. Examples of ICC measures include elevation, relocation and floodproofing.

You have six years from the date of loss to complete the chosen and approved ICC measures.

Go online to the Louisiana Department of Transportation and Development’s website at www8.dotd.la.gov/lafloods/community_contacts.aspx to find your community’s floodplain administrator or permitting official if you want to learn more about the substantial damage determination process.

The U.S. Small Business Administration (SBA) may be another source of funds to make your home or business safer and stronger.

If your loan application is approved, you may be eligible for additional funds to pay for improvements that will protect your property against future damage. The funds would be in addition to the amount of the approved loan.

For more information, call the SBA at 800-659-2955 or TTY 800-877-8339. You may also go online to sba.gov/disaster.

Indegy Labs researchers recently discovered a vulnerability [PDF] in Schneider Electric's Unity Pro management software for industrial controllers. The flaw could be leveraged to execute code remotely on any computer running the software.

"Since Schneider Electric is one of the largest industrial control equipment providers, this vulnerability is a major concern," the researchers noted.

The researchers discovered the vulnerability almost six months ago, and disclosed it privately to Schneider Electric at the time, according to Kaspersky Lab.

...

http://www.esecurityplanet.com/network-security/schneider-electric-patches-major-ics-vulnerability.html

Does your organization use risk management for its fundamental benefits, or has it been implemented more for regulatory or compliance reasons? Oliver Vistisen calls on organizations to make a reassessment of their risk management approach…

Risk management has come a long way since its origins as a financial instrument for the insurance industry. Now, it’s a mainstream corporate function – due in large part to regulations that have been brought in by various industrial and governmental institutions seeking to tackle some of the major calamities of recent times.  From the global financial crisis to BP’s Deepwater Horizon disaster, risk management and regulatory compliance play major roles in establishing why crises have happened, and how they can be prevented from occurring again.

As is the case with emerging technologies, there have been multiple early adopters and pioneers. However, the majority are jumping on the risk management bandwagon either because it’s become fashionable, or because they are being told to do so by industry bodies: not because they have an in-depth understanding of what risk management is; and how it could best be applied to their organization. Nor do many fully appreciate the benefits of doing so.

...

http://www.continuitycentral.com/index.php/news/erm-news/1516-risk-management-making-it-more-than-a-regulatory-exercise

Monday, 31 October 2016 00:00

The Keys to Corporate Resiliency

One of the most critical responsibilities of an executive is building corporate resilience through an effective crisis management process. Corporate resiliency is derived from three specific processes: awareness, action and preparation. Most executives recognize the impacts of known events such as, fires, floods, cyberattacks, workplace violence, etc., and have developed plans for dealing with such events.

Crises arise from being faced with an unknown or unimaginable event for which there is no mitigation strategy. The inability to effectively deal with an event, known or unknown, subsequently impacts reputation, employee morale and company value. 

Corporate resiliency, in its simplest terms, is an organization’s ability to return to a normal operational tempo — including throughout its entire web of suppliers, manufacturers, distributors, retailers, transportation carriers and the other participating partners — after some period of time following an incident. Creating corporate resiliency contains two unknowns that are imperative to understanding and developing an actionable planning process: What constitutes normal operational tempo? What is the period of time?

...

http://www.emergencymgmt.com/disaster/The-Keys-to-Corporate-Resiliency.html

Monday, 31 October 2016 00:00

Consider the Risks

On average, it takes just 82 seconds before a phishing campaign gets its first click; 23% of phishing recipient’s open messages and 11% open attachments, releasing malware and viruses or allowing hackers into the system to rob companies blind.

CyrusOne’s report examines six vulnerabilities in enterprise security, along with measures to protect it.

Download our recent executive report >
Are Your Own Employees Putting Your Business at Risk?

The Business Continuity Institute - Oct 31, 2016 12:37 GMT

By NASA Earth Observatory image by Joshua Stevens, using MODIS data from the Land Atmosphere Near real-time Capability for EOS (LANCE)

The ravages of Hurricane Matthew, the costliest Atlantic hurricane since Superstorm Sandy, are prompting businesses to rethink their natural hazards preparedness. More than one in four respondents to a survey of employees in the areas affected by the storm claimed they believe their companies will increase investment in this area.

The study, conducted by FM Global, also showed that, while respondents gave their companies mostly A’s and B’s for pre-storm preparedness, nearly two out of five employees (38%) said Hurricane Matthew interrupted normal business operations, and over a quarter (26%) of employees said their companies lost customers or orders as a result of the storm.

Adverse weather has consistently been a top ten threat for business continuity professionals, according to the Business Continuity Institute’s annual Horizon Scan Report. In the latest edition, more than half of respondents to a global survey expressed concern about the prospect of this type of disruptive event materialising. When you analyse the results further to only include respondents from countries where these types of events are relatively frequent, countries such as the United States, the level of concern increases considerably.

Horizon scanning is a fundamental part of business continuity planning,” said Patrick Alcantara DBCI, Senior Research Associate at the BCI and author of the Horizon Scan Report. “Investment needs to be put into preparing for disruptive events prior to them occurring, not after. Organizations need to assess the threats they could be exposed to in the future, and then put measures in place to ensure they can still function should they occur.

Hurricane Matthew was a catastrophic event of major proportions, and disruptions of all kinds were to be expected,” said Brion Callori, senior vice president of engineering and research at FM Global. “However, we do believe the majority of loss is preventable, and tools and solutions exist to both understand what might occur during a hurricane and be prepared to mitigate the effects. We applaud new investment in resilience since it could make all the difference in the fate of a business, including revenue, market share, shareholder value and reputation. It’s only a matter of time before the next severe storm strikes.

Whether you expect to witness a creepy clown in your neighborhood or have nightmares of Michael Myers chasing you, Halloween is a night to celebrate things that scare us and make the hair stand up on the backs of our necks. Disaster recovery testing reduces the number of things that can scare us – on Halloween and all through the year.

The Critical Role of Disaster Recovery Testing

For those of us responsible for anticipating the unexpected and keeping your business operations running no matter what, uncertainty over having an “accurate” disaster recovery plan in place and identifying critical applications really can haunt us. Like a character being followed in a slasher film, we’re always looking over our shoulder, stuck with a nagging suspicion that something critical may have been overlooked.

...

https://www.iwco.com/blog/2016/10/28/importance-of-disaster-recovery-testing/

The Business Continuity Institute - Oct 28, 2016 09:51 BST

Ebola, Bird Flu, Swine Flu, SARS. There have been several times in recent years when the news headlines have been filled with stories of pandemics occurring in some part of the world, or at least are threatening to. Some never materialise into anything more substantial than a threat, but the fear of the potential impact still remains.

The latest Horizon Scan Report by the Business Continuity Institute put human illness in 13th place on the list of disruptive events that business continuity professionals are most concerned about. 38% of respondents to a global survey expressed concern about the prospect of this threat materialising, although this was a decrease from 2015 when it was in 8th place with 42% expressing concern.

So how prepared are we to deal with a pandemic outbreak and the impact it could have on our organizations. Do we know what impact it could have? In the latest edition of the BCI's Working Paper Series, Dezheng Yuan AFBCI uses three simplified financial models to elaborate on the impact of pandemic transmission speed to the business continuity of organizations and advised solutions. In his paper, Dezheng explains how slower pandemic transmission speed could enable more effective cross-region back-up plans of organizations which could reduce financial losses.

Among other things, Dezheng concludes that, even if the final morbidity and mortality rates remain the same, the efforts paid to delay the spread of the infectious diseases are still justified from the viewpoint of business continuity management.

"Concerns about the wholesale outbreak of disease are not that far-fetched considering the historical record which makes Dezheng Yuan’s paper relevant", says Patrick Alcantara DBCI, Senior Research Associate at the BCI and Editor of the Working Paper Series. "His methodology is relatively more technical than most of the works we have published in this series but lends itself well to practical solutions which he enumerates at the end of his piece. Indeed, his work demonstrates the depth of thinking in our professional community which we aim to feature in this publication."

Download your free copy of 'The effect of pandemic transmission speed on business continuity' to understand more about the potential impact a threat a pandemic could have on your organizations, and what you can do to mitigate against it.

ATLANTA, Ga. — As companies seek to cut costs and improve efficiency, a growing number of businesses encourage or allow their employees to use their own digital devices at work. “Navigating the IT, privacy, security and intellectual property issues was difficult enough before Bring Your Own Device (BYOD) became common,” says attorney and engineer Janine Anthony Bowen, a shareholder in national law firm LeClairRyan’s Atlanta, Ga. office. “But as the trend surges – and the law catches up with it – companies should carefully review their BYOD policies.”

Challenges range from liability for unpaid overtime to stiff legal penalties for failing to preserve data that may be subject to the eDiscovery process, adds Bowen, a member of LeClairRyan’s Privacy and Data Security Practice.

...

http://corporatecomplianceinsights.com/as-byod-trend-surges-employers-should-keep-up-with-changing-laws/

Friday, 28 October 2016 00:00

Hurricane Matthew: What Went Wrong?

When Hurricane Matthew swept through the Southeastern United States earlier this month, it left behind extensive debris, thousands without power, and many people living in shelters. In North Carolina, Florida, Georgia and South Carolina, meanwhile, a total of 17 people lost their lives.

Today’s storm forecast models are more advanced than ever before. So how is it that so many residents were caught unprepared when Hurricane Matthew swept into their towns earlier this month? The truth is that storms are notoriously unpredictable, and while forecasts can help, they ultimately only go so far. Let’s take a closer look at what went wrong with Hurricane Matthew, along with highlighting the single best way to protect yourself, your loved ones, and the members of your community when a storm is on its way.

...

http://blog.sendwordnow.com/hurricane-matthew-what-went-wrong

Until recently, the conventional wisdom about data storage was that on-premise solutions don’t offer the flexibility or cost savings of the cloud. Enterprises may have concerns about handing over control of their data and IT infrastructure to a cloud provider because they worry about security, but they’re willing to put these concerns aside if they think they can get the scale and storage they need — at a good price.

Depending on your business, this might have been true in the past: If you weren’t dealing with big data sets, sought low latency, and wanted to save money, the cloud may have been the right choice. Spinning disks didn’t offer the performance needed, and flash drives were too expensive to use in bulk.

Recent changes in the storage market have weakened the argument that storage in the public cloud is the only cost-effective option. Your data center doesn’t necessarily have to be built in the cloud if you’re trying to get that magic combination of cost effectiveness and performance. Here’s what’s happening in the data storage market that should factor into your decision making:

...

http://www.datacenterknowledge.com/archives/2016/10/27/storage-innovations-spur-second-look-cloud-premise-options/

There’s no longer any question that AI (artificial intelligence) is transforming the business world, and this is great news when it comes to successfully maintaining a corporate infrastructure modeled on the three pillars: governance, risk management and compliance (GRC).

Until now, the demands of GRC have been coupled with a spiraling need to increase productivity and cut costs in a hypercompetitive marketplace, turning this near impossible feat into a never-ending and often losing battle. But with the introduction of cutting-edge AI and NLP (natural language processing) technologies into the workplace, companies are discovering they can turn impossibility into reality.

Artificial intelligence has become an indispensable tool for humans to gain support in pretty much every aspect of running a business, and the methodology behind effective GRC is no exception. Much of a company’s compliance and regulatory measures center on the need for better decision-making; automating the processes that contribute to timelier, more informed decisions are a primary objective of emerging AI solutions.

...

http://corporatecomplianceinsights.com/exploring-upside-evolving-ai-business-solutions/

Earlier this year, a ransomware attack shut down the Lincolnshire County Council’s computer systems. For a week, members were reduced to using pens and pencils after the council refused to pay the $500 ransom demanded by the attackers.

It was a vivid example of the disruption that ransomware can cause security executives, who are girding to contend with targeted ransomware attacks against current and planned cloud deployments.

No surprise there as malicious hackers, clearly creatures of habit, seek out the most promising targets. While the cloud has proven its security critics wrong up until now - it’s actually a lot more secure than many thought a few years ago  - targeted ransomware attacks against the cloud are on the increase.

...

http://mspmentor.net/cloud-services/why-ransomware-attackers-really-really-cloud-computing

Thursday, 27 October 2016 00:00

Is Our Business Continuity Program a Sham?

You test, you plan, and you document, but is your business continuity program a sham?

It’s a question a senior executive of a client recently asked me. Sadly, the answer to his question was a resounding “yes!” In many cases, we find that the pretty picture painted by the BCM team is not what it seems when you get up closer and pull the covers back.

Why are so many programs in this state?  Well, here are 10 reasons:

...

http://www.mha-it.com/2016/10/is-our-business-continuity-program-a-sham/

The recent DDoS attacks have shone a bright spotlight on the security problems within the Internet of Things. The attacks are also a reminder that cloud security is still a work in progress.

That’s not to say that the cloud isn’t secure; instead, the problem may be the way we think about security and the cloud, as InfoWorld explained:

With DDoS attacks, the tendency is to focus on organizations directly affected. Thus, when hacktivists target financial services or gaming sites, the victims are those trying to access those applications. The information is intact, albeit temporarily unavailable.

With Dyn, however, the target was core internet infrastructure, which means any organization that relies on Dyn or works with a service provider dependent on Dyn is affected.

...

http://www.itbusinessedge.com/blogs/data-security/the-relationship-between-iot-cloud-security-and-ddos.html

Of all the ways in which advanced analytics and machine intelligence can impact the enterprise business model, perhaps none is more crucial than its effect on IT itself.

As infrastructure becomes more distributed and data loads become more complex, IT must become more adaptive, even to the point where it exceeds a technician’s ability to collect operating data, figure out what it all means and implement the required changes. So before organizations turn Big Data loose on functions like sales, marketing and compliance, it makes sense to implement it on the infrastructure and operational layers of the data environment itself.

This can be done in numerous ways. Power management firm Eaton recently launched the PredictPulse Insight platform that uses a cloud-based analytics engine to track power distribution throughout the data center to predict failures and optimize efficiency. The system ties into the PredictPulse remote monitoring service to produce a more predictive, proactive model of energy management. Users are provided with real-time data over an online dashboard that details alarm settings, performance metrics, service history and a host of other points, all of which can be accessed by either a traditional web portal or a mobile app.

...

http://www.itbusinessedge.com/blogs/infrastructure/how-to-deploy-advanced-analytics-in-the-enterprise-start-with-it.html

Thursday, 27 October 2016 00:00

The Era of the Smart Data Center

What does it take to run a smart data center?

For many businesses, the data center is the heart of software technology—the “thing” enabling businesses to do more, efficiently expand their capabilities, and maintain the information necessary to run their business properly. A smart data center is needed to support the demands and application deployment models, such as the Internet of Things (IoT), cloud, platform-as-a-service, software-as-a-service, and other models on the verge of becoming mainstream. As business needs evolve, companies are demanding more from their data centers.

Are data centers up to the challenge?

...

http://www.datacenterknowledge.com/archives/2016/10/26/era-smart-data-center/

Thursday, 27 October 2016 00:00

Preparing for Colder Weather

As some parts of the Northeast experience their first frost/freeze of the season, this is a good time to make some cold weather preparations.

NOAA’s recently issued U.S. Winter Outlook said the development of La Niña, the climate phenomenon and counterpart of El Niño, is expected to influence winter conditions this year.

La Niña favors drier, warmer winters in the southern U.S. and wetter, cooler conditions in the northern U.S. but because forecasters expect it to be weak and short-lived, we probably shouldn’t bet against snow.

...

http://www.iii.org/insuranceindustryblog/?p=4640

U.S. regulators unveiled draft cybersecurity standards  aimed at protecting the U.S. financial system in the event of a technology failure or cyberattack. The plan, authored by the Federal Reserve, the Federal Deposit Insurance Corp. and the Office of the Comptroller of the Currency, would strengthen the way agencies oversee how large U.S. banks and foreign banks operating in the U.S. with $50 billion or more in assets manage and address threats to cybersecurity.

The draft plan would impose the toughest restrictions on firms considered to pose the greatest risk to the financial system. Those firms would have to prove they can get their core operations running within two hours of a cyberattack or major IT failure. The new rules also would apply to nonbank financial companies deemed systemically risky by a panel of regulators.

...

https://ems-solutionsinc.com/blog/regulators-tighten-cybersecurity-standards-us-banks/

The Business Continuity Institute - Oct 27, 2016 09:41 BST

Clearly it is embarrassing, and we’ve all heard about the huge fines that have been imposed on some organizations following a data breach, but what is the long term impact of such an event? A study conducted by Thales e-Security has showed that the vast majority of people would reduce or eliminate the use of an organization’s products or services following a data breach, and only 16% of respondents would continue to use an organization’s products or services as usual.

According to the UK-based study, one in five people (20%) would withhold custom altogether from an organization that had been breached, while over a third (37%) stated they would only use their products and services if there were no other alternatives.

This major rejection of organizations that have been breached demonstrates why business continuity professionals are concerned about this type of threat. In fact, the Business Continuity Institute’s latest Horizon Scan Report identified data breach as the number two threat (after cyber attack) with 80% of respondents to a global survey expressing concern about the possibility of such an incident occurring.

It’s important for firms to recognise just how much of their customer base might be lost in the wake of breach incidents,” said Sol Cates, vice president of technology strategy at Thales e-Security. “With more than half of respondents saying that they would either immediately stop using an organization’s products or services altogether, or use them only if they have no other choice, effective security controls specifically placed around data to prevent and minimise damage from data breaches become an absolute requirement.

The survey also questioned respondents on what they would be most concerned about following a breach of their personal information. Nearly half (46%) stated that money being stolen from their bank account was the main concern, while two in five stated that it was having their identity stolen.

The theft of money from someone’s bank account as the result of a breach is a very tangible fear, but realistically it is much less likely than other outcomes,” continued Cates, “The implications of identity theft should pose far more of a concern, as they can be extremely painful and long lasting, with clean-up from incidents taking months or even years, and having long term effects on using and obtaining credit when it is really needed. Once your data is ‘in the wild’, your life is never the same.

Digital Realty Trust uses more renewable energy than any other data center provider, followed by Equinix, according to the US Environmental Protection Agency.

Companies that use providers like Digital and Equinix are increasingly interested in data center services powered by renewable energy, partly because of their own corporate sustainability programs and partly because energy generated by sources like wind and solar has gotten a lot cheaper in recent years. In response, the providers have been sourcing more renewables to address the demand.

 

recent survey of consumers of retail colocation and wholesale data center services by Data Center Knowledge, found that 70 percent of these users consider sustainability issues when selecting data center providers.

...

http://www.datacenterknowledge.com/archives/2016/10/25/data-center-providers-use-renewable-energy/

Wednesday, 26 October 2016 00:00

Field Tested and Ready

Bockistan lies in ruins.

A magnitude 7.8 earthquake has rocked the country, killing hundreds. Large apartment buildings have collapsed, communications are out, airports and seaports are closed, electricity is dead, and water isn’t flowing.

Into this situation come 42 Americans ranging in age from their early 20s to their late 50s, full of enthusiasm and determination to do good and carrying bags of gear. But they’re entering an unfamiliar world in a state of disaster, full of cultural pitfalls and government red tape.

What’s more, this is their final exam — not to add any pressure.

...

http://www.emergencymgmt.com/training/Field-Tested-and-Ready.html

Wednesday, 26 October 2016 00:00

CDC: How We Decide What to Say in Emergencies

A few years ago, there was an outbreak of Salmonella infections among people who ate peanut butter and products containing peanut paste, like crackers and cookies. People were scared. They needed to know which products were affected. Were they in their grocery store, or worse, already in their kitchen? They also needed facts about Salmonellainfection: what are the symptoms, and how dangerous is it?

Fact: You can’t protect your health if you don’t know what to do and how to do it.

This is the reason I spend my days helping people get the right messages about their health at the right time. During the Salmonella outbreak linked to peanut butter, we worked to quickly gather information and science from lots of sources and get it to the people who needed it. But there’s more to communicating about health than just moving information around. There’s a science behind what we do.

First things first

Before I start writing, I take a minute to put myself in the audience’s shoes. Who are they, and what do they need to know to protect themselves? I begin with the what, why, and how – the basics everyone needs to take the first steps.

In an emergency, geography is also important. If there’s an outbreak or a flood, not everyone may be affected. People need to know if they’re close to the incident or far away, and what the likelihood is that it will affect them.

But we don’t just consider what we need to say. We also look at the best ways for people to hear it. We know that people with different backgrounds will take in health information differently. What people do about a threat depends on several things, including who they are, who we are, and how we talk about it. This is where the communication science comes in.

Applying the science7 things to consider when communicating about health

In my job, we apply a system where we look at the different aspects of getting health information to people who need it. There are seven things we consider when we communicate about health:

  • Trust: Will people trust the information? Who is the best source to put the information out?
  • Information: What information is necessary, and how will people find it? How much is enough, or too much?
  • Motivation: How relevant is the information is to the people we’re trying to reach?
  • Environment: What are the conditions that surround and affect the audience?
  • Capacity: What is people’s ability to act on the information? Are there barriers?
  • Perception: What will the audience think about the information? What will inspire them to act on it?
  • Response: How will people respond? What can we do to stay engaged with them and give them support as they take action?

We call this set of questions TIME-CPR. Answering all of these questions before we start communicating lets us make a plan that will help people take action and save lives.

What we know, as soon as we know it

Sometimes we get worried about communicating information before we have all the answers. But it’s okay to say that we don’t know yet, and we’re working on finding out. We’re all in this together, especially in emerging and evolving situations, and people need to trust that we will always share the latest and best information we have, even if we don’t yet understand or know everything. We’re not just experts, we’re expert learners.

When something first happens, we might not know right away exactly how many people or which products are affected. But we need to start talking about it anyway. The risk is too great if we don’t.

Let’s go back to that Salmonella outbreak. Because peanut paste is in so many products, and because those products were already in the hands of so many people, we had to act quickly. Many of the affected crackers had been sent to troops overseas or were foods that get sent as part of school lunches. We immediately reached out to veterans’ communities, daycares, and schools. We developed a searchable database and created a widget to help people figure out if their food had the peanut paste in it. In the end, the outbreak affected over 700 people in 46 states. But without fast communication, many more would have been sick.

Health literacy touches everyone

October is Health Literacy Monthhttps://blogs.cdc.gov/TemplatePackage/3.0/images/icon_out_v2.png), which is a time to focus on how we can help people better receive and understand information they need to stay safe and healthy. When we present our information in a way that makes it difficult for people to understand what they can do to protect their health, they may be more likely to get sick or die.

Health literacy affects everything from how and why medication should be taken, to reading nutrition labels, to what people should do in a major emergency like an outbreak or natural disaster. Everyone – from large agencies to community organizations to family doctors to individuals – is responsible for making sure we all have clear and relevant health information when we need it. We need to stay connected and communicate well. Lives depend on it.

For more information about Health Literacy, visit the CDC Health Literacy website.

Improving the ability to share and use health information is a national priority. The National Action Plan to Improve Health Literacyhttps://blogs.cdc.gov/TemplatePackage/3.0/images/icon_out_v2.png); display: inline-block; width: 10px; height: 10px; vertical-align: baseline; margin: 0px 3px 0px -13px; background-position: 100% 50%; background-repeat: no-repeat no-repeat;"> seeks to engage organizations, professionals, policymakers, communities, individuals, and families in a connected effort to increase health literacy, and is part of the Healthy People 2020https://blogs.cdc.gov/TemplatePackage/3.0/images/icon_out_v2.png); objective to improve health outcomes and health equity through better communication.

Posted on October 25, 2016 by Christine Prue, MSPH, Ph.D., Associate Director for Behavioral Science, National Center for Emerging & Zoonotic

At the U.S. Department of Homeland Security (DHS), Assistant Secretary for the Office of Infrastructure Protection Caitlin Durkovich recognizes how hard it can be for emergency managers to distill the message of preparedness for citizens and businesses.

With the rise of global terror, the threat landscape has become exponentially more complex, making it harder for first responders and others to communicate even basic security information. “But this is the new normal, this is the world that we are living in now, where we are going to see attacks on soft targets with frequency,” she said.

To convey the significance of that reality, emergency managers need a concise message.

...

http://www.emergencymgmt.com/disaster/Prepare-Your-Business.html

Not all "clouds" are created equal – or considered clouds at all, for that matter. With all due respect, single-tenant hosted products are one such instance. Just because a traditional software product is hosted by a vendor doesn't make it the equivalent of SaaS. Let's face it – it's not uncommon for successful licensed software companies that focus on operational intelligence or enterprise compliance and security to zig and zag as they evolve their business models to the cloud. Neither is it uncommon for them to maximize their best attributes in their marketing materials.

The difference between SaaS and a single-tenant hosted software "cloud", however, is an important distinction. If you're looking for a solution that offers the key benefits of a modern SaaS product, hold out for a provider whose underlying architectural model offers the benefits of a true cloud offering. And while your first reaction might be, "Who cares? Hosted software seems like SaaS as far as the user is concerned." But here are the three reasons why customers should care about their "cloud" provider's underlying model.

...

http://www.datacenterknowledge.com/archives/2016/10/25/cloud-not-cloud-single-tenant-hosted-product/

Wednesday, 26 October 2016 00:00

MANAGE EVENTS WITH A MASS COMMUNICATION SYSTEM

Your Event Management Doesn't Have to Be So Hard

Company execs love to put on big, fancy events. They may invite business leaders, managers, partners, suppliers, stockholders, board members, customers, and maybe even regular employees who deserve a night on the house.

These events often take place in hotel ballrooms or conference centers with plenty of food, drinks, and entertainment. Speakers are given the stage, presentations, and short films often accompany, and most leave in a better mood than when they arrived (if it is done right). Events may be planned for product launches, annual conferences, holiday galas, or awards banquets. They are all a big deal, take a lot of time to plan, and cost a boatload of money.

...

https://www.alertmedia.com/manage-events-with-a-mass-communication-system

The Business Continuity Institute - Oct 26, 2016 12:15 BST

 

Two years ago, I was asked to contribute to the ‘20 in their 20s’ publication by the BCI on the future of business continuity. In my article, I pointed out the need to learn from experience in order to achieve what I think is the mission of our industry: the ‘social continuity’. I also stated that the business continuity industry shall not repeat the mistakes of risk management, which was highly disregarded by the Boards of Directors of the most important companies all over the world until the most recent years, when the financial crisis hit the global markets.

I am now invited to write this blog as a follow-up to that initiative, with the aim of understanding if and how my view had changed since then. Honestly, I have to say I still think the greatest challenge for continuity and resilience professionals is to broaden the scope of action to include the social components in their considerations. Indeed, we all know that an organization is as vulnerable as the weakest link in its value chain, and we are also aware of the fact that each company operates in an interconnected environment. How can we claim to be resilient, if we do not care about the level of preparedness of our critical stakeholders?

In these two years, I have also understood that cultural restraints can represent a limit that needs to be overtaken if we want to reach our target. Therefore, I have decided to get more involved with the activities of the Business Continuity Institute, whose mission is to promote a more resilient world. Specifically, I have become an Approved BCI Instructor, a BCI Corporate Partner with my company (PANTA RAY) and I have joined the BCI Risk and Governance Committee. I strongly believe in the role of the Institute because, actually, there are countries where chasing the ‘social continuity’ purpose can be hard. That is why we need to work the system if we wish to change mindsets that had been instilled over hundreds of years.

It will be a long process and I can tell it is frustrating at the beginning. I am Italian and I have been involved in the launch of the BCI Italian Forum in the summer of 2014. A small group of people had to build a network from scratch and faced many challenges, but we worked hard and thanks to the support of Steve Mellish (BCI Chairman at that time) and Lorraine Darke we had a very first conference in November that same year with approximately 70 Italian professionals. It was an incredible success and we decided that we wanted to establish an annual meeting, so we had a similar event last year (2015) and doubled the audience.

In 2016, we started to hold monthly Forum meetings. As a consequence of our efforts, the numbers of CBCI training sessions and statutory members are increasing at a fast pace and our expectations on the next annual conference are definitely high. The BCI Italian Forum is now a very active LinkedIn group that counts over 350 continuity and resilience professionals!

We know it is going to be a long journey, but the results of our job are quite interesting so far. I would like to share our approach and discuss it with the community, as I am sure we would benefit from feedback and suggestions. And with a pinch of conceit, we might as well inspire the growth of the Institute in other areas. After all, we all share the same mission.

Alberto Mattia is the Managing Director of PANTA RAY, the leading business continuity consulting company in Italy. He graduated in Economics and Finance at the Università Bocconi in Milan, his hometown, with a final paper on Crisis Management in the banking sector. Alberto has been a speaker at several important conferences on resilience and has written articles that have been published in Italy and abroad.

Managed cloud provider Rackspace announced it has appointed two new executives to its international team. Reinhard Waldinger has been promoted to Managing Director, International, and Alex Fuerst, Regional Leader for DACH.

The appointments come as Rackspace, which recently went private in a $4.3 billion buyout, is opening a new office in Munich that will help support the growth of its German-speaking customers in Germany, Austria and Switzerland.

Waldinger has worked at Rackspace for more than 10 years. Previously, Waldinger was VP of Finance for Rackspace International. In his new role he will work with customers, partners and employees in its international operations.

...

http://www.datacenterknowledge.com/archives/2016/10/24/rackspace-boosts-international-team-opens-munich-office/

Regardless of whether you work in the hosting industry, you would have likely encountered an outage Friday on a website that you may visit frequently, due to a DDoS attack targeting Dyn.

You can read the news story here.

A DDoS attack on an individual website can cause lots of issues in and of itself, but a DDoS attack on a DNS network has a much bigger impact. Friday’s DDoS attack impacted sites ranging from Twitter to AirBnb to The New York Times and, even to PagerDuty, a site that helps alert you of downtime.

In an emailed statement, Dave Larson, Corero COO, explained how DDoS attacks against DNS providers can be particularly damaging.

...

http://www.datacenterknowledge.com/archives/2016/10/24/was-fridays-ddos-attack-part-of-a-troubling-trend/

The enterprise cloud industry is starting to take on some semblance of order as both providers and consumers gain a clearer understanding of how it is to function within the broader data ecosystem.

To be sure, there are still many questions regarding deployment, configuration, services and a host of other factors when creating individual clouds, but in general the need to establish robust hybrid infrastructure that can accommodate legacy applications and emerging services for mobile, Big Data and IoT functions is coming into focus.

This clarity is also driving much of the deal-making on both the provider and infrastructure layers, not the least of which is Amazon’s recent tie-in with VMware. As Information Week’s Charles Babcock noted recently, the deal gives Amazon something it desperately needed to combat chief rival Microsoft: a means to easily port workloads from legacy infrastructure to its largely proprietary cloud architecture. VMware fills the bill nicely because it provides the virtual format to shift workloads without bothering with a lot of hardware configuration, and it has one of the largest installed bases of enterprise customers on the planet.

...

http://www.itbusinessedge.com/blogs/infrastructure/how-top-cloud-providers-hope-to-woo-the-enterprise.html

On Thursday, I wrote a blog post about the Mirai IoT malware infecting IoT devices, turning them into botnets that create DDoS attacks. I knew that this was going to become a serious problem but at that moment, it hadn’t become a mainstream issue.

That certainly changed quickly, didn’t it? On Friday, I was leaving my office when my phone chirped with a breaking news story – Homeland Security was investigating a major DDoS attack against Dyn. A quick check of Facebook told me all I needed to know: My friends were wondering why they couldn’t access so many of their favorite websites all of a sudden. Now everyone is asking questions about not only IoT security but DDoS attacks. It’s good that people are now aware; I wish we could be aware proactively rather than reactively.

But where does this proactive behavior begin? For this type of attack, it is a two-pronged issue. First, we have to do a better job addressing IoT security. A new survey from ESET found that 40 percent of us are not confident that our smart devices are secure enough, and as Tech Crunch added:

...

http://www.itbusinessedge.com/blogs/data-security/major-ddos-attack-shows-how-we-vulnerable-we-are.html

Tuesday, 25 October 2016 00:00

FEMA: Long Term Recovery

PHILADELPHIA – Long term recovery begins and ends in local communities.  To support state and local officials, and help build back communities to be more resilient, FEMA developed the National Disaster Recovery Framework, also known as the NDRF, to help guide federal agencies in their support efforts. The NDRF empowers federal, state, local and other partners to work together to find solutions for some of the major challenges communities face after a disaster, such as housing needs, rebuilding the local economy, and preserving the communities’ heritage and traditions while making strides towards resilience against future disasters.

FEMA Region III has released a podcast on the NDRF to help explain how the program works and our goal in working with and supporting communities’ long term recovery. The podcast is a great way to learn more about the framework, roles, responsibilities and objectives.  It is available at https://www.fema.gov/media-library/assets/audio/126251 and through the Multimedia Library Audio section. The podcast interviews FEMA Region III’s Federal Disaster Recovery Coordinator (FDRC) Kevin Snyder and Community Planning and Capacity Building (CPCB) Coordinator Michelle Diamond on the NDRF, as well as how FEMA works with our partners to make long term recovery happen for communities.

Below are some excerpts from the podcast:

FDRC Kevin Snyder: “In Region III we have what we call our Recovery Support Function Leadership Group and that is a steady state group, we meet monthly and we talk about our issues, needs, and activities and through that network we can reach back to our regional infrastructure system partners and say hey – here is this issue that we didn’t identify early on but we are seeing right now. What are your ideas of how we can coordinate solutions to address that? And kind of take it from there.”

CPCB Coordinator Michelle Diamond: “…we do work with a number of federal partners, but in addition to the federal partners, we also work with the private sector, with universities, with professional associations, foundations, and nonprofits and all of these partners – they all have the goal of working with local governments and state governments to help address issues of local needs for planning and for capacity building.”

To listen to and download the podcast, please visit https://www.fema.gov/media-library/assets/audio/126251. For more information on the NDRF, please visit https://www.fema.gov/national-disaster-recovery-framework.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. FEMA Region III’s jurisdiction includes Delaware, the District of Columbia, Maryland, Pennsylvania, Virginia and West Virginia.  Stay informed of FEMA’s activities online: videos and podcasts are available at fema.gov/medialibrary and youtube.com/fema. Follow us on Twitter at twitter.com/femaregion3.

Tuesday, 25 October 2016 00:00

What IoT Cyber Attacks Mean for Insurers

The massive global distributed denial of service attack (DDoS) against internet infrastructure provider Dyn DNS Co. that left over 1,000 major brand name sites including Twitter, Netflix, PayPal and Spotify, inaccessible Friday has implications for insurers too.

While the nature and source of the attack is under investigation, it appears to have been (in the words of Dyn chief strategy officer Kyle York) “a sophisticated, highly distributed attack involving tens of millions of Internet Protocol addresses.”

As Bryan Krebs’ KrebsOnSecurity blog first reported, the attack was launched with the help of hacked Internet of Things (IoT) connected devices such as CCTV video cameras and digital video recorders (DVRs) that were infected with software (in this case the Mirai botnet) that then flooded Dyn servers with junk traffic.

...

http://www.iii.org/insuranceindustryblog/?p=4634

Managed DNS provider Dyn was hit by a series of massive DDoS attacks on Friday, October 21, which left several major sites inaccessible for hours, including Box, CNN, HBO Now, PayPal, Pinterest, Reddit, Spotify, Squarespace, Twitter, Weebly, Wired, Wix, Yelp, Zendesk and Zoho, among many others, Gizmodo reports.

In a statement on its website, Dyn explained that its Managed DNS infrastructure in the Eastern U.S. came under attack from 11:10 UTC to 13:20 UTC, and again from 15:50 UTC to 17:00 UTC. "We will continue to evaluate every situation with the goal of improving our systems and processes to deliver the utmost customer experience," the company stated.

In a blog post, security expert Bruce Schneier suggested that someone has spent the past year or two probing the defenses of companies critical to the operation of the Internet. "These probes take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down," he wrote.

...

http://www.esecurityplanet.com/network-security/major-ddos-attack-disables-websites-across-the-u.s..html

Any repetitive IT task that requires IT organizations to detect patterns within a massive amount of data is now generally subject to being automated. With that in mind, Hewlett-Packard Enterprise (HPE) has been applying Big Data analytics to multiple forms of data protection.

The launch of HPE Backup and Recovery Suite brings all HPE data protection offerings together under a common analytics framework as part of an effort to first identify bottlenecks in the process, make recommendations on how to fix scheduling conflicts and ultimately eliminate the amount of IT intervention currently required to complete them.

In addition, Stephen Spellicy, vice president of product management for information management and governance says, HPE is now providing a “what-if” capability that allows IT administrators to model different data protection strategies before implementing them.

...

http://www.itbusinessedge.com/blogs/it-unmasked/hpe-applies-big-data-analytics-to-data-protection.html

RALEIGH, N.C. – If you applied for FEMA help in the aftermath of Hurricane Matthew and you disagree with the decision stated in the letter you received, a quick fix may be all that is needed to change it. 

It’s important that you read your letter carefully to understand FEMA’s decision so you will know exactly what you need to do. Many times applicants just need to submit extra documents for FEMA to process their application.

Examples of missing documentation may include an insurance settlement letter, proof of residence, proof of ownership of the damaged property, and proof that the damaged property was your primary residence at the time of the disaster.

If instructed and needed, you can simply submit missing documentation to FEMA online at www.disasterassistance.gov, by mail or fax, or by visiting a Disaster Recovery Center.

There may be more than one reason you disagree with FEMA’s decision. For example, if you feel the amount or type of assistance is incorrect, you may submit an appeal letter and any documents needed to support your claim, such as a contractor’s estimate for home repairs.

If you have insurance, FEMA cannot duplicate insurance payments. However, if you’re under-insured you may receive further assistance for unmet needs after insurance claims have been settled.

How to Appeal a FEMA Decision

All appeals must be filed in writing to FEMA. You should explain why you think the decision is incorrect. When submitting your letter, please include:

  • Your full name
  • Date and place of birth
  • Address

In addition, your letter must be either notarized, include a copy of a state issued identification card, or include the following statement, “I hereby declare under penalty of perjury that the foregoing is true and correct.” You must sign the letter.

If someone other than you or the co-applicant is writing the letter, there must be a signed statement from you affirming that the person may act on your behalf. You should keep a copy of your appeal for your records.

To file an appeal, letters must be postmarked, received by fax, or personally submitted at a Disaster Recovery Center within 60 days of the date on the determination letter.

By mail:

FEMA – Individuals & Households Program
National Processing Service Center
P.O. Box 10055
Hyattsville, MD 20782-7055

By fax:
800-827-8112
Attention: FEMA – Individuals & Households Program

You should have received a booklet called "Help after a Disaster." It explains what you need to provide for your appeal. The booklet is available online at www.fema.gov/help-after-disaster.

If you have any questions about submitting insurance documents, proving occupancy or ownership, or anything else about your letter, you may call the FEMA Helpline at 800-621-3362. If you use TTY, call 800-462-7585. Those who use 711 or Video Relay Service can call 800-621-3362. Lines are open from 7 a.m. to 11 p.m. EDT, seven days a week, until further notice. You can also visit a North Carolina disaster recovery center and speak with a disaster assistance representative. Locate your closest center by going online to fema.gov/drc or by calling the FEMA Helpline.

###

Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-3362 or TTY at 800-462-7585.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. Follow FEMA on twitter at @femaregion4. Download the FEMA app with tools and tips to keep you safe before, during, and after disasters.

Dial 2-1-1 or 888-892-1162 to speak with a trained call specialist about questions you have regarding Hurricane Matthew; the service is free, confidential and available in any language. They can help direct you to resources. Call 5-1-1 or 877-511-4662 for the latest road conditions or check the ReadyNC mobile app, which also has real-time shelter and evacuation information. For updates on Hurricane Matthew impacts and relief efforts, go to ReadyNC.org or follow N.C. Emergency Management on Twitter and Facebook. People or organizations that want to help ensure North Carolina recovers can visit NCdisasterrelief.org or text NCRecovers to 30306.

The U.S. Small Business Administration (SBA) is the federal government’s primary source of money for the long-term rebuilding of disaster-damaged private property. SBA helps homeowners, renters, businesses of all sizes, and private non-profit organizations fund repairs or rebuilding efforts and cover the cost of replacing lost or disaster-damaged personal property. These disaster loans cover losses not fully compensated by insurance or other recoveries and do not duplicate benefits of other agencies or organizations. For more information, applicants may contact SBA’s Customer Service Center by calling (800) 659-2955, emailing This email address is being protected from spambots. You need JavaScript enabled to view it., or visiting SBA’s Web site at www.sba.gov/disaster. Deaf and hard-of-hearing individuals may call (800) 877-8339.

How would emergency management and public health officials handle a catastrophe that taxed local supplies of vaccines or medical equipment? Since 1999, the federal government has had a way to help: the Strategic National Stockpile.

The stockpile consists of warehouses that contain medicines — both those that prevent the onset of an illness and those that can treat illnesses — and medical supplies and equipment. It is not meant to be the first line of defense, but rather to supplement resources when state and local supplies run short.

“The underlying premise of the Strategic National Stockpile is to respond to primarily chemical, biological, radiological and nuclear events,” said Greg Burel, director of the Division of Strategic National Stockpile at the Centers for Disease Control and Prevention (CDC). “We also hold material that would be useful in an influenza event.”

...

http://www.emergencymgmt.com/health/The-Strategic-National-Stockpile-Stores-Medication-and-Equipment-in-Case-of-Emergency.html

Monday, 24 October 2016 00:00

Enhancing Campus Safety

This spring, the U.S. Department of Education released its third version of the Handbook for Campus Safety and Security Reporting to help guide colleges in their continued implementation of the Clery Act.

Originally intended to bring greater transparency to campus crime reporting, especially around crimes against women, that law has been expanded in the decades since its inception. It now contains substantial language compelling schools to organize and document specific plans for issuing timely warnings and emergency notifications.

The Clery Act applies to some 6,000 colleges and universities that participate in federal financial aid programs. With the release of its latest handbook, the Department of Education says it is looking for these schools to take their emergency planning beyond the historic norms of academia.

...

http://www.emergencymgmt.com/safety/Enhancing-Campus-Safety.html

Monday, 24 October 2016 00:00

The 911 Cyber Challenge

Emergency Management has published several articles about the movement toward a next-generation 911 (NG911) system based on modern Internet protocols that will allow responders to take advantage of capabilities such as text and video messaging. 

Beyond the capability to send and receive texts and multimedia, there are other benefits to the new types of networks. Public safety answering points (PSAPs) will be able to transfer calls and activate alternative routing to share the burden during an emergency or when they are closed by disaster.

But accompanying all these important benefits of the switch from analog to digital, one challenge looms large: the increased risk of cyberattacks on 911 call centers once they are connected to so many devices and other networks.

...

http://www.emergencymgmt.com/next-gen-911/The-911-Cyber-Challenge.html

In life and in business, you are generally more successful when you have friends. You are able to share the load, bounce ideas off each other, and have each others’ backs, if you will. The goal is that the sum of the parts is greater than indicated by the math.

Companies that are trying to address large problems will find it lonely if they don’t surround themselves with an ecosystem, the technology equivalent of friends, to fill in the gaps.

The idea of an ecosystem isn’t new – it’s a core reason most industries exist. Ecosystems in the technology space succeed for some of the same reasons most of us tend to have a higher score when we play “best ball” in golf, compared to playing solo. For example, there may be a woman who can drive the ball down the fairway, another guy that chips it onto the green, another guy who is a whiz with the putter, and then there’s me – the designated golf cart driver. In tech, when vendors, partners, customers, and thought leaders collaborate, they can set higher standards for innovation and push the limits with the solutions they create.

...

http://www.datacenterknowledge.com/archives/2016/10/20/the-four-cs-for-it-and-security-ecosystem-success/

Iron Mountain, the company known for its underground caverns that house everything from classified government documents and Hollywood movie reels to data centers, is expanding into Northern Virginia, the largest and most active data center market in the US.

The company recently kicked off construction of a 150,000-square foot data center in Manassas, which it expects to be the first of at least four buildings on a future 83-acre, 60MW data center campus, according to a news release. The facility is slated to come online in August 2017.

It first announced plans to build a data center campus in the region in March.

...

http://www.datacenterknowledge.com/archives/2016/10/20/iron-mountain-entering-n-virginia-with-massive-data-center-build

Thursday, 20 October 2016 00:00

Is World Backup Day Such a Good Idea?

As you may already know, World Backup Day is on the 31st of March, 2017. So depending on when you read this blog post, you may have more or less time in front of you until it rolls around again. Hooray for World Backup Day, you might think, reminding people how important it is to safeguard data and systems.

world-backup-day

But is there a danger that data backups then have but one day of fame per year, only to be forgotten about for the other 364 (or 365)? Maybe this anniversary could be put to a slightly different use.

...

http://www.opscentre.com/world-backup-day-good-idea/

Thursday, 20 October 2016 00:00

Create your complete Business Continuity Plan

The Business Continuity Planning Template: Your Guide to Creating a Complete Business Continuity Plan

Creating a comprehensive Business Continuity Plan is a critical step in the development of your BCM program. A few weeks ago, we posted our ultimate guide to developing a risk mitigation plan, but this week we’re going to take another step toward program maturity by looking at the development of the Business Continuity Plan itself.

This Business Continuity Plan is the aggregate of your planning and analysis processes (risk assessment, business impact analysis, and threat and risk assessment). It includes various documentation and checklists that allow your organization to continue to function effectively (or to restore business functions) during an emergency event. With that in mind, we developed the following checklist to help you develop an overall Business Continuity Plan, as well as other plans and action items for specific areas in your organization. We suggest the use of checklists as they are efficient, straightforward, and ensure important items are not missed.

...

http://www.mha-it.com/2016/10/create-your-complete-business-continuity-plan/

Wednesday, 19 October 2016 00:00

Improving disaster response from space

From September 28 to October 10 of this year, Hurricane Matthew swept through Haiti, Florida and the Carolinas, leaving communities scrambling to beat back the onslaught of floodwaters. First responders, government agencies and insurers needed to know which areas required immediate attention. However, in many of the hardest-hit locations, damage to infrastructure meant that there was no viable way to gather that data on the ground.

FirstLook, DigitalGlobe’s online subscription service for emergency management, offers fast web-based access to pre-event and post-event imagery, plus updates as our constellation continues to collect data on a priority basis.

And when you’re looking for more than a picture, GBDX, DigitalGlobe’s geospatial big data platform, has the tools to turn satellite images into actionable data. Using GBDX, you can integrate DigitalGlobe’s trained neural network algorithms with open-source data sets like OpenStreetMap. In the case of Hurricane Matthew, we found this layering particularly useful in identifying underwater and at-risk infrastructure.

...

http://blog.digitalglobe.com/2016/10/18/improving-disaster-response-from-space/

Hackers recently stole research data from the University of Toyama's Hydrogen Isotope Research Center, along with 1,493 people's personal information, Infosecurity reports.

The data was stolen in December 2015, March 2016, and June 2016, using malware that had been delivered via a spear phishing attack in November 2015.

The Japan Times reports that two staff members received phishing emails in November of 2015. One of the staff members' PCs was infected, after which it transmitted data to an outside party for approximately six months.

...

http://www.esecurityplanet.com/hackers/hackers-steal-data-from-japanese-nuclear-facility.html

The thrashing winds have died down. Relentless rain has ceased. The clouds have cleared and the sun is shining. But this is no time to let your guard down.

Last week, Hurricane Matthew pounded its way through the Caribbean before bearing down on the eastern U.S. coastline from Florida to North Carolina. Many lives and homes were tragically lost. But not all of the death and destruction happens during the storm itself. The aftermath is a treacherous time, with still-rising floodwaters, power outages, breaks in healthcare services, and increased risks for injury or illness. The mental and physical toll of a hurricane continues to mount even as it dispels and fades off into the ocean. We must remember that, although the storm has passed, danger remains present.

Beware of rising waters

After the rain ends, it can take days for rising rivers and streams to crest, or reach their highest point. This means that homes and roads that are not underwater at the end of the storm may be flooded in the days following.

In North Carolina, Matthew dumped 6 to 18 inches of rain, causing flooding that rivaled or surpassed that of Hurricane Floyd in 1999. But much of the water damage didn’t happen right away. Even as rescue and recovery efforts began, the state’s rivers continued to swell and overflow their banks, creating a second wave of destruction.

Driving on water-covered roads or through flooded areas can leave you hurt or stranded – or worse. Help may not be able to reach you right away if you get stuck, and you won’t be able to see hazards like debris or sinkholes in your path. Avoid driving through flooded areas, especially when the water is fast moving. As little as six inches of water can cause you to lose control of your vehicle.

 

Avoid risks during power outagesAre you prepared? infographic

Hurricane Matthew knocked out power to millions of homes and businesses. People die from carbon monoxide poisoning after a hurricane or other disaster when trying to generate power, keep warm, or cook using gasoline or charcoal-burning devices. The carbon monoxide (CO) these devices produce is a silent killer – you can’t see it or smell it. To avoid being a victim, always use generators, grills, camp stoves, or other gasoline or charcoal-burning devices outdoors, and keep them at least 20 feet away from any windows, doors, or vents. Use a battery-powered carbon monoxide detector to alert you to any CO in your home.

Power outages can also result in injuries or deaths from fires. If the power is out, try to use flashlights or other battery-powered lights instead of candles. If candles are all you have, place them in safe holders away from anything that could catch fire, and never leave them unattended.

Drink safe water, eat safe food

After a hurricane, it’s important that the water you drink and food you eat is safe. Spoiled food or dirty water can make you and your family sick. Listen for water reports from local authorities to find out if your water is safe for drinking and bathing. If an advisory has been issued concerning contaminated water, use only bottled, boiled, or treated water for drinking, cooking, preparing food, and washing your hands. To keep from getting sick, throw away any food, drinks, or bottled water that may have come in contact with flood or storm water, or any food that has been in the refrigerator if you have been without power for more than four hours.

Stay healthy in shelters

Shelters keep you safe while you wait to return to your home, but can also present some health risks. Illnesses can erupt and spread quickly, which is why CDC and other organizations send experts after a hurricane like Matthew to watch for any sign of an outbreak. It can also be harder to manage chronic illnesses while you’re in a shelter, especially if you need medications or special supplies to care for yourself or your loved ones. Keep extra copies of your prescriptions in case of an emergency.

Home safe home

Be sure to wait to return home until authorities say it is safe to do so. Returning to your home after the storm can present a whole new set of dangers, including downed power lines, flooded roads, and the difficult work of cleaning up. Remember, never touch a downed power line or anything in contact with them. Use chainsaws safely, and wear safety gear like a hard hat, safety glasses, ear plugs, thick work gloves, and boots as you make repairs.

If your home has been affected by flooding, follow these guidelines for safe cleanup after disasters. People with certain health conditions should not take part in the cleanup, and everyone should be careful to use the proper protective equipment. Any items that cannot be washed and cleaned should be removed from the home. Any drywall or insulation that has been contaminated with sewage or flood waters should be removed and discarded. You may want to take photos or hold onto items for which you’ll be filing an insurance claim.

Look around your home and drain any standing water. Standing water after a hurricane or flood is the perfect breeding ground for mosquitoes. Use insect repellant and consider staying indoors at dawn, dusk, or in the early evening when mosquitoes are most active.

Take care of your mind and heart

The mental and emotional effects of a disaster like Matthew can linger even months or years afterward. Be prepared to cope with feelings of fear, grief and depression. “Loss and displacement are some of the most stressful situations we face in our lives,” says CDC behavioral scientist Ruth Perou, PhD. “Even briefly being in a shelter can be very hard.”

Remember to take care of yourself. Try to get 6 to 8 hours of sleep, eat regular meals, and exercise as much as you can. ”The best thing you can do,” says Perou, “is get back to some sort of routine as quickly as possible, especially for children.”

Stress and feeling overwhelmed are normal and expected reactions to any sudden change. Reach out to family and friends, and talk to others in your community about your worries. Let your child know that it’s okay to feel upset when something bad or scary happens. Coping with these feelings and getting help when you need it will help you, your family, and your community recover from a disaster.

The Substance Abuse and Mental Health Services Administration (SAMHSA) Disaster Distress Helpline is available 24 hours a day, 7 days a week. Trained counselors are ready to answer any questions or help cope in the aftermath of Hurricane Matthew and other disasters. To connect with them, call 1-800-985-5990 or text TalkWithUs to 66746.

Wednesday, 19 October 2016 00:00

Moving from the Cloud to Your Cloud

The cloud was established on the idea of “build it and they will come,” which certainly turned out to be the case. The corollary to the maxim, of course, is “give them a little and they’ll want more.”

On one level, this can be seen by the size of the workloads being migrated to the cloud, but it can also be seen in the quality of cloud services and the ability to customize even public cloud architectures to support highly specialized applications.

The increased demand for customization coincides with increased concern that many cloud deployments to date, while effective, still leave a lot to be desired. According to a recent survey by the Society for Information Management (SIM), large segments of the IT profession are concerned with the cloud’s ability to align properly with business processes, as well as the speed and agility of cloud infrastructure and the ability to engage in proper strategic planning in highly dynamic environments. For these and other reasons, says study author Leon Kappelman, many organizations are shifting their IT budgets to software development that allows for greater integration, customization and migration of cloud-connected workloads.

...

http://www.itbusinessedge.com/blogs/infrastructure/moving-from-the-cloud-to-your-cloud.html

Wednesday, 19 October 2016 00:00

The People Factor in Cyber Breach

Recently leaked "Panama Papers" have shaken politics across the world. This has resulted in a change of the Prime Minister of Iceland, while exposing other top officials like the British Prime Minister and President of Russia. This unprecedented leak of financial and attorney-client information, spans four decades from the law firm Mossack Fonseca and reveals that sensitive information belonging to any company is vulnerable.

While these attacks are ideologically and morally motivated, most of the attacks - about 89 percent happening today are financially damaging or inclined towards espionage, claims a report conducted by Verizon. Of the confirmed attacks, 63 percent of the breaches occurred because of passwords that are default, weak or compromised. This indicates that basic safeguard measures are not sufficient. What is Cyber breach?

The U.S. Government’s National Initiative for Cybersecurity Careers and Studies (NICCS) defines a data breach as "The unauthorized movement or disclosure of sensitive information to a party, usually outside the organization, that is not authorized to have or see the information."

...

https://www.fastcompany.com/3064490/growth-notes/the-people-factor-in-cyber-breach

Wednesday, 19 October 2016 00:00

Thinking Holistically About Business Continuity

When I started working in business continuity, 14 years ago, there was very little interaction between business continuity and other areas within the company, besides maybe disaster recovery, and that was to make sure gaps could be identified between the business requirements and actual application recovery times. A lot of this had to do with the limitations of available software and the ability to easily gather information and share it between systems in a meaningful way. This was also true with risk and vendor management systems.

Nowadays, platforms, such as ours, enable companies to have a holistic approach to planning, risk, incident, and vendor management. All of these functions can easily be done in the BC in the Cloud platform alone or can be integrated into our platform from an existing system.  This allows for an overall view of your business metrics available through dashboards, reports, and drill down capabilities.

...

http://www.bcinthecloud.com/2016/10/thinking-holistically/

The Business Continuity Institute - Oct 19, 2016 15:06 BST

When it comes to business continuity planning in Alberta, Canada, even though 78% of small to medium sized enterprises believe a continuity plan is important, less than half (47%) have actually developed one. Of those SMEs that do not have a plan, 62% said that it simply wasn’t a priority. This is according to a report published by ATB Financial.

The Business Beat survey discovered that nearly a quarter (23%) of Alberta-based SMEs had experienced a significant disruption in their business. Perhaps that figure is no surprise considering the Fort McMurray wildfire that the province endured earlier in 2016, which brought disruption to people's lives and businesses. It was the third time in the last five years that a natural disaster caused the evacuation of entire communities. Homes and businesses were destroyed, and a massive clean-up and rebuild effort was required. Despite this, 46% of businesses surveyed said they did not carry disruption insurance.

Of course it’s not just wildfires that cause disruption. The Business Continuity Institute’s latest Horizon Scan Report revealed all kinds of concerns that business continuity and resilience professionals have about the threats their organizations are exposed to.

Disasters, both natural and personal, happen. And by nature of the definition, they strike quickly and without warning,” said Teresa Clouston, ATB’s Executive Vice-President, Business & Agriculture. “So a plan that contemplates how to deal with disruption can allow business owners to respond from a position of strength and thoughtfulness versus panic. We recommend building a recovery plan into your business plan and revisiting that plan yearly.

(TNS) — As the federal government continues its disaster relief efforts after Hurricane Matthew and catastrophic flooding in Louisiana and other states, lawmakers and the Obama administration are considering how to limit the government’s liability for increasingly severe natural disasters — and the solutions could include designating more places as flood-prone and encouraging residents to move out of harm’s way.

At issue: The effects of climate change — more frequent flooding from torrential rains, hurricanes and other phenomena — are straining the federal flood insurance program, exposing U.S. taxpayers to a potentially growing price tag of flood relief payouts.
 
In the past five years, the National Flood Insurance Program, operated by the Federal Emergency Management Agency (FEMA), has taken in between $3.2 billion and $3.5 billion in premiums from its policyholders, and in most years that’s more than enough to cover claims. In fiscal 2014, for example, it paid out about $372 million for claims, and its 2015 payout was approximately $839 million.
...
Tuesday, 18 October 2016 00:00

Creating a Culture of Information Security

In today’s sensitive security landscape data protection must be a top priority for every organization. An information security culture is particularly important, especially with the arrival of the General Data Protection Regulation (GDPR), as encryption technology, firewalls and other tactics can only go so far to protect an organization’s data.

The GDPR is designed to better protect citizens’ data and harmonize legislation across Europe. The regulation brings a number of new guidelines for organizations in relation to Personally Identifiable Information (PII). This means organizations must take security, compliance and good governance seriously. But how can organizations ensure that a cultural appreciation of good security hygiene is ingrained within their business?

...

http://www.datacenterknowledge.com/archives/2016/10/18/creating-culture-information-security/

A well-paid, but heavy responsibility with a built-in ejector seat is one way of looking at the Chief Information Officer (CISO) position.

Data breaches can happen rapidly with devastating consequences and little or no possibility to undo the damage. Sales managers can see which way the wind is blowing in terms of sales revenue and financial directors can ask banks for a loan to shore up corporate finances.

However, security compromises may only come to light when your confidential company data is found offered for sale by hackers on the Internet. Naturally, if not always justifiably, the CISO is one of the first to suffer the backlash. In addition, the following career pitfalls await the CISO too.

...

http://www.opscentre.com/the-chief-information-security-officer/

As North Carolina residents work to recover from the recent flooding resulting from Hurricane Matthew, they should be on guard for and report suspicious activity of potential fraud and scam artists, identity thieves and other criminals who prey on survivors. The following are a few common post-disaster fraud practices:

Fraudulent phone calls or visits: Individuals claiming to be from FEMA and who do not have proper FEMA photo identification.

  • Survivors will be asked to provide their Social Security number and banking information only when registering for FEMA assistance. They should never give this information to contractors.

Fake offers of federal aid: A phone or in-person solicitor promises to speed up the insurance, disaster assistance or building-permit process for a fee. Other scam artists promise a disaster grant and ask for large cash deposits or advance payments in full.

  • Federal workers do not solicit or accept money.

  • FEMA and SBA staffers will never charge applicants for disaster assistance, inspections or for assisting individuals fill out applications.

  • If in doubt, survivors should not give out information.

Phony housing inspectors: If home damage is visible from the street, an owner/applicant may be especially vulnerable to fraudulent housing inspectors who claim to represent FEMA or the U.S. Small Business Administration (SBA). Applicants should ALWAYS:

  • Ask to see the inspector’s identification badge. A FEMA or SBA shirt or jacket is not proof of someone’s affiliation with the government. ederal employees and contractors carry official photo identification.

  • FEMA inspectors will already have applicants’ nine digit registration number.

  • FEMA inspectors will never require banking or other personal information.

    North Carolina residents should also be aware that FEMA housing inspectors verify damage. They do not hire or endorse specific contractors to fix homes or recommend repairs nor do they determine your eligibility for assistance.

    (MORE)

    FS - North Carolina Survivors:  Avoid Disaster-Related Scams and Fraud – Page 2

    Fraudulent building contractors: Disasters also attract fraudulent contractors who offer to begin work immediately and request a cash advance payment. When hiring a contractor: 

  • Residents should only use licensed local contractors who are backed by reliable references and get written estimates from at least three contractors that include the cost of labor and materials. They should also read the fine print.

  • Residents should insist that contractors carry general liability insurance and workers’ compensation. If he or she is not insured, you may be liable for accidents that occur on your property.

  • Don’t pay more than half the costs of repairs upfront.

Bogus pleas for post-disaster donations: Dishonest solicitors may play on the emotions of disaster survivors. These solicitations may come by phone, email, letter or face-to-face.

  • Residents should verify legitimate solicitations by asking for the charity’s exact name, street address, phone number and website address, then phone the charity directly and confirm that the person asking for funds is an employee or volunteer.

  • Residents should not pay donations with cash.

  • Residents should request a receipt with the charity’s name, street address, and phone number.

Unfair Price Gouging:  North Carolina residents should also be on the lookout for price gouging by gas stations, hotels and other businesses serving disaster survivors in the state.

If you suspect someone is perpetrating fraud, call the FEMA Disaster Fraud Hotline at 866-720-5721, your local police department or the North Carolinas Fraud Hotline at 877-5-NOSCAM.

Even though commercial private cloud offerings can offer a lower total cost of ownership in many cases because of the prevalence of qualified administrators, 451 Research says TCO is just one factor in selecting a particular cloud model.

According to 451 Research’s latest Cloud Price Index, in many cases, security and control of private clouds outweigh any financial considerations when managing mission-critical apps.

While commercial private cloud offerings such as VMware and Microsoft currently offer a lower total cost of ownership when labor efficiency is below 400 VMs managed per engineer, when labor efficiency is greater than this, OpenStack is a better financial option. The report says that past this tipping point, all private cloud options are cheaper than both public cloud and managed private cloud options.

...

http://www.datacenterknowledge.com/archives/2016/10/17/private-cloud-vs-public-cloud-option-cheaper/

FEMA, Whole Community partners work to decrease earthquake, fire risks in Bay Area

OAKLAND, Calif. — This week marks the 27th anniversary of the devastating Loma Prieta earthquake that took place on October 17, 1989.  Two days later, on October 19th, marks the 25th anniversary of the Oakland-Berkeley Hills Fire that killed 25 people, destroyed more than 3,000 homes, and did an estimated $1.5 billion in damage.

Since then, the U.S. Department of Homeland Security’s Federal Emergency Management Agency (FEMA) has leveraged $866 million dollars to support the state of California’s efforts to reduce the risks of catastrophic earthquake and fire.  Federal dollars are leveraged with state funds to provide typically 75% of a projects cost.  In the Bay Area, $201 million has gone to various projects with $448 Million awarded in Los Angeles County.  These funds have been used for seismic retrofit projects, fire risk reduction and flood elevation projects to protect various types of critical infrastructure, including homes, local city governments and public schools and infrastructure. 

In the City of Oakland, FEMA recently approved a $3 million dollar grant for the Safer Housing for Oakland: Soft Story Apartment Retrofit Program that will retrofit 35-50 Oakland apartment buildings.  Also in Oakland, FEMA has approved $3 million for the Earthquake- Safe Homes Program that will retrofit and install seismic safety measures in up to 300 1-4 unit homes located within the City of Oakland.   This year, FEMA also has awarded $6 million dollars in seismic retrofits to the Los Angeles Unified School District and another $4 million in flood mitigation elevations in Sonoma County.   

Examples of some of the types of projects that have been have funded include:

•           $40 million in federal grants has been awarded for city hall seismic retrofits.

•           $171 million in federal grants has been awarded in seismic retrofits of schools.

•           $7 million in federal grants has been awarded for fire-resistant roofing.

•           $83 million in federal grants has been awarded for at risk buildings in the floodplain that were elevated or purchased and converted to open space.

FEMA is only one part of the community that is engaging and developing national, regional, public, and private sector risk reduction.  Several partners throughout the state have taken the call to action through advanced preparedness methods. 

The City of Los Angeles is committed to addressing resilience by strengthening the city’s physical, social, and economic foundations. The City has adopted far-reaching strategies to develop the tools needed to rebound from disasters. Programs like Soft-Story Retrofitting, the new JUMP START 5 Steps to Neighborhood Preparedness emergency planning tool and NotifyLA making individuals and neighborhoods more resilient against earthquakes for a stronger Los Angeles.

Following the 27th and 25th Anniversaries of the Loma Prieta Earthquake and Oakland Hills Firestorm, respectively; October 20, 2016 is International ShakeOut Day when millions of people worldwide participate in local Great Shakeout Earthquake Drills, at 10:20 a.m local time. Participants include individuals, schools, businesses, local and state government agencies, and many other groups.  To take part in The Great ShakeOut, individuals and organizations are asked to register to participate at www.ShakeOut.org. Once registered, participants receive regular information on how to plan their drill and become better prepared for earthquakes and other disasters.      

###

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

New revision will lead to improved flood maps with both current risk and future climate conditions
New Yorkers will save tens of millions of dollars in flood insurance premiums as a result of City’s flood map appeal

NEW YORK – Mayor Bill de Blasio and the Federal Emergency Management Agency (FEMA) today announced an agreement to revise New York City’s flood maps. This is the result of the de Blasio administration’s 2015 appeal of FEMA’s flood risk calculations for New York City and the region, which mapped 35,000 more homes and buildings across the city into highest flood risk areas.

FEMA’s flood maps require homeowners in the highest flood risk areas to purchase flood insurance to cover the cost of flood damage, if they have a mortgage. Revised flood maps will provide New York City residents with more precise current flood risk data, in addition to providing a new map product reflecting future conditions that account for climate change. The innovative revisions will assist New York City in making coastlines more resilient and climate-ready, while ensuring homeowners are not required to purchase more insurance than their current flood risk requires.

“We are building a stronger, more resilient city to confront climate change. Our city needs precise flood maps that reflect real risks, both today and years from now—and we have to do that fairly. We will work closely with FEMA to ensure New Yorkers in the floodplain are prepared, and that the tools to make them more resilient, like flood insurance, remain available and affordable. We are grateful to FEMA to agreeing to this partnership,” said Mayor Bill de Blasio.

“We have been working with Mayor de Blasio and his administration throughout the appeal process to obtain additional data from city officials in order to ensure we have the most accurate maps possible,” said FEMA Regional Administrator Jerome Hatfield. “The coastal flood risk has not been updated since 1983, and this process required proper diligence and the City’s involvement, all accomplished through our partnership.”

“We applaud the administration for adopting, and keeping in place the preliminary maps for construction permitting, which will ensure the city is more resilient in the face of stronger and more frequent storms. We are committed to working together to identify the best path forward as the coastal flood hazard analysis is completed,” said FEMA Assistant Administrator for Mitigation Michael Grimm.

NYC’s Flood Map Appeal

During FEMA’s formal 90-day appeal period in the summer of 2015, New York City officials submitted technical analyses and data that revise the flood risk depicted in the preliminary Flood Insurance Study (FIS) and preliminary Flood Insurance Rate Map (FIRM) for New York City and the region. FEMA and City officials agreed that the information submitted during the appeal period should be utilized to revise the preliminary FIS study and preliminary FIRM. This effort will be funded by FEMA, and the City will continue to work with FEMA and provide expert input in the development of revised flood maps.

New, Future-Looking Flood Maps

In addition, FEMA and the City will work together to create a new methodology to incorporate the growing risks of climate change and sea level rise onto flood maps. This ground-breaking step will be based on the best-available science, as guided by the New York City Panel on Climate Change, and will result in a new set of flood maps for planning and building purposes that better accounts for the future risk of sea level rise and coastal storm surge. This will also protect the affordability of flood insurance, which will continue to be priced against the revised FIRMs depicting current flood risk.

“The City’s OneNYC resiliency program requires the best-available climate science and accurate flood maps," said Daniel Zarrilli, Senior Director, Climate Policy and Program and Chief Resilience Officer, New York City Mayor’s Office. “FEMA’s decision to redraw New York City’s flood maps, and to work with us to produce innovative, climate-smart flood maps, allows us to begin separating the calculation of annual insurance premiums against current risk from the necessary long-term planning and building we need to do as a city to do adapt to rising seas and climate change.  All homeowners should consider purchasing flood insurance to protect their homes and families.  Thanks to FEMA for agreeing to this important partnership.”

Flood Insurance Rates / Building Code Requirements

Until the new flood maps are issued, flood insurance rates in New York City will continue to be based on the prior effective FIRMs saving coastal households tens of millions of dollars per year, in aggregate. For those outside of the highest risk areas on those maps, flood insurance will remain less expensive; both FEMA and the City encourage residents to purchase this affordable flood coverage because we know that there is flood risk outside of the highest risk areas. Until new flood maps are developed that both accurately reflect current flood risk and also provide an assessment of future climate conditions for long-term planning purposes, the city’s building code will continue to reflect the 2015 preliminary FIRMs to ensure that new buildings are better able to withstand flood risk from rising sea levels and coastal storm surge, and so that recovery from Hurricane Sandy can continue without interruption.

FloodHelpNY.org

Conveying flood risk accurately to affected residents is among FEMA and the City’s top priorities. As the maps are being revised, it is crucial that New Yorkers remain aware of their current and future flood risk. To ensure residents keep their home and finances safe, the City has launched a consumer education campaign directing residents to FloodHelpNY.org, a one-stop shop for flood risk information. Once the revised flood maps come in effect, additional extensive outreach and education programs will be provided for all communities.

Other Resources

www.nyc.gov/floodmaps

www.region2coastal.com

(TNS) - Augusta showed off its hospitality to thousands of Hurricane Matthew evacuees, but officials say lessons can be learned from the rare occurrence.

Thousands fled coastal areas by car to the homes of friends and family and an estimated 22,000 stayed in Augusta, Ga., hotels. Hundreds of patients were evacuated to Augusta hospitals and nursing homes.

An additional 2,500 were under the direct care of the Richmond County Emergen­cy Management Agen­cy under an agreement, renewed in 2011, to shelter and feed up to 5,000 evacuees from Chatham County in Richmond County school facilities.

...

http://www.emergencymgmt.com/disaster/Officials-reflect-on-Hurricane-Matthew-efforts.html

Disaster recovery and DRaaS solutions are intended as a method to keep a constant, or near-constant copy of your IT infrastructure in the cloud, ready to turn on a moment’s notice in the case of downtime at your primary data center site. But DR tools can also be used for your initial cloud migration, providing an on-ramp to the cloud that is cost-effective and relatively fast. You also get the bonus of a ready-to-go DR plan, if you continue to maintain the DR environment after your production servers turn on.

You generally have a few options when migrating to the cloud. One is to set up totally new servers, with new versions of your applications, new server OS licensing, and so on. Sometimes this makes sense as you don’t need to adjust or re-architect any applications for the cloud platform. Existing data can be transferred via network (slow and often expensive for large amounts of information) or by shipping hard drives – a process that many administrators find a bit harrowing. If you’re already virtualized, however, you can migrate workloads more directly.

At Green House Data, we’ve had a number of customers start with disaster recovery before moving more and more applications onto cloud servers. If you already have an investment in DR, it makes an initial migration fairly simple.

...

https://www.greenhousedata.com/blog/disaster-recovery-can-be-an-on-ramp-to-the-cloud

As Halloween approaches, clowns aren’t the only unwelcome guests making headlines this holiday season. In the world of IT, malware is sinking its teeth into business data everywhere. Ransomware continues to hold business data hostage until companies pay up. Often, hackers demand payment within 72 hours or data will be deleted. Spooky.

So how can we defend the data from a ransomware encryption? In Q2 2016, Datto conducted a survey of 1,100 managed service providers (MSPs) to uncover the trends behind this creepy software. Below, I’ve highlighted some of the current hacker tricks that have been wildly successful when it comes to infecting systems.

...

http://mspmentor.net/blog/all-tricks-and-no-treats-when-it-comes-ransomware

Aligned Energy claims it has achieved a breakthrough in reusing waste heat exhausted by servers in the data center – a concept that is not new but difficult to implement in data centers effectively.

The Danbury, Connecticut-based company says the combination of its data center cooling system and a system by the Swedish company Climeon, which converts low-grade waste heat into electricity, can serve as an effective energy source for a data center.

The solution addresses two fundamental problems in data center waste-heat reuse: low-temperature heat produced by servers and the difficulty of transporting heat efficiently. Climeon’s technology is able to put low-grade heat to use efficiently, while using energy produced by a data center to power the same data center means heat doesn’t have to be moved over long distances.

...

http://www.datacenterknowledge.com/archives/2016/10/14/aligned-claims-breakthrough-data-center-waste-heat-reuse/

TALLAHASSEE, Fla. – Florida residents returning to or repairing homes damaged by Hurricane Matthew should keep in mind that safety should always be their first consideration when inspecting and cleaning up buildings damaged by flood waters.

Below are a few simple guidelines to follow that will make the clean-up and salvage process safer and easier:

  • Always wear protective clothing including long-sleeved shirts, long pants, rubber or plastic gloves and waterproof boots or shoes.

  • Before entering your home, look outside for damaged power lines, gas lines and other exterior damage.

  • Take photos of your damage before you begin clean up and save repair receipts.

  • Your home may be contaminated with mold, which raises the health risk for those with asthma, allergies and breathing conditions. Refer to the Center for Disease Control for more info on mold: www.cdc.gov/disasters/hurricanes/pdf/flyer-get-rid-of-mold.pdf.

  • Open doors and windows so your house can air out before spending any length of time inside.

  • Turn off main electrical power and water systems and don’t use gas appliances until a professional can ensure they are safe.

  • Check all ceilings and floors for signs of sagging or other potentially dangerous structural damage.

  • Throw out all foods, beverages and medicines exposed to flood waters or mud including canned goods and containers with food or liquid.

  • Also, throw out any items that absorb water and cannot be cleaned or disinfected (mattresses, carpeting, stuffed animals, etc.).

  • Beware of snakes, insects, alligators and other animals that may be on your property or in your home.

  • Remove all drywall and insulation that has been in contact with flood waters.

  • Clean all hard surfaces (flooring, countertops, appliances, sinks, etc.) thoroughly with hot water and soap or detergent.

Before returning to your home, make sure you have the following items among your clean-up and salvage supplies: government-issued photo ID (driver’s license, etc.) and proof of address; bottled water and non-perishable foods; first aid kit; cleanser or hand cleaning gel; hygiene products and toilet paper; insect repellent and sunscreen; flashlights and extra batteries; camera or cell phone to document damage; a list of important phone numbers; and plenty of cash (ATMs may not work).

It’s also smart to create a back-up communication plan with family and friends in case you’re unable to call from your home or other areas affected by the hurricane.

If you haven’t done so already, report your damage from the hurricane to your insurance company and local emergency manager.

For more information on Florida’s disaster recovery visit fema.gov/disaster/4280, twitter.com/FEMA, facebook.com/FEMA, and fema.gov/blog. For imagery, video, graphics and releases, see www.fema.gov/hurricane-Matthew.

With the cost of a breach up 29 percent from 2013 -- and continuing to rise -- according to a recent Ponemon report, enterprise leaders are under mounting pressure to implement security solutions that are effective in detecting threats in this evolving cybersecurity landscape. While organizations generally accept that prevention alone is not enough, data breaches often still go undetected for weeks, months and even years.

Organizations need to know which alarms matter to their organization in order to effectively conduct incident response. Signature-based systems and network management tools are often seen as the traditional approach to organizational security, but these solutions can no longer be the only means for detecting a breach and stopping it before it causes significant harm.

Anomaly detection, which is about enabling proactive incident response by giving security teams the ability to track down potential risks before a simple breach or unusual behavior escalates into a devastating event, is growing in popularity.

...

http://www.esecurityplanet.com/network-security/2-dos-and-2-donts-of-incident-response-and-anomaly-detection.html

“Eclipse is the market-leader for legal software solutions and it was clear that Brabners could benefit from a huge ROI with the Proclaim Case Management system. The conveyancing process is managed entirely from the desktop application, including one-click property searches, meaning our Residential Conveyancing team can increase the volume of work as well as profitability per case.”

 

Jon Taylor, Software Developer at Brabners

Brabners is a full service law firm operating from offices across the North West. With clients ranging from PLCs and SMEs to private clients and public sector bodies, the team brings an in-depth knowledge and a wealth of experience to a range of matters within the legal sector.

 

The firm’s global reach has meant rapid expansion in recent years, enabling a greater range of services and a proactive approach to providing commercially realistic solutions to legal problems.

 

The challenge

The team’s work was entirely paper-based, resulting in a slow and inefficient process. Additionally, fee earners were working on cases individually, producing inconsistent approaches to work, and ultimately resulting in compliance issues.

 

Essentially, Brabners needed to standardise client inception and matter management across the department.

 

The solution

Working in conjunction with Eclipse, Brabners developed a bespoke case management system for its Residential Conveyancing team - specifically for Plot Sales work - enabling high-level automation and speedier case progression.

 

Additionally, the firm opted for Proclaim’s integration with PALI (Property and Land Information), an online conveyancing search provider, facilitating one-click searches from the Proclaim desktop, saving hours of data entry.

 

The results

Repetition is inherent within Plot Sales as document packs are often identical for groups of properties under a specific development or developer. Since implementation, Brabners has seen significant reductions to administrative overheads by utilising Proclaim to automate the majority of case stages, including document production. This has meant fee earners can focus on the legal aspect of their work, whilst increasing overall profitability and case volumes.

 

Additionally, Brabners is currently in the process of implementing Eclipse’s online case tracking tool, FileView. Linked to the Plot Sales case type, developers will be able to log in securely and view real-time information as and when they need to, providing a convenient and modernised approach to case updates, eliminating continuous interruptions for fee earners.

 

Due to the success of the Plot Sales software, Brabners is looking to work with Eclipse again to develop a similar case type for the Social Housing department, enabling automatic matter creation and maximised matter management efficiency.

 

Case Study highlights:

  • Bespoke Plot Sales case type
  • Comprehensive integration with PALI
  • Standardised client inception and matter management

·         Real-time client updates via Eclipse’s FileView tool

According to new research published by CTERA Networks, while enterprises continue to migrate workloads to the cloud at a rapid pace, protection of cloud-based servers and applications has not fully evolved to meet enterprise requirements for business continuity and data availability.

CTERA’s new eBook, ‘Game of Clouds’, showcases the findings of CTERA’s inaugural cloud backup survey, and presents a deep look at the state of enterprise cloud data protection. A CTERA-commissioned study was conducted by independent research firm Vanson Bourne to examine the data protection strategies of 400 IT decision makers and IT specialists in organizations using the cloud for application deployment at US, German and French organizations. The study analyzes the benefits and pitfalls of current backup strategies, offers key considerations for organizations moving to the cloud, and looks at the impact of poor backup practices on business continuity.

...

http://www.continuitycentral.com/index.php/news/technology/1484-many-organizations-mistakenly-leaving-cloud-business-continuity-to-third-party-cloud-providers

Eleven weeks after acquiring web defense software maker Blue Coat Inc., Symantec’s still-integrating leadership laid out a vision for working closely with channel partners to dominate the cybersecurity market.

The merger that became official on Aug. 1, created a firm with more than 3,000 engineers, 385,000 worldwide customers, 175 million endpoints and $4.65 billion in annual revenue.

A company news release at the time described the new entity as “the industry’s largest pure play cybersecurity company.”

During an opening keynote at this week’s Symantec Partner Engage 2016 event in Los Angeles, CEO Greg Clark told principals from hundreds of channel firms that the new Symantec has the financial and technological wherewithal to become a top player in the space.

...

http://mspmentor.net/msp-mentor/symantec-vows-become-new-force-cybersecurity

TALLAHASSEE, Fla. – In response to Hurricane Matthew, joint Preliminary Damage Assessment (PDA) teams continue to document damages to homes, businesses and public facilities that will be used to inform determinations for additional federal disaster assistance.  

PDA teams bring together local emergency management, the Florida Division of Emergency Management (FDEM), U.S. Small Business Administration (SBA) and FEMA. They visit areas identified by the state to document the extent of damage caused by the hurricane. PDA teams are currently deployed in Flagler and Putnam counties.  Tomorrow, a PDA team will also be in Indian River County to assess infrastructure damage. 

PDA teams document information that includes:

  • concentration of damages;
  • number of primary residences affected;
  • damage to public infrastructure; and
  • amount of insurance coverage.

The information is provided to the state. The teams do not visit every home or business and the PDA process does not guarantee federal assistance. The information is used by FEMA to determine which counties may be eligible for federal Individual Assistance and Public Assistance.

Other FEMA teams are canvassing areas hit by Hurricane Matthew in Nassau, Duval, St. Johns, Flagler, Putnam and Brevard counties. They visit homes, businesses, organizations and high-traffic locations in affected areas. They also meet with local officials and community leaders to provide additional eyes and ears to gather information on where damages exist. They report that information back to the PDA teams for further review.

All FEMA personnel carry identification and will not ask for personal information such as a social security number or banking information, and they will not ask for money. Anyone who suspects that someone is trying to impersonate a FEMA worker should call FEMA’s Disaster Fraud Hotline at 866-720-5721, or the Florida Attorney General’s consumer protection hotline at    866-966-7226.

For more information on Florida’s recovery from Hurricane Matthew visit fema.gov/disaster/4283, twitter.com/FEMA, facebook.com/FEMA, fema.gov/blog or #FLRecovers.

###

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-3362 (voice, 711 or video relay service). TTY users can call 800-462-7585.

BATON ROUGE, La.—If you had damage following Louisiana’s historic severe storms and floods, state and federal officials encourage you to monitor the insurance claims process after reporting your loss.
 
You have 120 days from the date of your loss to file a claim if you’re a National Flood Insurance Program (NFIP) policyholder in Louisiana. Here are some tips to guide you through the process to ensure you receive all eligible insurance funds for your recovery.

What to Do Before an Adjuster Visit

• Take pictures of the damage.

• Write down a list of your damaged contents.

• Immediately throw away flooded items because of health risks, but cut off and keep a 12-square-inch sample of building materials like carpets and drywall as proof of damage.

• Have documents related to damage ready. This may include contractor’s estimates and repair receipts.

• Also keep your policy number and insurance company information handy.

What Happens During an Adjuster Visit

• An adjuster will contact you within 24 to 48 hours to schedule an appointment.

• Ask to see the adjuster’s official identification when he or she visits.

• The adjuster will take measurements and photographs and document the damage. They may provide you with their contact information if additional visits are needed.

Understand the Flood Insurance Claim Process

• After your home is inspected, the adjuster will provide you with a flood certification number and a suggested Proof of Loss based on their assessment.

• Inspectors never ask for money, approve or disapprove claims or tell you whether your claim will be approved.

What Happens After an Adjuster Visit

• Review, sign and send the Proof of Loss form to your insurance company within 120 days of the date of damage.

• Submit a signed Proof of Loss form even if you think it doesn’t cover all your damage because you can always file supplemental claims.

• Contact your insurance company and file for additional payments if you disagree with the original Proof of Loss amount, discover more damage, or the repair costs exceed the estimated amount.

Have Questions? Call FEMA or Your Insurance Company

• Call 800-621-3362 Monday through Friday from 8 a.m. to 6 p.m. and select Option 2. If you use TTY, call 800-462-7585. Those who use 711 or Video Relay Service can call 800-621-3362. Call center staff are available to assist you with information regarding your policy, offer technical flood guidance to aid in recovery and answer your questions.

• Go online to fema.gov/louisiana-disaster-mitigation for information about repairing and rebuilding.

It’s time to put those flip-flops away once and for all. Because whether you like it or not, winter’s coming, and it looks like it might be a doozy. Let’s take a closer look—with a little help from the experts—at what weather to expect in the weeks and months ahead.

Bundle Up, East Coast!

While the lingering effects of El Niño may have some people expecting warmer weather for 2016-2017, they may be in for a big surprise. Topping the list of regions potentially in the path of significant snowfall as winter approaches? The entire East Coast. According to meteorologists, both New England and upstate New York can expect to see chillier-than-usual temperatures—accompanied by the chance of major winter storms—from December through February this year. 

Not only that, but while El Niño may finally be gone, La Niña is on its way, meaning we can expect to see more unusual weather—including the early arrival of cold weather this winter. Explains CNN, “El Niño is characterized by a warming of the waters in the central and eastern Pacific Ocean. La Niña features a cooling of those same Pacific waters.” The fallout from these changing weather patterns can be widespread and unpredictable.

...

http://blog.sendwordnow.com/do-you-know-whats-headed-your-way-this-winter

Iron Mountain, the company best known for its document storage and data center facilities in underground caverns, has become the fifth major US data center provider to make a big direct investment in renewable energy to power its operations. The company has agreed to buy 10 percent of energy that will be generated by the enormous Amazon wind farm that’s currently under construction in Texas.

As the deal illustrates, big energy users, such as data center operators, can benefit from both energy cost savings that are now possible when making utility-scale power purchase agreements and from helping their customers meet their corporate sustainability goals. Iron Mountain said it expects the deal to help it save $1.5 million in costs and that its renewable energy efforts to date are helping it open new doors with customers.

“We’ve discovered that it’s also helping us to open meaningful dialogue and collaboration opportunity with our customers who are seeking to understand and mitigate their own environmental impact,” Ty Ondatje, senior VP of corporate responsibility and chief diversity officer at Iron Mountain, said in a statement.

...

http://www.datacenterknowledge.com/archives/2016/10/13/amazon-wind-farm-to-power-iron-mountains-underground-data-centers/

The American Red Cross is one of the key partners working with emergency managers at all levels of government. When disasters strike Red Cross staff and volunteers play key roles in humanitarian assistance. As we moved into the 21st Century the Red Cross has been criticized for the manner in which it has provided services.

There are always two sides to every story. To get the Red Cross’ perspective, we submitted questions to the Red Cross. Harvey Johnson, senior vice president for Disaster Cycle Services provided responses to those questions below. Johnson’s career path included service in the in the United States Coast Guard where he served for 30 years, and also previously as FEMA’s deputy administrator and chief operating officer.

Q: Over the last few years the American Red Cross has regionalized its services and changed some aspects of its service delivery model. How would you describe those changes?

...

http://www.emergencymgmt.com/disaster/The-Red-Cross-Responds-to-Disastersand-the-Critics.html

AUSTIN, Texas—FEMA announced today more than $12.5 million is being awarded to support state and local efforts that reduce the impact of future disasters.

The fundingthrough FEMA’s Hazard Mitigation Grant Programis provided in addition to the federal aid that supports the recovery following a major disaster declaration.  This year, disasters were declared following severe storms and flooding in March, April and June; the $12.5 million in grants is the total HMGP assistance for all three.

HMGP grants to the state are typically 15 percent of the total FEMA assistance provided for recovery. While funding for disaster recovery is provided only for the affected counties, HGMP funds are available for communities throughout the state.

Some recent examples of HMGP projects around the state:

  • Cooke County’s safe room rebate program, which provided up to $3,000 to homeowners who built tornado shelters or safe rooms.
  • Bastrop County’s hazardous fuels mitigation program, which thinned 4,000 acres of woodland and vegetative debris, effectively limiting the source of fuel for wildfires.
  • The ongoing, multi-year home buyout program in Harris County, where since 1995, more than 2,000 homes have been removed from the high-risk flood zone.
  • The City of San Marcos’ early-warning system of 14 sirens placed on poles at strategic locations around the community.

The federal share of each approved project is 75 percent. FEMA provides the funding to the state, which sets project priorities and administers the program.  Eligible projects may be funded for or through:

  • State agencies;
  • Federally-recognized tribes;
  • Local governments, and
  • Private nonprofit organizations.

Individuals do not apply directly to the state, but their local government may apply on their behalf.

“Studies have shown that every $1 spent on mitigation avoids $4 that might have been spent for disaster recovery,” said Federal Coordinating Officer William J. Doran III, who is in charge of FEMA’s current operations in Texas.

For additional information on the Hazard Mitigation Grant Program, go to www.fema.gov/hazard-mitigation-assistance.  For examples of successful mitigation projects, visit www.fema.gov/mitigation-best-practices-portfolio.

# # #

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Download fema.gov/mobile-app to locate open shelters and disaster recovery centers, receive severe weather alerts, safety tips and much more.

The Business Continuity Institute - Oct 13, 2016 16:36 BST

Natural disasters may be killing fewer people, but they are becoming more frequent and costing more money to recover from, according to a new report by the International Federation of Red Cross and Red Crescent Societies.

The World Disasters Report 2016 noted that forced migration is at its highest level since the Second World War; the number and scale of disasters triggered by natural hazards are increasing; globalization and urbanization means outbreaks and other health crises are harder to contain; and the impact of climate change is taking its toll – 2015 was the hottest year on record with 32 major droughts, double the ten-year average.

Investing in resilience can yield a wide range of benefits, but the central rationale and common focus for disaster risk management and climate-change adaptation is associated with saving lives, reducing losses and supporting both individuals and communities to bounce back from disasters quickly and effectively.

Despite broad recognition that investing in resilience before a disaster can save lives and money, only 40 cents in every US$100 spent on international aid is invested in preparedness and measures to reduce disaster risk. A lack of global investment in strengthening community resilience is leaving tens of millions of people exposed to predictable, preventable and catastrophic disaster risks with expensive consequences.

Between 1991 and 2010, the impact of recorded disaster events in poor countries resulted in over US$840 billion of financial losses. Yet, over the same period, only 0.4% of the US$3.3 trillion spent on aid was dedicated to prevention or risk reduction. Economic losses from extreme weather events are now in the range of US$150 - US$200 billion annually,

Investing in resilience is the best method we have for protecting the lives, livelihoods and dignity of the world’s most vulnerable people,” said IFRC Secretary General, Elhadj As Sy. “Business as usual is no longer acceptable. It will only lead to more silent suffering and deeper poverty. We must work along a continuum – of preparedness, early response, recovery and resilience building.

It is clear that something must change,” said co-editors David Sanderson and Anshu Sharma. “But responding to today’s humanitarian challenges is not just a question of finance. We must invest in solutions and partnerships that produce future resilience – livelihoods and social cohesion, health and psychosocial well-being, supporting communities to withstand future shocks and adversity.

Building on the report, the IFRC is also calling on partners to support and join the One Billion Coalition for Resilience – a global initiative to support communities around the world to take action to strengthen their safety, health and well-being. Launched in late 2015, the initiative seeks to build a broad coalition of partners from across all sectors to support 1 billion people by 2025.

The Business Continuity Institute - Oct 13, 2016 11:57 BST

On the morning of 22nd March 2016, Brussels airport was hit by a deadly terrorist attack that killed 32 people and left more than 300 injured. Around 25 million people travel through Brussels airport annually and more than half of those passengers will be on business trips.

The chances of being involved in a terrorist attack are still incredibly remote, but for those travelling through the airport that morning it would not have felt that way. Nor would it have in Paris in November 2015, or more recently in September in New York. The increasing regularity of critical events worldwide means more organizations need to be able to instantly locate and alert employees of any nearby risks and keep them safe from harm.

According to a report by Strategy Analytics, almost half of the world’s employees will work away from a single office by 2020. The effect of globalisation on business means employees are regularly travelling between locations, often to different cities and countries. Keeping mobile workers safe from harm is rising up the corporate agenda.

Travelling employees, and the wider mobile workforce, face a range of risks that could impact on their safety and security. These threats are not just limited to acts of terror, but include everything from fires and natural disasters to flooding and building closures. Organizations have a duty of care to protect their employees, yet according to Ernst & Young’s most recent Global Mobility Effectiveness Survey, only 30% of companies have a system in place to track business travellers.

When an incident takes place companies need to respond effectively to gain clear visibility of the crisis, and deploy resources to ensure employee safety. But how can organizations achieve this? One solution is to implement a critical communications platform to manage all emergency notifications, help ensure employees are located, and resources are deployed quickly and effectively during an emergency.

In a crisis, every minute matters. Organizations no longer have time to work through manual call lists to send out an emergency cascade. A secure, independent communications platform ensures that the right message gets through to the right people at the right time; even when traditional routes of communication are unavailable.

The Everbridge platform has the ability to send emergency notifications out via more than 100 different communication channels and devices, including SMS, email, voice-to-text, social media alerts and app notifications, ensuring the lines of communication between an organization and its employees can remain open in any situation.

Critical communication platforms that facilitate effective two-way communication have proved invaluable during emergency situations. For example, during the terrorist attacks in Brussels in March 2016 the GSM network went offline, making standard mobile communication impossible. The citizens of the Belgian capital were unable to send messages to family, friends and work colleagues to let them know they were safe or in need of assistance. The team at Brussels Airport made its public Wi-Fi discoverable and free to join, allowing anyone with a Wi-Fi enabled device to connect, send and receive messages.

Organizations that used critical communications technology to send out an emergency notification were safe in the knowledge that the message would be able get through to the right people, despite the obstacles. For an organization’s crisis management and business continuity practices, the flexibility that a multi-modal platform such as Everbridge provides is essential to ensuring that a high level of responses are received quickly when emergency notifications are sent.

These responses allow organizations to rapidly build a clear picture of an incident, and understand what impact it is having on its employees. To automate this process, templates can be built into communications platforms so employees can respond quickly in an emergency - facilitating a much higher response rate. A simple “I am safe” / “I need help” template means companies know within minutes which employees are at risk, which are in danger and where best to focus their efforts.

The most advanced critical communications platforms offer organizations more than just static location data. Everbridge’s ‘Safety Connection’ application has the capability to provide dynamic location insight, enabling an organization to know where its employees plan to be and responding automatically if they do not check in and update their status to ‘safe’. The safe corridor function means employees travelling to a location deemed unsafe can check in regularly with the organization, and if they do not check in, the platform automatically sends an emergency alert notifying management of the change in status and making communicating with that person a priority.

Should an employee inadvertently stray into an unfamiliar or dangerous area, they can also use the Everbridge smartphone application to trigger an SOS alert. Once this panic button has been pressed, the platform immediately sends an alert to the organization detailing the employee’s location and any relevant audio or visual data, enabling them to alert the emergency services.

By enabling employers to be aware of when their employees are travelling and where to, the organization is better prepared to handle a crisis. The company will know which airport employees are travelling to, which hotel they are staying at, where their meetings are taking place and when. This information can then be cross-referenced with a global real-time feed of international incidents, making it possible to inform employees when their travel might be disrupted or to avoid specific danger zones. For example, if a port or airport is being blockaded by protesters the company can warn the employee in advance. If riots are taking place in a suburb of a city where an employee is staying, the employer can warn them to remain in the hotel.

Employers have to accept three truths: in the future employees will travel more; the world will continue to become more uncertain; employees will expect more from their employers when they are travelling for work. Combined, this could be considered as a HR headache but in reality it is an opportunity. It can help engage employees, protect their safety and increase their loyalty to a company. A fully functional critical communications platform provides the reassurance and immediacy to support employees if and when the unexpected happens.

As part of Everbridge’s commitment to helping improve business continuity and emergency response practices for organizations around the world, we will be exhibiting at the BCI World Conference 2016 in London. Here, Imad Mouline, Chief Technology Officer at Everbridge and other members of our team will be discussing the importance of effective crisis communication and how communications technology can help organizations of all sizes better protect their infrastructure and people.

Everbridge are Gold Sponsors of the BCI World Conference where you can visit them on Stand 11 to find out more about their unique offer. The BCI World Conference and Exhibition takes place on the 8th and 9th November at the Novotel London West Hotel. The largest business continuity conference and exhibition in the UK, BCI World has a packed programme as well as an exhibition hall promoting all the BC products and services you need. Don't miss out, book your place today.

Wednesday, 12 October 2016 00:00

Why Improve Risk Management?

Over the years in 30 countries, I have had many discussions with directors and executives about enterprise risk management (ERM). The discussions have ranged from what it is and why it matters to how it should be implemented. With respect to the “what is it” question, I have always believed that a fundamental purpose of ERM is to provide the discipline and control to ensure that risk management capabilities are improved continuously in a constantly changing business environment. This underlying purpose frames the question, “why improve risk management?”

We believe there are six fundamental reasons for improving risk management. Each serves to help elevate risk management to a higher level and drive improvement of risk management capabilities in a changing business environment. We discuss them below.

...

http://corporatecomplianceinsights.com/improve-risk-management/

Wednesday, 12 October 2016 00:00

If I Were Launching an MSP Now | Nancy Sabino

Nancy Sabino, co-founder and CEO of Katy, Texas-based SabinoCompTech, shares three suggestions she'd apply if she were launching an MSP from scratch today.

1. Standardize as much as possible – Create repeatable processes surrounding those standards. What that means is, have certain kinds of computers that you use, certain servers, routers, switches. Stay within certain families that you can create processes around for installing, for setting up, for upgrading, essentially for every piece of what we do, just to make everything easier. It helps when you're a one-man show. If you're super swamped, this allows you to work a little bit faster because you're working off of muscle memory, following the processes that you've created for your standardized services or hardware. And then as you grow, it helps to already know or have in place certain processes that you can train your team on, which then ensures quality by following the same processes.

...

http://mspmentor.net/msp-mentor/if-i-were-launching-msp-now-nancy-sabino

We recently published our Forrester Wave™: Digital Risk Monitoring, Q3 2016 report. We evaluate nine of the top vendors in this emerging market that offer solutions to continuously monitor “digital” -- i.e., social, mobile, web, and dark web -- channels to detect, prevent, and mitigate any type of risk event posing a threat to organizations today.

Why now

It’s almost 2017 and yet companies are more exposed and less equipped to handle the slew of risks that run rampant across countless digital channels today. Digital risk monitoring (DRM) solutions are increasingly valuable for organizations because:

...

http://blogs.forrester.com/nick_hayes/16-10-11-introducing_the_forrester_wave_digital_risk_monitoring_q3_2016

Wednesday, 12 October 2016 00:00

Recovering from Hurricane Matthew

Many organizations in the southeastern United States recovering from Hurricane Matthew are still dealing with downed power lines, swollen rivers and blocked roads. As soon as they are able to, business owners should start assessing damage to their property and begin their insurance recovery process. They will need to assess not only physical damage to their property but also any income losses that may have occurred as a result of flooded and blocked roads and bridges, interrupted shipping and air transport, evacuations, and closures by civil authority.

They need to gather the information they’ll need for their insurer, and also be familiar with their policy and policy language. “In the runup to a storm, we always hear insurance executives on the news assuring the public that they will take care of things—that policyholders can rest assured,” Marshall Gilinsky, a shareholder in the insurance recovery group at Anderson Kill P.C., said in a statement. “But it’s vital for businesses not to assume everything’s going to be taken care of automatically. Storm-related claims can run into a snarl of unclear policy provisions, sublimits and exclusions, and occasionally obstreperous insurance company adjusters. A false sense of security leads easily to lost insurance proceeds.”

...

http://www.riskmanagementmonitor.com/recovering-from-hurricane-matthew/

Early estimates put the insured property loss to U.S. residential and commercial properties from Hurricane Matthew at up to $6 billion.

While this figure covers wind and storm surge damage to about 1.5 million properties in Florida, Georgia and South Carolina, CoreLogic’s estimate does not include insured losses related to additional flooding, business interruption or contents.

Parts of North Carolina are expected to remain under dangerous flood risk for at least the next three days, according to the state’s governor Pat McCrory in a report by the Capital Weather Gang blog.

...

http://www.iii.org/insuranceindustryblog/?p=4617

Wednesday, 12 October 2016 00:00

Point-of-Sale Security Still a Big Problem

Point-of-sale (POS) systems seem to be a growing target for hackers. In early August, security expert Brian Krebs reported on his Krebs on Security site that Oracle's MICROS POS division had suffered a breach in its customer support portal for companies using its point-of-sale card payment systems.

Attacks like this and a recent data breach involving Eddie Bauer Stores in the U.S. and Canada are just a few examples of hackers targeting POS systems.

Hackers always look for low-hanging fruit, security experts point out, and POS systems are relatively easy targets because they tend to have older, easily hacked security protocols.

...

http://www.esecurityplanet.com/network-security/point-of-sale-security-still-a-big-problem.html

Wednesday, 12 October 2016 00:00

The Rising Demand for On-Demand Resources

Enterprise workloads are becoming increasingly erratic, in terms of volume and data dependency, which is making it difficult to plan even medium-term infrastructure needs with any degree of accuracy.

This is putting a damper on the deployment of traditional data center infrastructure, which can often take years to plan and construct, by which time the assumptions used to guide its development are usually way off the mark. Instead, the industry is witnessing a distinct upsurge in data center on-demand (DCoD) strategies that rely on a mixed bag of hyperconverged infrastructure, abstract data architectures and cloud computing.

According to Wise Guy Reports, the DCoD market is growing at nearly a 20 percent compound annual rate, which will likely produce close to $2 billion in revenue by 2022. The field is set to experience a dramatic jump over the next year or so as container technologies make it easier to encapsulate full data ecosystems in a portable, abstract environment capable of relocating to remote central or, increasingly, edge processing facilities. This gives the enterprise unprecedented ability to shift resources and applications to regions where activity is heaviest and then just as easily pull them back on the downturn.

...

http://www.itbusinessedge.com/blogs/infrastructure/the-rising-demand-for-on-demand-resources.html

Wednesday, 12 October 2016 00:00

FEMA to Evaluate Readiness of Pennsylvania

PHILADELPHIA – The Department of Homeland Security, Federal Emergency Management Agency (FEMA) will evaluate a biennial emergency preparedness exercise at the Susquehanna Steam Electric Station in Berwick, PA. The exercise will occur during the week of October 17th, 2016 to assess the ability of the Commonwealth of Pennsylvania to respond to an emergency at the nuclear facility.

“These drills are held every other year to evaluate government’s ability to protect public health and safety,” said MaryAnn Tierney, Regional Administrator for FEMA Region III. “We will assess state and local emergency response capabilities within the 10-mile Emergency Planning Zone as well as the adjacent support jurisdictions within the Commonwealth of Pennsylvania.”

Within 90 days post-exercise, FEMA will send a report of their evaluation to the Nuclear Regulatory Commission (NRC) for use in licensing decisions. The final report will be available to the public approximately 120 days after the exercise.

FEMA will present preliminary findings of the exercise in a public meeting at 11:00 a.m. on Friday, October 21, 2016 at the East Mountain Business Center, 1190 East Mountain Blvd., Wilkes-Barre, PA 18702. Scheduled speakers include representatives from FEMA, NRC, and the Commonwealth of Pennsylvania. 

At the public meeting, FEMA may request that questions or comments be submitted in writing for review and response. Written comments may also be submitted after the meeting by emailing This email address is being protected from spambots. You need JavaScript enabled to view it. or by mail to:

MaryAnn Tierney

Regional Administrator

FEMA Region III

615 Chestnut Street, 6th Floor

Philadelphia, PA 19106

FEMA created the Radiological Emergency Preparedness (REP) Program to (1) ensure the health and safety of citizens living around commercial nuclear power plants would be adequately protected in the event of a nuclear power plant accident and (2) inform and educate the public about radiological emergency preparedness.

REP Program responsibilities cover only “offsite” activities, that is, state and local government emergency planning and preparedness activities that take place beyond the nuclear power plant boundaries. Onsite activities continue to be the responsibility of the NRC.

Additional information on FEMA’s REP Program is available online at FEMA.gov/Radiological-Emergency-Preparedness-Program.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. FEMA Region III’s jurisdiction includes Delaware, the District of Columbia, Maryland, Pennsylvania, Virginia and West Virginia.  Stay informed of FEMA’s activities online: videos and podcasts are available at fema.gov/medialibrary and youtube.com/fema. Follow us on Twitter at twitter.com/femaregion3.

It’s 2016, yet IT experts are still challenged with how to effectively and efficiently cool their data center. The cooling process accounts for 40 percent of all power consumed by data centers, so this question is top of mind for operators. Ensuring optimal cooling in a data center not only lowers operational expenditure, but reduces the strain on equipment cooling mechanisms, extending the lifespan of the hardware; and freeing up power for IT equipment, increasing equipment uptime. The decision to invest in cooling infrastructure is easy, however choosing the method with which you regulate temperature within the data center can be more challenging.

Cooling and efficiency strategies are constantly evolving, with companies like Microsoft going so far as to drop a self-contained data center into the ocean. However, you do not need to plunge your equipment into the sea or move to the Arctic to keep yours cool. Hot-aisle containment (HAC) and cold-aisle containment (CAC) are the primary method in which leading businesses are reducing the use of energy and optimizing equipment performance within the data center. This proven and highly effective methodology of cooling has emerged as a new best practice within the industry.

...

http://www.datacenterknowledge.com/archives/2016/10/11/impacts-cooling-energy-efficiency-todays-data-center-design/

North America represents 44 percent of the global data center market, and Northern Virginia’s Data Center Alley is the region’s crown jewel.

A convergence of fiber networks, undersea cables, and its many existing data centers continue to attract a disproportionately large share of all data center construction and leasing leasing activity to the area, and today, the market is only getting hotter.

Allen Tucker, managing director at the commercial real estate firm Jones Lang LaSalle, said a confluence of recent events has created a dramatic leap in leasing activity year-over-year in Northern Virginia.

...

http://www.datacenterknowledge.com/archives/2016/10/11/n-virginia-data-center-market-continues-breaking-leasing-records/

When IT outage horror stories become prime-time news, many companies tend to take a closer look at their own ability to recover from a disaster—whether it be a hardware failure, fire, human error or environmental threat.

The first step is acknowledging that the risk of an IT outage is very real. A recent independent study conducted by Opinion Matters on behalf of iland revealed that 95 percent of companies surveyed suffered at least one IT outage in the last year. The large majority had a disaster recovery plan in place, and 87 percent triggered a failover to mitigate the impact of the outage. Most troubling of all the findings: 58 percent experienced issues when using their disaster recovery solution.

As evidenced by the recent outages at Delta and Southwest, even companies that invest millions on disaster recovery plans make mistakes. Often, they are completely avoidable. Here are some of the most common pitfalls to avoid when planning for IT resilience:

...

http://corporatecomplianceinsights.com/disaster-recovery-failures-learning-others-mistakes/

How do you measure your IT service success and failure? Performance numbers and metrics can be valuable, because they help you to improve, as well as to defend your IT service management against possible criticism.

Yet with the notion of service come the concepts of customer and customer satisfaction. It stands to reason that complete recovery from service failure means taking into account customer satisfaction, as well as moving all the other indicators from red back to green. Here’s a handy list of tips.

...

http://www.opscentre.com/service-management-complete-recovery-service-failure/

Residents Urged to Stay off of Flooded Roads, Clean up Begins in Some Areas
 

WASHINGTON –The Department of Homeland Security’s Federal Emergency Management Agency (FEMA) and its partners continue to mobilize additional resources and personnel to support state and local efforts as record rains and flooding remains a significant concern for public safety.  Local and federal officials are also working to clear debris from major roads, ensure coastal ports are safe to re-open and support efforts to restore power in affected areas.   

At the direction of President Obama, FEMA is leading the federal government’s efforts to provide assistance and support in the aftermath of Hurricane Matthew. Recovery efforts are under way in Florida, Georgia, and South Carolina and response efforts continue in North Carolina, including thousands of water rescues supported by federal responders and assets in the state.

There are more than 800 FEMA personnel on the ground supporting response and recovery efforts including Disaster Survivor Assistance (DSA) teams; and seven Incident Management Assistance Teams (IMATs). There are three active Urban Search & Rescue teams with seven additional teams on standby, if needed. To date, USAR teams have conducted 75 rescues.

FEMA is transporting prepositioned commodities to affected areas as requests are submitted. More than 5.2 million meals, 3.7 million liters of water, and 72,000 blankets for state, were made available for state, tribal and local officials to distribute to individuals should they be requested by states. Thus far, states have received the following commodities:

  • Florida: More than 3 million meals; 800,000 million liters of water;
  • Georgia: More than 580,000 meals, 649,000 liters of water; 17,200 blankets;
  • North Carolina: More than 1.39 million meals; 1.85 million liters of water; 49,000 blankets; 
  • South Carolina: More than 267,000 meals; 400,000 liters of water; 4,400 blankets.

The National Business Emergency Operation Center (NBEOC) continues to coordinate with more than 375 national businesses about the effects of Hurricane Matthew and flooding.  Businesses are encouraged to use established social media hashtags to report public safety concerns, share local access areas that remain close or inaccessible, and the status of reopening business hours. The hashtags are:  Florida: #FLOpen4Biz; Georgia: #GAOpen4Biz; South Carolina: #SCOpen4Biz; and North Carolina: #NCOpen4Biz.

On Saturday, October 8, President Obama signed major disaster declarations for Florida and Georgia making federal funding available to state, tribal and eligible local governments and certain private non-profit organizations for debris removal and emergency protective measures for affected areas. Damage assessments are underway and additional designations and forms of assistance may be added at a later date.

Ongoing Support and Preparedness Efforts:

The U.S. Agency for International Development’s Office of U.S. Foreign Disaster Assistance teams are deployed to Haiti, Jamaica and the Bahamas and are working with local authorities to coordinate relief efforts. Updates on the status operations throughout the Caribbean are available on travel.state.gov and on individual Embassy websites.  U.S. citizens traveling and residing abroad are encouraged to enroll their travel plans on the agency’s website using the Smart Traveler Enrollment Program (STEP), and to read the “Country Specific” information also found on the site.

The National Guard continues support to states impacted by Hurricane Matthew. Additional Guard members are now activated in the Hampton Roads area of Virginia to assist with high water transport. The number of total Guard personnel on duty is expected to drop from more than 8,000 Sunday to approximately 7,500 today.

The American Red Cross continues supporting a massive shelter operation in the affected areas. Nearly 7,000 people stayed the night in 156 Red Cross and community shelters in Florida, Georgia, South Carolina, North Carolina and Virginia. The American Red Cross has more than 3,000 trained disaster workers on the ground in addition to 149 pre-positioned response vehicles and 100 trailer loads filled water, ready-to-eat meals, shelter and kitchen supplies, cleaning supplies and comfort kits, insect repellant, gloves, masks, shovels, rakes, coolers and more. For Hurricane Matthew shelter locations, visit www.redcross.org or call 1-800-768-8048. The American Red Cross has an urgent need for blood and platelet donations as Hurricane Matthew has forced the cancellation of many blood drives. Residents who are in an unaffected area, are encouraged to give blood or platelets, to help patients in the affected areas with great need. Go to redcrossblood.org or call 1-800-RED CROSS.

The Corporation for National and Community Service (CNCS) deployed more than 500 AmeriCorps members, including FEMA Corps, to areas affected by Hurricane Matthew. These deployments include 59 teams of FEMA Corps members – 471 AmeriCorps members in total – that have been pre-staged to support FEMA’s response to affected states. An additional 90 AmeriCorps members are supporting shelter and emergency operations in Florida and South Carolina. CNCS is coordinating with local partners in each state, including governor-appointed state service commissions and voluntary organizations, to support state emergency operations and volunteer response efforts. 

The U.S. Department of Agriculture (USDA) encourages producers with crops insured under the Federal crop insurance program to immediately contact their local crop insurance agent to report any damage to insured crops after the storm. For assistance with Rural Development financed housing, business or community assistance information, and to get help from the Natural Resources Conservation Service for debris removal, visit here. Additional disaster resource information as well as food safety, livestock and pet guidance is available at www.usda.gov. USDA Foods’ inventories have been requested from all potentially impacted state agencies, and the Supplemental Nutrition Assistance Program (SNAP) staff is prepared to respond to any state requests for disaster SNAP and/or other SNAP-related needs. Additional information about USDA's disaster assistance resources is available here.

The U.S. Army Corps of Engineers (USACE) continues to engage in dam safety inspections throughout South Carolina, testing more than 80 privately-owned dams at the state’s request. USACE also continues to support damage assessments to coastal regions.

U.S. Northern Command continues to support seven Incident Support Bases and Federal Staging Areas in Georgia, North Carolina, South Carolina and Virginia to support federal and state resources needed for response. Additionally, Defense Coordinating Officers and Defense Coordinating Elements remain in Florida, Georgia, and South Carolina, along with a Defense Coordinating Officer in Virginia. Dual-status commanders are designated in Florida, Georgia, and South Carolina.

Members of the U.S. Department of Health and Human Services’ (HHS) Disaster Medical Assistance Team from Pennsylvania continue providing medical support to a hospital in Brevard County, Florida, assisting with a surge in demand for emergency department services. More than 700 personnel from the National Disaster Medical System, U.S. Public Health Service, and the Office of the Assistant Secretary for Preparedness and Response remain pre-positioned or on alert ready to assist in other communities as needed. HHS agencies, continue to promote public health messaging and staying healthy after the storm at www.phe.gov/hurricanematthew and www.cdc.gov.

The U.S. Department of Homeland Security, in coordination with FEMA, issued an official memo to impacted states regarding immigration enforcement activities. The DHS Office for Civil Rights and Civil Liberties (CRCL), in coordination with FEMA’s Office of Disability Integration and Coordination and FEMA’s Office for Equal Rights, issued a notice to ensure that individuals and communities affected by the disaster do not face unlawful discrimination in the provision of federally assisted services. Additionally, CRCL and FEMA ODIC holding daily calls of the Interagency Coordinating Council on Individuals with Disabilities (ICC) to share information and resources with interagency partners on any issues impacting individuals with disabilities in the affected states.

U.S. Citizenship and Immigration Services encourages those whose application, petition or immigration status may be impacted by Hurricane Matthew to call the USCIS National Customer Service Center at 800-375-5283 (TDD for the deaf and hard of hearing: 800-767-1833) to learn how to request certain types of relief. For more information, visit here.

The U.S. Coast Guard continues working with the U.S. Army Corps of Engineers, NOAA, local port authorities, and other partners to reopen the Georgia ports of Savannah and Brunswick. The teams are surveying channel depths to ensure safe navigation for commercial vessels.

The Coast Guard also continues to assist in search and rescue efforts and remains poised to assist in future rescue efforts from those affected by Hurricane Matthew to ensure the safety of individuals that may be in distress from this storm.

The U.S. Department of Energy continues working with energy partners in affected areas as power restoration continues. Requirements for restoration vary state-by-state and with local jurisdictions, which may cause delays for some communities and neighborhoods.

The U.S. Department of Housing and Urban Development deployed housing assessment teams in each affected state.  The teams are compiling damage data on all of HUD’s Multifamily and Public Housing apartments.

The U.S. Department of the Interior’s United States Geological Survey deployed more than 40 teams to the affected areas to collect the surge sensors and gages that identify high water marks. USGS has additional crews making flood measurements and repairing stream gages damaged by river flooding.  USGS is placing employee safety as the top priority.  Access issues in some locations and continued significant flooding are impacting field work efforts. Information on all sensors and gages is available online.

The U.S. Department of the Interior’s National Park Service reports that nine Atlantic coast national parks in Florida, Georgia and South Carolina remain closed in the wake of Hurricane Matthew as the NPS continues to determine the extent of damage caused by the storm’s wind and water. The NPS has deployed its Eastern Incident Management Team to Timucuan Ecological and Historic Preserve to coordinate and oversee the assessment and recovery operations at all of the affected parks.

The U.S. Department of the Interior's U.S. Fish and Wildlife Service reports that 20 wildlife refuges are closed and each will remain so until it is safe for staff to return. 

The Department of Justice deployed 77 federal law enforcement personnel in the affected states, with an additional 50 personnel on stand-by for assignment, if necessary.

The U.S. Environmental Protection Agency continues to conduct oil and hazardous material field assessments. In Florida, EPA completed more than 100 field assessments, reporting no hazardous materials. Additionally, EPA is working with affected states to incorporate debris assignments.

The Federal Communications Commission continues monitoring the status of communications networks and coordinating with providers and government partners on communications status and restoration throughout the affected areas.

The Federal Motor Carrier Safety Administration (FMCSA) divisions in the southern region continue working with contact permitting agencies & commercial motor vehicle law enforcement agencies in their states to assist with necessary emergency waivers and permits.

The U.S. General Services Administration (GSA) deployed staff to Florida, Georgia, and South Carolina to support FEMA efforts to establish Joint Field Offices and Disaster Response Centers.  GSA assessment teams are preparing to survey potential damage to federal facilities and will ensure any necessary repairs are undertaken quickly.

The National Center for Missing & Exploited Children (NCMEC) activated its Unaccompanied Minors Registry (UMR). Family members can go to https://umr.missingkids.org or call 1-800-THE-LOST to find unaccompanied children who may have been separated from parents or caregivers because of the floods, by entering basic information and/or a photo.

The Department of Transportation’s (DOT) Federal Highway Administration deployed about a dozen personnel from division offices to assist with the storm response.  Bridge and road inspectors will make damage assessments in affected areas are beginning.

The Department of Treasury’s Internal Revenue Service (IRS) latest guidance for taxpayers affected by Hurricane Matthew. 

Up-to-date information about U.S. Department of Veterans Affairs facilities is available.

FEMA advises anyone in the impacted areas looking to help or assist with response and recovery efforts can get involved by contacting their American Red Cross chapter or their local Voluntary Organizations Active in Disaster (VOAD) chapter to connect to many organizations working on the ground that are in need of volunteers. To get in touch with the local VOAD in the affected areas, visit:

For additional info, imagery, graphics and b-roll, see our Hurricane Matthew web page: www.fema.gov/hurricane-matthew.

###

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain and improve our capability to prepare for, protect against, respond to, recover from and mitigate all hazards.

Follow FEMA online at www.fema.gov/blog, www.twitter.com/fema, www.facebook.com/fema and www.youtube.com/fema.  Also, follow Administrator Craig Fugate's activities at www.twitter.com/craigatfema.

The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

Downgraded to a post-tropical cyclone on Sunday, Hurricane Matthew proceeded to work its way north, pummeling coastal regions of Georgia, South Carolina and North Carolina, where rivers are overflowing and flooding continues. So far, Matthew has killed nearly 900 people in Haiti and 17 in the United States. More than 2 million U.S. homes and businesses lost power over the weekend, according to Reuters.

CoreLogic said today that it anticipates hurricane-related insured property losses for both residential and commercial properties to be between $4 billion and $6 billion from wind and storm surge damage. The amount does not include insured losses related to additional flooding, business interruption or contents.

...

http://www.riskmanagementmonitor.com/hurricane-matthew-could-impact-renewals-reinsurers/

(TNS) — Local organizations are seeking volunteers and collecting donations of money and goods in the aftermath of Hurricane Matthew.

Here are some ways to help:

Red Cross

The Red Cross of Eastern North Carolina is looking for volunteers to help manage shelters, deliver food and answer phone calls.

“All it takes is a good heart,” said Phil Harris, community executive for the Highlands chapter of the Red Cross in Fayetteville. “We’ll give you the training you need to help your neighbor.”

...

http://www.emergencymgmt.com/disaster/How-to-help-NC-after-Hurricane-Matthew.html

Enterprises that sign up for Google’s cloud services will now have the choice to submit their software development and IT operations teams to the same level of operational rigor Google submits its own engineers.

The company on Monday revealed more details about a new approach to cloud customer support it announced last week, created to help alleviate customers’ anxiety about giving up control of their infrastructure to a cloud provider. It will embed its own experts on cloud customers’ teams to help them deploy and run applications in Google’s cloud data centers in the most reliable way possible.

The services will include shared paging (when things go wrong), auto-creation and escalation of priority-one tickets, participation in customer “war rooms,” and Google-reviewed design and production system.

...

http://www.datacenterknowledge.com/archives/2016/10/10/heres-googles-plan-for-calming-enterprise-cloud-anxiety/

Tuesday, 11 October 2016 00:00

Mock Disaster Training Hones Response Skills

(TNS) - It was a practice in preparing for the worst, in case real disasters were ever to occur.

That’s the primary purpose behind a three-day disaster training exercise in rural Nodaway County, east of Maryville. Northwest Missouri State University — which offers a major in emergency and disaster management — is the host.

Missouri Hope 2016 is bringing 500 people to the Mozingo Outdoor Education and Recreation Area and Mozingo Youth Camp, in efforts to fine-tune emergency responses in scenarios that mirror real-life situations.

...

http://www.emergencymgmt.com/training/Mock-disaster-training-hones-response-skills.html

Severe Flooding Affecting Areas throughout the Southeast

WASHINGTON –The Department of Homeland Security’s Federal Emergency Management Agency (FEMA) and its partners continue to mobilize resources and personnel to support state, local and tribal efforts as significant flooding impacts areas throughout the Southeast United States.

At the direction of President Obama, FEMA is leading the federal government’s efforts to provide assistance and support in the aftermath of Hurricane Matthew and is, on a daily basis, moving personnel and supplies into the affected areas.  

Already, there are more than 750 FEMA personnel on the ground supporting response and recovery efforts including six Disaster Survivor Assistance (DSA) teams and six Incident Management Assistance Teams (IMATs) . Ten Urban Search & Rescue teams are also deployed and engaged in search and rescue efforts.

FEMA also prepositioned commodities throughout affected areas to ensure there are no unmet needs.  FEMA made available more than 2.8 million meals, three million liters of water, and 48,000 blankets for state, tribal and local officials to distribute to individuals should they be requested by states. 

A breakdown by state:

  • Florida: More than 71,000 meals; 341,000 liters of water;
  • Georgia: More than 579,000 meals, 649,000 liters of water; 17,000 blankets;
  • North Carolina: More than 1.9 million meals; 1.6 million liters of water; 26,000 blankets; and,
  • South Carolina: More than 250,000 meals; 390,000 liters of water; 4,500 blankets.

President Obama signed major disaster declarations Saturday for Florida and Georgia making federal funding available to state, tribal and eligible local governments and certain private non-profit organizations for debris removal and emergency protective measures for affected areas. This is in addition to pre-disaster emergency declarations signed earlier in the week by the President for Florida, Georgia, North Carolina and South Carolina. Damage assessments are underway and additional designations and forms of assistance may be added at a later date.

Ongoing Support and Preparedness Efforts:

The U.S. Army Corps of Engineers (USACE) deployed more than 100 personnel for Matthew response and is supporting eight FEMA mission assignments including dam inspections, flood-fight materials and temporary emergency power. USACE also continues participating in port surveys in the affected areas.

The Corporation for National and Community Service (CNCS) deployed more than 500 AmeriCorps members, including FEMA Corps, to areas affected by Hurricane Matthew. These deployments include 59 teams of FEMA Corps members – 471 AmeriCorps members in total – that have been pre-staged to support FEMA’s response to affected states. An additional 90 AmeriCorps members are supporting shelter and emergency operations in Florida and South Carolina. CNCS is coordinating with local partners in each state, including governor-appointed state service commissions and voluntary organizations, to support state emergency operations and volunteer response efforts. 

The U.S. Department of Agriculture (USDA) encourages producers with crops insured under the Federal crop insurance program should immediately contact their local crop insurance agent to report any damage to insured crops after the storm. For assistance with Rural Development financed housing, business or community assistance information, and to get help from the Natural Resources Conservation Service for debris removal go to: http://offices.sc.egov.usda.gov/locator/app).

Additional disaster resource information as well as , livestock and pet guidance is available at www.usda.gov.  USDA Foods’ inventories have been requested from all potentially impacted state agencies, and the Supplemental Nutrition Assistance Program (SNAP) staff is prepared to respond to any state requests for disaster SNAP and/or other SNAP-related needs. Additional information about USDA's disaster assistance resources is available at: http://www.usda.gov/wps/portal/usda/usdahome?navid=disaster-help.

The U.S. Department of Defense (DOD) established Incident Support Bases or Federal Staging Areas in Georgia, South Carolina and Virginia in coordination with FEMA to preposition commodities and resources close to the potentially affect areas. The U.S. Northern Command deployed Defense Coordinating Elements to Florida, Georgia, South Carolina, and North Carolina. These service members are providing DOD regional subject matter expertise, validate requirements, and conduct liaison efforts in support of response operations.

The U.S. Department of Health and Human Services’ Disaster Medical Assistance Team members from Pennsylvania are providing medical support to two hospitals in Brevard County, Florida. Additionally more than 1,000 personnel from the National Disaster Medical System, U.S. Public Health Service, and the Office of the Assistant Secretary for Preparedness and Response remain pre-positioned or on alert ready to assist in other communities.

The U.S. Department of Homeland Security in coordination with FEMA are working to ensure that individuals and communities affected by disasters do not face unlawful discrimination as they seek disaster-assistance services. The DHS Office for Civil Rights and Civil Liberties and both FEMA’s Office on Disability Integration and Coordination and the Office for Equal Rights issued an official memo to impacted states that there will be no immigration enforcement initiatives associated with evacuations, sheltering, or any other life-saving initiatives related to Matthew.

U.S. Coast Guard deployed a public health and safety officer to the National Response Coordination Center to support HHS related to Zika-virus issues that may occur following the recession of flood waters.

U.S. Citizenship and Immigration Services encourages those whose application, petition or immigration status may be impacted by Hurricane Matthew to call the USCIS National Customer Service Center at 800-375-5283 (TDD for the deaf and hard of hearing: 800-767-1833) to learn how to request certain types of relief. For more information, visit www.uscis.gov/humanitarian/special-situations.

The U.S. Department of Interior’s Bureau of Indian Affairs continues to coordinate with tribes in potentially affected areas as needed. 

The U.S. Department of Interior’s United States Geological Survey deployed more than 40 teams to the affected areas to collect the 393 surge sensors and gauges that identify high water marks. USGS has additional crews making flood measurements and repairing stream gauges damaged by river flooding. Information on all sensors and gages is available at: http://stn.wim.usgs.gov/error.html.

The U.S. Department of Interior’s National Park Service is continuing to monitor and evaluate conditions at their parks. More than half a dozen national parks remain closed, each is assessing the ability to open to the public. Anyone planning to visit a park in the impacted states is encouraged to verify a park’s open status on its website.

Additionally, the Department of the Interior's Office of Law Enforcement and Security continues to coordinate readiness to help with security.  Two 25-person Quick Response Teams composed of U.S. Park Police and National Park Service, and U.S. Fish and Wildlife Service are assisting with protection for urban rescue teams and security for mobile field hospitals. 

The U.S. Fish and Wildlife Service report 16 National Wildlife Refuges and other facilities remain closed with damage assessments of those facilities underway.

The Department of Justice has 500 federal law enforcement officers from across the country on standby and ready to deploy, as required.

The U.S. Environmental Protection Agency (EPA) activated the Regional Emergency Operations Center in Atlanta, Georgia and deployed liaisons to the FEMA Regional Response Coordination Center in Atlanta, and the state operational centers in Florida, North Carolina and South Carolina.  All EPA regional programs have contacted their state counterparts and offered technical assistance concerning waste and debris disposal, water infrastructure, and fuel waiver issues. EPA deployed eight teams lead by Federal On-Scene Coordinators (OSC) to conduct oil and hazardous materials assessment activities in the Florida coastal counties of Nassau, Duval, St. Johns, Flagler, Volusia, and Brevard.

The Federal Aviation Administration is of hurricane rescue and response aircraft to preserve the safety of first-responders.

The Federal Motor Carrier Safety Administration (FMCSA) divisions in the southern region continue working with contact permitting agencies & commercial motor vehicle law enforcement agencies in their states to assist with necessary emergency waivers and permits.

The U.S. General Services Administration (GSA) deployed staff to Florida, Georgia, and South Carolina to support FEMA efforts to establish Joint Field Offices and Disaster Response Centers.  GSA assessment teams are preparing to survey potential damage to federal facilities and will ensure any necessary repairs are undertaken quickly.

National Center for Missing & Exploited Children (NCMEC) activated its Unaccompanied Minors Registry (UMR). Family members can go to https://umr.missingkids.org or call 1-800-THE-LOST to find unaccompanied children who may have been separated from parents or caregivers because of the floods, by entering basic information and/or a photo. 

The National Guard continues to move north following the storm’s path. More than 9,000 National Guard personnel from nine states are conducting search and rescue, security, infrastructure assessment, route clearance, and communications in support of hurricane recovery efforts.  The National Guard provides support to civil authority of the state under direction of the governor.

The American Red Cross continues supporting a massive shelter operation in the affected areas. More than 13,400 people stayed the night in 248 Red Cross and community evacuation shelters in Florida, Georgia, South Carolina and North Carolina. The Red Cross has more than 2,700 trained disaster workers on the ground in addition to 133 pre-positioned response vehicles and 97 trailer loads filled water, ready-to-eat meals, shelter and kitchen supplies, cleaning supplies and comfort kits, insect repellant, gloves, masks, shovels, rakes, coolers and more. For Hurricane Matthew shelter locations, visit www.redcross.org or call 1-800-768-8048. The American Red Cross has an urgent need for blood and platelet donations as Hurricane Matthew has forced the cancellation of many blood drives. Residents who are in an unaffected area, are encouraged to give blood or platelets, to help patients in the affected areas with great need. Go to redcrossblood.org or call 1-800-RED CROSS.

The Department of Transportation’s (DOT) Federal Highway Administration deployed about a dozen personnel from division offices to assist with the storm response.  Bridge and road inspectors will make damage assessments in affected areas are beginning.

The Department of Treasury’s Internal Revenue Service (IRS) advises that the latest guidance for taxpayers affected by Matthew will be available at https://www.irs.gov/uac/newsroom/news-releases-for-current-month.

For up-to-date information about U.S. Department of Veterans Affairs facilities can be found at:  http://www.blogs.va.gov/VAntage/31765/va-facilities-across-the-southeast-prepare-for-hurricane-matthew/.

The U.S. Agency for International Development’s Office of U.S. Foreign Disaster Assistance teams are deployed to Haiti, Jamaica and the Bahamas and are working with local authorities to coordinate relief efforts. Updates on the status operations throughout the Caribbean are available on and on individual Embassy websites.  U.S. citizens traveling and residing abroad are encouraged to enroll their travel plans on the agency’s website, travel.state.gov, using the Smart Traveler Enrollment Program (STEP), and to read the “Country Specific” information also found on the site.

FEMA advises anyone in the impacted areas looking to help or assist with response and recovery efforts can get involved by contacting their American Red Cross chapter or their local Voluntary Organizations Active in Disaster (VOAD) chapter to connect to many organizations working on the ground that are in need of volunteers. To get in touch with the local VOAD in the affected areas, visit:

For additional info, imagery, graphics and b-roll, see our Hurricane Matthew web page: http://www.fema.gov/hurricane-matthew.

###

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain and improve our capability to prepare for, protect against, respond to, recover from and mitigate all hazards.

Follow FEMA online at www.fema.gov/blog, www.twitter.com/fema, www.facebook.com/fema and www.youtube.com/fema.  Also, follow Administrator Craig Fugate's activities at www.twitter.com/craigatfema.

The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

WASHINGTON –The Department of Homeland Security’s Federal Emergency Management Agency (FEMA) urges residents returning home or in affected areas to listen to state, local and tribal officials as dangerous flooding following Hurricane Matthew impacts areas throughout the Southeast United States. People returning home should exercise extreme caution as emergency crews respond to affected areas and avoid driving through flooded roadways. 

National Weather Service experts predict that Matthew should move well east of the North Carolina coast by this afternoon and should weaken over the next 48 hours. However, an extensive and significant freshwater flood event is unfolding over northeastern South Carolina into central and eastern North Carolina. Between six to 12 inches of rain, with isolated amounts up to 20 inches, have been reported mainly from Savannah to eastern North Carolina. An additional one to three inches are possible across eastern North Carolina and southeast Virginia. Numerous rivers are expected to reach moderate to major flood levels from northeast South Carolina into central and eastern North Carolina later today. The rivers will be slow to recede, with the flooding continuing through the week.

For people who evacuated and are returning today, do so only when authorities indicate it is safe. Watch out for debris and downed power lines and avoid walking or driving through flood waters.  Flood waters may be electrically-charged from underground or downed power lines and may hide dangerous debris or places where the ground is washed away.

You are also advised to photograph damaged property in order to assist in filing an insurance claim and do what is possible to prevent further damage to property (e.g., putting a tarp on a damaged roof).

“Flash floods are the leading cause of weather-related deaths in the United States,” said FEMA Administrator W. Craig Fugate. “As people head back home to assess damage it is vital they do not drive through flooded roadways, avoid downed power lines, and stay off the roads to let first responders do their work.  Turn around, don’t drown.” 

Shelters remain open across the impacted states. You can download the FEMA mobile app for shelter information, disaster resources, weather alerts, and safety tips, in English and in Spanish. The app provides a customizable checklist of emergency supplies, maps of open shelters and recovery centers, disaster survival tips, and weather alerts from the National Weather Service. The app also enables users to receive push notifications reminding them to take important steps to prepare their homes and families for disasters.

After the Hurricane - Safety and Preparedness Tips as you Return to Your Home

·       Listen to local officials for updates and instructions. Return home only when authorities indicate it is safe.

·       Check-in with family and friends by texting or using social media.

·       When you return to the impacted area, watch out for debris and downed power lines.

·       Avoid flood water as it may be electrically charged from underground or downed power lines and may hide dangerous debris or places where the ground is washed away.

·       Avoid walking or driving through flood waters. Just six inches of moving water can knock you down, and fast-moving water can sweep your vehicle away.

·       Photograph the damage to your property in order to assist in filing an insurance claim.

·       Do what you can to prevent further damage to your property (e.g., putting a tarp on a damaged roof), as insurance may not cover additional damage that occurs after the storm.

File an Insurance Claim then Register with FEMA (or for Federal Assistance)

·        Contact your insurance company and file a claim. Get your company’s contact information online at the Department of Insurance for the state where the damage occurred.

·        If you have flood insurance questions call 800-621-3362 Monday through Friday from 8 a.m. to 6 p.m. EDT and select option two. Call center staff are available to assist with information regarding your policy, offer technical flood guidance to aid in recovery and answer other flood insurance questions. You can be transferred to your insurance carrier for additional assistance if you have further questions.

·        For those in Georgia and Florida who have been affected by Hurricane Matthew, you can pre-register for federal disaster assistance at DisasterAssistance.gov or by calling 800-621-3362. Lines are open every day from 6 a.m. to 10 p.m. EDT. Survivors who use TTY may call 800-462-7585.

Communications

If you live in areas affected by Hurricane Matthew or know someone in those areas, social media sites like Facebook or Twitter are good way to let friends and family know you’re safe or to inquire about your loved ones.

However, the National Coordinating Center recommends keeping your calls to the minimum and to using several alternative communication methods as networks in the area may become congested.  People in the emergency area should still call 9-1-1 if they need emergency services.

Please keep in mind a few recommended best practices for placing calls during a large emergency:

  1. Limit non-emergency phone calls.
  2. Keep all phone calls brief.
  3. For non-emergency calls, try text messaging, also known as short messaging service (SMS) when using your wireless phone.
  4. If possible, to reduce congestion, try a variety of communications services if you are unsuccessful in getting through with one.
  5. Wait 10 seconds before redialing a call. On many wireless handsets, to re-dial a number, you simply push "send" after you've ended a call to redial the previous number.

To report a missing child, please contact the National Center for Missing & Exploited Children at 1-866-908-9570. Anyone who finds an unaccompanied child who may have been separated from his/her parents or caregivers because of the hurricane can enter basic information and/or a photo into the National Center for Missing & Exploited Children's Unaccompanied Minors Registry (UMR): http://umr.missingkids.org or call 1-866-908-9570.

For more information about Hurricane Matthew, including resources deployed, imagery, and b-roll go to: http://www.fema.gov/hurricane-matthew

###

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain and improve our capability to prepare for, protect against, respond to, recover from and mitigate all hazards.

Follow FEMA online at www.fema.gov/blog, www.twitter.com/fema, www.facebook.com/fema and www.youtube.com/fema.  Also, follow Administrator Craig Fugate's activities at www.twitter.com/craigatfema.

The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

Hurricane Matthew Unified Response Efforts Underway

FEMA and the Federal Family Coordinating with Partners to Support Impacted Communities
 

WASHINGTON – The U.S. Department of Homeland Security’s Federal Emergency Management Agency (FEMA) and its federal partners continue to mobilize resources and personnel to support state, local and tribal efforts in the southeast U.S. as the possibility of dangerous conditions and flooding continues in some areas.

At the direction of President Obama, FEMA is leading the federal government’s effort to provide assistance and support in preparation and response to Hurricane Matthew. The President declared emergencies in Florida, Georgia, North Carolina, and South Carolina, making federal assistance available to mobilize equipment and resources necessary to prepare for and respond to Hurricane Matthew in the anticipated impacted areas. These pre-disaster emergency declarations make available direct federal assistance to save lives and protect property.

As of this morning, more than 680 FEMA staff are deployed to impacted states in support of response and recovery efforts for Hurricane Matthew and thousands more remain on alert to support recovery efforts, as needed. This includes six Disaster Survivor Assistance Teams (DSAT) deployed to help federal, state, local and tribal partners gather detailed information on the affected communities during the critical days and weeks following this storm.  DSAT teams address immediate and emerging needs of disaster survivors including: on-the-spot needs assessments, requests for disability related accommodations and access to partners offering survivor services.

Incident Management Assistance Teams (IMAT) are positioned in Florida, Georgia, North Carolina, and South Carolina. IMAT teams support preparation and anticipated response activities, and ensure that there are no unmet needs. Additionally, FEMA has ten Urban Search & Rescue teams on the ground to support any search and rescue efforts. Two teams are in Florida, four teams are in South Carolina, three teams are in Georgia, and one team is in North Carolina.

FEMA has made available more than 1,427,000 meals, more than 958,000 liters of water, and more than 48,000 blankets for state, tribal, and local officials to distribute to individuals.  These points of distribution are centralized locations established by state or local officials where supplies are delivered.

A breakdown by state:

Florida: More than 71,000 meals; 341,000 liters of water;

Georgia: More than 535,000 meals, 617,000 liters of water; 17,000 blankets;

North Carolina: More than 570,000 meals; 26,000 blankets; and,

South Carolina: More than 250,000 meals; 4,500 blankets.

The National Business Emergency Operations Center is activated in the NRCC and is coordinating with potentially affected states to work with private sector companies, preparing for landfall and coordinating on evacuation orders, potential transportation impacts, and access/re-entry permits ahead of the storm.

Ongoing Support and Preparedness Efforts:

The U.S. Agency for International Development’s Office of U.S. Foreign Disaster Assistance teams are deployed to Haiti, Jamaica and the Bahamas and are working with local authorities to coordinate relief efforts. Updates on the status operations throughout the Caribbean are available on travel.state.gov and on individual Embassy websites.  U.S. citizens traveling and residing abroad are encouraged to enroll their travel plans on the agency’s website, travel.state.gov, using the Smart Traveler Enrollment Program (STEP), and to read the Country Specific Information also found on the site.

The U.S. Army Corps of Engineers (USACE) deployed a Team Leader and Assistant Team Leader to FEMA Region IV.  Two Assistant Team Leaders and one Power Subject Matter Expert have been deployed to the FEMA National Response Coordination Center (NRCC).  Also, USACE deployed Team Leaders to FEMA Incident Management Assistance Teams in Florida, Georgia, and South Carolina.  The USACE deployed Emergency Power assets, including Planning & Response Teams (PRT) and Emergency Command & Control Vehicles (ECCV), to Florida and North Carolina.  Two companies from the 249th Engineer Battalion and four Temporary Emergency Power PRTs are coordinating response requirements under a FEMA pre-declaration for Emergency Power.

U.S. Citizenship and Immigration Services (USCIS) encourages those whose application, petition or immigration status may be impacted by Hurricane Matthew to call the USCIS National Customer Service Center at 800-375-5283 (TDD for the deaf and hard of hearing: 800-767-1833) to learn how to request certain types of relief. For more information, visit www.uscis.gov/humanitarian/special-situations.

The U.S. Coast Guard continues to assess and advise the status of ports along the storm’s path.  Advisories are being issued for northern locations in Georgia and South Carolina.

The Corporation for National and Community Service (CNCS) has deployed more than 450 AmeriCorps members, including FEMA Corps, to areas affected by Hurricane Matthew. These deployments include 54 teams of FEMA Corps members – 425 AmeriCorps members in total – that have been pre-staged to support FEMA’s response to affected states. An additional 45 AmeriCorps members are supporting shelter and emergency operations in Florida and South Carolina. CNCS is coordinating with local partners in each state, including governor-appointed state service commissions and voluntary organizations, to support state Emergency Operations and volunteer response efforts. 

The U.S. Department of Agriculture (USDA) has disaster resource information as well as food safety, livestock and pet guidance is available at www.usda.gov.  USDA Foods’ inventories have been requested from all potentially impacted state agencies, and the Supplemental Nutrition Assistance Program (SNAP) staff is prepared to respond to any state requests for disaster SNAP and/or other SNAP-related needs.

The U.S. Department of Defense (DOD) established an Incident Support Base at Fort Bragg in coordination with FEMA to preposition commodities and resources close to the potentially affect areas.  The U.S. Northern Command deployed Defense Coordinating Elements to Florida, Georgia, South Carolina, and North Carolina. These service members are providing DOD regional subject matter expertise, validate requirements, and conduct liaison efforts in support of response operations.

The U.S. Department of Energy (DOE) is conducting daily coordination calls with industry, impacted states and the leadership of the Electricity Sub-Sector Coordinating Council to discuss preparations for the storm and plans for timely restoration.  As the preparation and response efforts for electric power change as the storm shifts, updates for each state can be viewed at here.

The U.S. Department of Health and Human Services has almost 700 personnel pre-positioned and more than 450 on alert ready to support communities with medical, veterinary or fatality management needs from the storm’s impact. Personnel include members of the National Disaster Medical System, the Assistant Secretary for Preparedness and Response staff, and the U.S. Public Health Service Commissioned Corps, and they form eight Disaster Medical Assistance Teams, two National Veterinary Response Teams, a Public Health Service Rapid Deployment Force team, a disaster mortuary assessment personnel and an Incident Response Coordination Team. Information from HHS agencies, including the Centers for Disease Control and Prevention, about protecting health before and after disasters can be found on www.phe.gov/hurricanematthew.

The U.S. Department of Homeland Security’s, Office for Civil Rights and Civil Liberties (CRCL), in coordination with FEMA’s Office on Disability Integration and Coordination and FEMA’s Office for Equal Rights, issued a notice reminding its recipients of federal financial assistance who are engaged in emergency management to ensure that individuals and communities affected by disasters do not face unlawful discrimination in the provision of federally assisted services to disaster survivors. Additionally, CRCL issued a memo to impacted states regarding immigration enforcement activities. This memo notifies the public that there will be no immigration enforcement initiatives associated with evacuations or sheltering related to the hurricane, including the use of checkpoints for immigration enforcement purposes in impacted areas during an evacuation. This memo can be found here.

The U.S. Department of Interior’s Bureau of Indian Affairs is coordinating with tribes in potentially affected areas as needed. 

The U.S. Department of Interior’s National Park Service is continuing to monitor and evaluate conditions at their parks as the storm moves further north.  With more than a dozen national parks closed, each is assessing the ability to re-open to the public. Anyone planning to visit a park in the impacted states is encouraged to verify a park’s open status on its website.

The U.S. Department of Interior’s United States Geological Survey (USGS) is preparing to collect the 393 surge sensors and gages deployed in advance of Hurricane Matthew along the East Coast to provide data that will assist water managers in determining the peak and duration of storm surge.   This includes Storm Surge Sensors (190), Wave Sensors (79), Barometric Pressure Sensors (92), and Rapid Deployment Gage's (32). The information supports disaster recovery efforts and critical weather forecasts for the National Weather Service and FEMA.  The information collected will be distributed live on the USGS website to help federal and state officials gauge the extent and the storm's damage as it passes through each area.  This is the largest deployment of surge sensors by the USGS and surpasses the total deployments for Hurricane Irene and Superstorm Sandy.

The Department of Justice has 500 federal law enforcement officers from across the country on standby and ready to deploy, as required.

The U.S. Environmental Protection Agency (EPA) activated the Regional Emergency Operations Center in Atlanta, Georgia and has deployed liaisons to the FEMA Regional Response Coordination Center in Atlanta, and the Florida State Emergency Operation Center in Tallahassee.  All EPA regional programs have contacted their state counterparts and offered technical assistance concerning waste and debris disposal, water infrastructure, and fuel waiver issues. The Agency has received a mission assignment to support the State of Florida for oil and hazardous substance assessments in the coastal areas of the state, and are assembling teams to deploy from the Atlanta regional office.

The Federal Aviation Administration worked closely with airports and the air carriers that serve the affected area to prepare and is ready to restore air traffic control service in support of recovery efforts.  At FAA facilities in the hurricane’s path, fuel tanks were topped off for air traffic control equipment, radars immobilized and other navigation facilities so they could withstand high wind speeds. The FAA is also warning drone operators to stay clear of hurricane rescue and response aircraft to preserve the safety of first-responders.

The Federal Communications Commission is monitoring the status of communications networks and is prepared to work with affected providers to support restoration efforts as necessary.

The Federal Motor Carrier Safety Administration (FMCSA) divisions in the southern region have been instructed to contact permitting agencies & commercial motor vehicle law enforcement agencies in their states to prepare for either emergency waivers from permits, or to be prepared to expedite permit issuance to support relief transportation efforts.

The U.S. General Services Administration (GSA) deployed staff to Florida, Georgia, and South Carolina to support FEMA efforts to establish Joint Field Offices (JFO) and Disaster Response Centers (DRC).  GSA assessment teams are standing by to survey potential damage to federal facilities and will ensure any necessary repairs are undertaken quickly.

National Center for Missing & Exploited Children (NCMEC) activated its Unaccompanied Minors Registry (UMR). Family members can go to here or call 1-800-THE-LOST to find unaccompanied children who may have been separated from parents or caregivers because of the floods, by entering basic information and/or a photo. 

The National Guard continues to move north following the storm’s path. More than 9,000 National Guard personnel from nine states (AL, FL, GA, LA, MD, MS, NC, SC, TN) are conducting search and rescue, security, infrastructure assessment, route clearance, and communications in support of hurricane recovery efforts.  The National Guard provides support to civil authority of the state under direction of the governor.

The American Red Cross is supporting a massive shelter operation in the affected areas. More than 18,000 people stayed the night in 183 Red Cross and community evacuation shelters in Florida, Georgia, South Carolina and North Carolina. The Red Cross has more than 2,200 trained disaster workers on the ground in addition to 95 pre-positioned response vehicles and 94 trailer loads filled water, ready-to-eat meals, shelter and kitchen supplies, cleaning supplies and comfort kits, insect repellant, gloves, masks, shovels, rakes, coolers and more. For Hurricane Matthew shelter locations, visit www.redcross.org or call 1-800-768-8048. The American Red Cross has an urgent need for blood and platelet donations as Hurricane Matthew has forced the cancellation of many blood drives. If you’re in an unaffected area, please give blood or platelets, so we can continue to help patients in need. Go to redcrossblood.org or call 1-800-RED CROSS.

The Department of Transportation’s (DOT) Federal Highway Administration (FHWA) is coordinating with affected state Departments of Transportation in anticipation of requests for Emergency Relief funds to repair highways and bridges that get damaged by the storm.  FHWA has deployed about a dozen personnel from division offices to assist with the storm response.  Bridge and road inspectors will make damage assessments once the storm has passed.  

The U.S. Department of Transportation’s Maritime Administration (MARAD) is operating its SafeStor program on the M/V Cape Decision in Charleston, South Carolina, as shelter for local emergency vehicles in the region.  A total of seven agencies, including the Charleston Sheriff's Department, have a total of 53 emergency service vehicles loaded on the Cape Decision’s massive cargo hold to weather out the passage of Hurricane Mathew.  MARAD’s SafeStor program provides safe shelter for emergency equipment and personnel and allows affected areas to be up and running as soon as possible in order.

The Department of Treasury’s Internal Revenue Service (IRS) advises taxpayers to prepare in advance of Hurricane Matthew and stands ready to help after the storm. IRS will monitor the storm’s impact as the October 17 tax filing deadline approaches for those in the impacted areas who filed an extension to file their 2015 tax returns. The latest guidance available here.

Veterans Affairs facilities from Florida through South Carolina are implementing their emergency preparedness plans which includes closing many clinics and suspending non-emergency care services in medical centers.  For up-to-date information about VA facilities, visit here.

The National Weather Service expects Matthew to continue to move along the coast and be near the coast of North Carolina by tonight. Areas as far north as southern Virginia may experience high winds and dangerous flooding. Meanwhile, some residents in Florida and Georgia are beginning to return to their communities and face different risks from downed trees, power lines, and standing water. FEMA has advised residents to listen to local officials and follow all suggested safety measures in their area.

For additional info, imagery, graphics and b-roll, see our Hurricane Matthew web page: http://www.fema.gov/hurricane-matthew.

###

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain and improve our capability to prepare for, protect against, respond to, recover from and mitigate all hazards.

Follow FEMA online at www.fema.gov/blog, www.twitter.com/fema, www.facebook.com/fema and www.youtube.com/fema.  Also, follow Administrator Craig Fugate's activities at www.twitter.com/craigatfema.

The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

BATON ROUGE, La.— Move your recovery forward and get informed to make sure you invest resources properly and rebuild or repair wisely.
 
Contact your community’s floodplain management or building officials to start the inspection process to determine if your home or business is substantially damaged. Also get the proper permits for things like plumbing, electrical system, foundation and structural repairs.

Substantial damage exists in Special Flood Hazard Areas, or floodplains—areas that have increased flooding risks— when the cost of restoring a structure equals or exceeds 50 percent of the structure’s pre-damage market value. However, some communities enforce a more restrictive definition. 
 
It’s important to know the structural damage percentage of your home or business because that information helps determine the work needed to repair or replace the damaged structure. It also helps determine if additional work will be needed to comply with local codes and ordinances.

You may appeal a substantial damage determination with your local officials if you disagree with their decision.

A structure located in a floodplain must be brought into compliance with local regulations if a local official determines it is substantially damaged. Local building departments may have adopted standards higher than FEMA’s that property owners would have to comply with when rebuilding.
 
Owners who decide to rebuild may need to elevate their structures, or change them in some other way to comply with local regulations and avoid future flood losses. Those who own non-residential structures may need to flood-proof their building.

Contact Local Officials About Substantial Damage and Permits,

Property owners who have flood insurance and a substantially damaged building in a floodplain may be able to get additional funds for costs related to complying with local regulations. Contact your insurance agent for more information. 

Your parish emergency management office can assist with contacting your community’s floodplain management or building officials.  Find their contact information online at www.gohsep.la.gov/about/parishpa.

If you have specific questions about your flood insurance policy or flood insurance claim, please call the FEMA call center at 800-621-3362 Monday through Friday from 8 a.m. to 6 p.m. and select Option 2.  If you use TTY, call 800-462-7585.  If you use 711 or Video Relay Service (VRS), call 800-621-3362.

Learn more about mitigation by going online to fema.gov/Louisiana-disaster-mitigation.

Residents Encouraged to Follow Instructions of Local Officials
 

WASHINGTON – The Federal Emergency Management Agency (FEMA) urges residents to follow instructions from state, tribal and local officials as it continues to coordinate requests for assistance from states and tribes affected by Hurricane Matthew with its federal partners at the Regional Response Coordination Center in Atlanta and the National Response Coordination Center at FEMA Headquarters in Washington, D.C.

Yesterday, President Barack Obama declared emergencies for requested counties in Florida, Georgia, and South Carolina, authorizing FEMA to provide support and resources necessary to save lives and protect property.                          .

Experts at the National Weather Service say the powerful storm is expected to turn toward the north-northwest later this morning and will be close to or over the East Coast of Florida through Friday night. Maximum sustained winds have decreased to near 120 miles-per-hour with higher gusts. Rainfall totals of six to 12 inches are expected, with isolated amounts up to 15 inches being forecast along east and central Florida, Georgia and South Carolina through Saturday. Significant storm surge and flooding is also expected in those areas.

“You can rebuild a home, but you cannot rebuild a life,” said FEMA Administrator W. Craig Fugate. “Now is the time to make sure you are listening to your local officials and following their instructions explicitly.”

If you live in areas affected by Hurricane Matthew or know someone in those areas, social media sites like Facebook or Twitter are good way to stay in touch. The American Red Cross has a tool called Safe and Well to keep track of friends and loved ones during and after the storm.  

FEMA support efforts are on-going and include six Urban Search and Rescue task force teams in Florida, and five task force teams in Georgia to assist with anticipated search and rescue efforts.  In addition, an Incident Support Team also is deployed to Georgia to coordinate rescue efforts across these teams.

Incident Support Bases are staffed in Albany, Ga. and Fort Bragg, N.C., to pre-position resources closer to potentially affected areas, should affected states or tribes request them.  Today there are more than 476,000 liters of water and more than 536,000 meals, as well as tens of thousands of cots and blankets on site.

Shelters are open across the potentially impacted states. Download the FEMA mobile app for shelter information, disaster resources, weather alerts, and safety tips, in English and in Spanish. The app provides a customizable checklist of emergency supplies, maps of open shelters and recovery centers, disaster survival tips, and weather alerts from the National Weather Service. The app also enables users to receive push notifications reminding them to take important steps to prepare their homes and families for disasters.

Safety and Preparedness Tips

Hurricane Matthew has the potential for life-threatening rain, wind and storm surge. Those in affected areas should follow the direction of their state, tribal or local officials.

There is the potential for flooding with this storm. Driving through a flooded area can be extremely hazardous and almost half of all flash flood deaths happen in vehicles. When in your car, look out for flooding in low lying areas, at bridges and at highway dips. As little as six inches of water may cause you to lose control of your vehicle. If you encounter flood waters, remember – turn around, don’t drown.

Get to know the terms that are used to identify severe weather and discuss with your family what to do if a watch or warning is issued:

For a hurricane:

  • A Hurricane Watch is issued when a tropical cyclone containing winds of at least 74 miles-per-hour poses a possible threat, generally within 48 hours. 
  • A Hurricane Warning is issued when sustained winds of 74 miles-per-hour or higher associated with a tropical cyclone are expected in 36 hours or less. A hurricane warning can remain in effect when dangerously high water or a combination of dangerously high water and exceptionally high waves continue, even though winds may be less than hurricane force.

For a tropical storm:

  • A Tropical Storm Watch is issued when tropical cyclone containing winds of at least 39 miles-per-hour or higher poses a possible threat, generally within 48 hours.
  • A Tropical Storm Warning is issued when sustained winds of 39 miles-per-hour or higher associated with a tropical cyclone are expected in 36 hours or less.

For flooding:

  • A Flood Watch is issued when conditions are favorable for flooding.
  • A Flood Warning is issued when flooding is imminent or occurring.

To learn more about what to do before, during and after severe weather, visit www.Ready.gov.

###

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain and improve our capability to prepare for, protect against, respond to, recover from and mitigate all hazards.

Follow FEMA online at www.fema.gov/blog, www.twitter.com/fema, www.facebook.com/fema and www.youtube.com/fema.  Also, follow Administrator Craig Fugate's activities at www.twitter.com/craigatfema.

The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

Hurricane Matthew is certain to leave a path of destruction that requires the efforts of the public, private and nonprofit sectors. To help identify areas of need and help response organizations meet the demand for recovery services, Crisis Cleanup has deployed a portion of its free and open source software that organizations may use. You can check out if Crisis Cleanup is a good fit for your organization.

At its core, Crisis Cleanup is a work order management system with a couple of aspects. First, work orders are crowdsourced from the affected public to create a master list of issues. Starting later today, the public will be able to call 800-451-1954 to request help. Second, organizations select the issues that they are willing and best able to address given their capabilities and resources. For example, an organization that focuses on helping survivors with "muck-outs" would self-select the related issues, which would then be taken off the master list so there is not duplication of effort. 

The approach mentioned above is guided by several core principles that may affect your decision to use the tool:

...

http://www.emergencymgmt.com/disaster/Crisis-Cleanup-Can-Aid-in-the-Recovery-of-Hurricane-Matthew.html

Monday, 10 October 2016 00:00

The Changing Face of Hybrid Clouds

The hybrid cloud is considered to be the “safe zone” between the rigidity and poor scalability of private resources and the lack of control in the public domain.

But while it was always expected that hybrids would one day morph into a seamlessly integrated, broadly distributed data ecosystem, that vision is starting to look less feasible, and less desirable, as experience with real cloud architectures grows.

In a recent post on Forbes, Moor Insights & Strategy analyst John Fruehe describes the “hybrid cloud dilemma” in pretty stark terms. He says that from both a security and logistics standpoint, a fully integrated hybrid cloud is proving extremely hard to implement. Rather, current thinking in IT circles is starting to favor a “hybrid cloud environment” in which data and resources may be shared across multiple domains and providers, but individual compute environments will exist in only one. So rather than try to craft a single computing architecture that follows data wherever it goes, the enterprise would do better to focus on the interconnects between clouds to ensure that data can traverse the still distinct computing environments quickly and easily.

...

http://www.itbusinessedge.com/blogs/infrastructure/the-changing-face-of-hybrid-clouds.html

‘ISO 22330 Security and resilience - Business continuity management systems - Guidelines for people aspects on business continuity’ is a new technical specification being developed by ISO. In this article Lynne Donaldson, project lead for ISO 22330, provides some background to why people aspects are being addressed in this specific business continuity guidance.

Nobody said managing people was easy! Organizations face an ongoing challenge to execute plans that deliver desired outcomes over the long term, regardless of their size or mission. The ability of an organization to lead, motivate, develop and engage its people holds the key to how well this is achieved.

Add to the mix the impacts of a disruptive event on operations: from cyber-attack or loss of infrastructure, to natural disaster or act of terrorism, why should the delivery of business continuity be any different?

...

http://www.continuitycentral.com/index.php/news/business-continuity-news/1461-iso-22330-a-new-iso-project-puts-people-at-the-heart-of-business-continuity

Whether it’s malware or hackers or viruses, cyber threats pose significant problems for businesses and companies around the world--and rightfully so. These continue to evolve--and get smarter--making risk management a consuming task for IT teams and MSPs. There were over 400 million known malware instances in 2015 and that number is on the rise in 2016. What’s even scarier is how commonplace breaches and attacks are--almost 60% of IT teams have experienced a breach or attack at some point.

But rather than becoming more skilled at handling these threats, IT teams are more challenged by them now than ever before. And there are plenty of reasons for that. With the proliferation of devices such as laptops, smartphones and tablets, and the rise of account-based information that lives in the cloud, employees and companies are more at risk than ever--and IT teams are scrambling to keep up with rapidly changing tech behaviors.

...

http://mspmentor.net/blog/surprising-state-it-security-unveiled-four-trends

Friday, 07 October 2016 00:00

Why MSPs Need to Automate

An efficient MSP is one that knows how to leverage automation. The more repeatable processes and routine tasks you can automate, the less need you have for time-consuming manual functions that are prone to error.

It’s no wonder then that MSPs constantly are told to automate. It’s good for clients because it creates predictability in the services they receive. Predictability equals peace of mind to clients. When you automate service delivery, you make it much more likely that you can deliver on your promise of network reliability and optimal performance. You minimize the possibility of having to respond to an issue caused by a manual function.

Automation, therefore, is a critical tool for MSPs. As such, you need to think about it in practical terms, not as an abstraction – something to which you pay lip service but never actually put into effect because it’s hard.

...

http://mspmentor.net/blog/why-msps-need-automate

An NSA contractor stealing sensitive government documents is in the news again, and it has nothing to do with Edward Snowden, movies or pardon requests. But it does have everything to do with the ever-present threat of insiders and third-party contractors and how these concerns continue to get swept aside or given less importance than breaches caused by outside actors and nation-states.

You have probably heard about the arrest of Harold Thomas Martin, a Booz Allen Hamilton employee who is alleged to have stolen classified documents and possibly committed other cybercrimes. As the Military Times reported, this incident is yet another reminder that just because your employees have a security clearance, it doesn’t ensure classified information is safe.

Even if your company doesn’t require security clearances, this incident showed just how easy it is for insiders to breach your most sensitive data. As Morey Haber, VP of Technology at BeyondTrust, told me in an email comment:

...

http://www.itbusinessedge.com/blogs/data-security/you-dont-need-to-be-hacked-to-be-breached.html

The Business Continuity Institute - Oct 07, 2016 15:34 BST

Despite most organizations having a data breach preparedness plan in place, only a quarter of organizations are confident in their ability to minimize the financial and reputational consequences of such a breach. These findings are according to a study carried out by the Ponemon Institute on behalf of Experian.

The fourth annual data breach preparedness study shows that data breach preparedness certainly is on companies' radar, and having a response plan in place is par for the course. The number of organizations with a plan increased from 61% in 2013 to 86% in 2016. However, despite this strong majority of companies that now have a response plan in place, 38% of organizations surveyed have no set time period for reviewing and updating it, and 29% have not reviewed or updated their plan since it was put in place.

The lack of planning is especially troublesome when considering the rise of new threats in the marketplace, such as ransomware. In fact, the study showed that 56% of surveyed organizations are not confident that they could deal with a ransomware incident. Additionally, only 9% of survey respondents have determined under what circumstances they would pay to resolve a ransomware incident.

The Cyber Resilience Report, published by the Business Continuity Institute, revealed that two-thirds of organizations experienced a cyber security incident during the previous year and 15% experienced at least 10. This shows that the cyber threat is very real and organizations must take it seriously. This means making sure processes are in place to ensure that data can be recovered quickly and that those processes are tested to make sure that they work.

"When it comes to managing a data breach, having a response plan is simply not the same as being prepared," said Michael Bruemmer, vice president at Experian Data Breach Resolution. "Unfortunately many companies are simply checking the box on this security tactic. Developing a plan is the first step, but preparedness must be considered an ongoing process, with regular reviews of the plan and practice drills. Investing in breach preparedness is like planning for a natural disaster. You hope it will never happen, but just in case, you invest time and resources in a response plan so your company can survive the storm".

Enough of the four-letter acronyms! CMDB, in case this had slipped your memory, stands for configuration management database.

It holds information about your assets, items related to them and any connections or relationships between them. IT and network devices, as well as software and virtual machines, can be represented in a CMDB. So can people, products and services (not just of the IT kind), facilities, clients and suppliers.

With today’s complex IT environments, a software-driven CMDB makes sense for IT asset management, although the initial interest of some years ago did not develop as much as predicted. Now, a new trend in IT could change that.

...

http://www.opscentre.com/comeback-cmdb-asset-management/

Equinix is the most likely buyer of a 14-data center portfolio Verizon Communications has been looking to offload since at least January, according to a note by Cowen and Company analysts issued Tuesday, in which they said a transaction is likely imminent.

The portfolio consist primarily of data centers Verizon gained when it acquired Terremark in 2011, and the analysts estimate that Equinix may pay about $3.5 billion in the transaction, which would be neutral for Verizon and positive for Equinix, given high quality of the Terremark facilities and their locations, which would further increase Equinix’s already enormous global scale.

Verizon is one of several big telcos who expanded their data center footprint several years ago in hopes of capturing share of the growing cloud and data center services market but eventually found it difficult to compete with giants that have specialized in those services, companies like Amazon, Microsoft, Equinix, and Digital Realty Trust. Other examples are CenturyLink, which has been shopping a data center portfolio the bulk of which it took over in 2011 when it acquired Savvis, and AT&T, which reportedly has been trying to divest about $2 billion worth of data center assets.

...

http://www.datacenterknowledge.com/archives/2016/10/05/verizon-said-to-be-nearing-data-center-deal-most-likely-with-equinix/

Thursday, 06 October 2016 00:00

Big Data Storage Takes a Data Lake Swim

As a key point about big data storage, how’s this for a Captain Obvious statement: data is getting bigger. Storage vendors have swung into action to make their systems more scalable, aggregated, faster. This is particularly true for the biggest big data of them all, massive amounts of information whose competitive value requires large-scale analytics.

The “3 V’s” of data storage govern the big data storage arena: Volume, Velocity, and Variety. Big volume is a given – big data storage must have sufficient capacity to store never-ending data growth.

Velocity is the measure of how fast a storage system can ingest and process massive amounts of incoming data. Variety describes mixed data types and file sizes, which in big data may differ radically depending on its source: machine sensors, laboratory experiments, cyber archaeology, weather tracking, medical experiments, documents, logs, files, email, clickstreams and more.

...

http://www.enterprisestorageforum.com/storage-management/big-data-storage-takes-a-data-lake-swim.html

BATON ROUGE, La. – Nonprofit organizations that experienced damage or losses from the August floods may apply for Federal Emergency Management Agency Public Assistance grants to help them get back to the business of helping others.

As part of its mission, FEMA provides grants to state, tribal and local governments and certain private nonprofits through its Public Assistance program. For the August floods, these grants reimburse 90 percent of eligible costs for emergency protective measures, and repair and restoration of public facilities and infrastructure to pre-disaster condition.

Only certain nonprofit organizations (PNPs) are eligible. If they provide critical services, such as education, utility, emergency or medical, they can apply directly to FEMA. Those that provide non-critical, essential services to the community must first apply for a low-interest loan from the U.S. Small Business Administration (SBA). FEMA may pay for all eligible emergency work and the permanent work not covered by an SBA loan.

Essential service providers include:

  • Child care centers;
  • Libraries, museums and zoos;
  • Community centers;
  • Disability advocacy and service providers;
  • Homeless shelters and rehabilitation facilities;
  • Social and human services organizations for children, youth and adults; and
  • Senior citizen centers.

For more information about eligible essential and critical service providers, reference FEMA’s Public Assistance Program and Policy Guide on FEMA.gov.

A nonprofit that can prove its tax-exempt status from the IRS or the state can begin the process by submitting a Request for Public Assistance (RPA) to the State of Louisiana. RPA forms can be downloaded and submitted at louisianapa.com/site/resources/cfm (in the “forms” section). The State of Louisiana will forward completed applications to FEMA for eligibility determination.

Local emergency management offices may also provide information about the grant process. A list of Louisiana’s parish emergency managers can be found online at gohsep.la.gov/about/parishpa.

For information about SBA loans, contact SBA’s Disaster Assistance Customer Service Center by calling 800-659-2955, emailing This email address is being protected from spambots. You need JavaScript enabled to view it., or visiting SBA’s website at SBA.gov/disaster.

Follow our 10-point, step-by-step guide for creating an efficient and effective risk mitigation plan as part of your business continuity strategy.

Business Continuity is all about risk mitigation, and a risk mitigation plan is essential. If you are not looking at how to reduce, eliminate, or accept risks, you are missing the mark. While not everything you create or spend time doing will directly impact risk mitigation, you should always be able to identify how each activity relates to mitigating risk. If this is not the case, you may want to reconsider why you are performing that task. To that end, we have developed the following checklist to help you develop a general risk mitigation plan, as well as create plans or actions for specific risks in your organization. We suggest the use of checklists as they are efficient, straightforward, and ensure important items are not missed.

...

http://www.mha-it.com/checklist-for-creating-a-risk-mitigation-plan/

With regulatory environments changing continually and the stakes in many industries extremely high, compliance professionals are under a lot of pressure to eliminate threats to good standing. And while a business may invest significant resources in maintaining compliant processes, policies and protocols, the devil is often in the details – specifically, in the compliance reporting process itself. In industries from pharmaceuticals to human resources, compliant operations can be undermined by sloppy or merely inadequate reporting – with costly results.

In the insurance industry, for example, headlines about the downfall of the head of a promising insurance startup in early 2016 showcased the perils to companies and business leaders when they fail to prioritize compliance and credentialing. The result was not only devastating to the company’s investors, it also led the DOL to implement tighter compliance regulations. While this case was not about actual fraud, unintentional reporting errors can be nearly as damaging.

...

http://corporatecomplianceinsights.com/reducing-risk-compliance-automation-not-mention-cya/

Wednesday, 05 October 2016 00:00

Massive Hack Hits Continuum MSPs, End Clients

Continuum is tightening security and warning managed services providers (MSPs) to be on the lookout for malicious activity after a massive cyberattack penetrated the software vendor’s IT management systems and compromised an unknown number of end-user client servers, the company confirmed today.

MSPs were notified in early August that a breach originating with a legacy IP scanner tool had spread, resulting in unauthorized administrator accounts being created inside customer networks.

More than two months after the hacking attack was initially discovered, the full extent of the damage remained unknown.

...

http://mspmentor.net/msp-mentor/massive-hack-hits-continuum-msps-end-clients

Wednesday, 05 October 2016 00:00

Data Encryption: Your Customers Need It

When Target suffered a massive data breach in late 2013, hackers gained access to the company’s network and filched valuable credit and debit card information belonging to millions of the retailer’s customers.

Intruders had burrowed their way into the corporate network by compromising the security of a third-party vendor working with Target - in this case an HVAC refrigeration contractor called Fazio Mechanical Services, which monitored the chain’s climate systems.

The spectacular circumstances surrounding the breach attracted obvious notoriety. But the incident also stoked wider concern among cloud administrators about data security, especially pertaining to situations in which third parties also have access to corporate networks.

...

http://mspmentor.net/cloud-services/data-encryption-your-customers-need-it

Container uptake in the enterprise is moving at light speed, to the point that by the end of the year, organizations that are not using the technology in some form will be in the distinct minority.

But while deploying containers in the test bed or in limited production environments is one thing, running them at scale is quite another. And while most people agree that containers can improve the performance and flexibility of a wide swath of enterprise applications, it seems that few organizations have fully charted out the use cases within their particular data environment.

This can be dangerous because, as Miska Kaipiainen, CEO of open source container developer Kontena, points out, the way you plan to use containers is crucial when determining how they are to be configured and deployed. Are they intended to support large database applications or web services? The difference could influence the level of scale you’ll need and the degree of flexibility across the deployment. And in most cases, the core container technology is the same, but increasingly they are becoming optimized for key applications that require varying levels of security, network support and policy management.

...

http://www.itbusinessedge.com/blogs/infrastructure/containers-are-nifty-but-what-are-the-use-cases.html

Wednesday, 05 October 2016 00:00

Automic Simplifies Business Process Automation

Automation of any given end-to-end process represents something akin to business nirvana. The basic idea is that the process is so well defined and repeatable that just about every cost associated with delivering it can be driven out. The challenge is that most business processes wind up touching so many applications and systems that the tools that can drive that level of automation are few and far between.

As one of the providers of such tools, Automic Software is now moving to make it possible to automatically provision an application via a single click, while also providing a means for secure sharing of automation artifacts via an Automic cloud service.

Version 12 of the Automic suite of automation tools adds analytics tools as well as an upgraded user interface that unifies navigation across the Automic suite. Finally, Automic Software is now providing tools to capture business process blueprints, manage specific service level agreements (SLA) attached to any automated process, and update Automic agent software without having to take any of the applications offline

....

http://www.itbusinessedge.com/blogs/it-unmasked/automic-simplifies-business-process-automation.html

BATON ROUGE, La. — If your home or business is damaged by a flood, you may be required to meet certain building requirements in your community to reduce future flood damage before you repair or rebuild. The National Flood Insurance Program (NFIP) Standard Flood Insurance Policy provides Increased Cost of Compliance (ICC) coverage, which may be available to help cover the costs of meeting those requirements, subject to eligibility.

If eligible, NFIP insurance policyholders may receive up to $30,000 of ICC coverage to help pay the costs to bring their building into compliance with their community’s floodplain ordinance. The coverage availability and payment limits are subject to the terms of the policy and maximum coverage limits, including all applicable NFIP rules and regulations.

Four options you can take to comply with your community's floodplain management ordinance to reduce future flood damage include:

  • Elevation. This raises your home or business to or above the flood elevation level adopted by your community.
  • Relocation. This moves your home or business out of harm's way.
  • Demolition. This tears down and removes flood-damaged buildings.
  • Floodproofing. This option is available primarily for non-residential buildings. It involves making a building watertight through a combination of adjustments or additions of features to the building that reduces the potential for flood damage.

You may be eligible to file a claim for your ICC coverage in two instances:

  1. When your community determines that your building is “substantially damaged,” wherein the cost to repair or improve the structure exceeds its market value by a threshold amount adopted by law or ordinance. Community building officials are responsible for the issuance of substantial damage declarations.
  2. When your community has a “repetitive loss” provision in its floodplain management ordinance and determines that your building was damaged by a flood two times in the past 10 years, where the cost of repairing the flood damage, on average, equaled or exceeded 25 percent of its market value at the time of each flood.

If your community does determine that your building is substantially or repetitively damaged, a local official will explain the floodplain management ordinance provisions that you will have to meet. You may also want to consult with the local official before you make the final decision about which of the options to pursue.

Once your community has made its determination, contact your insurer or insurance agent to file an ICC claim. You should start getting estimates from contractors to take the necessary steps to FRED — floodproof, relocate, elevate or demolish.

When the work is completed, local officials will inspect it and issue a certificate of occupancy or a confirmation letter.

It’s important to remember that only policyholders with substantially or repetitively flood-damaged buildings may be eligible for ICC coverage. ICC helps pay for the costs of meeting the floodplain management requirements adopted by law or ordinance in your community. Any item paid for in the original flood damage claim cannot be duplicated in the ICC payment.

For more information on ICC coverage, call your insurance company or agent, or call the NFIP toll-free at 800-427-4661. TDD# 800-427-5593.

Last week, more than 200 earthquakes had been recorded deep under the Salton Sea in Southern California. The rapid succession of small earthquakes — three measuring above magnitude 4.0 — began rupturing near Bombay Beach, continuing for more than 24 hours.

The temblors were not felt over a very large area, but they have garnered intense interest — and concern — among seismologists. It marked only the third time since earthquake sensors were installed there in 1932 that the area had seen such a swarm, and this one had more than the past two events in 2001 and 2009. The concern is that this small quakes may awaken the mighty San Andreas fault.

The San Andreas fault’s southernmost stretch has not ruptured since about 1680 — more than 330 years ago, scientists estimate. And a big earthquake happens on average in this area once every 150 or 200 years, so experts think the region is long overdue for a major quake. The swarm actually increased the likelihood of a much more major quake in Southern California, at least temporarily.

...

https://ems-solutionsinc.com/blog/earthquake-swarm-increases-chances-of-the-big-one/

Wednesday, 05 October 2016 00:00

BCM & DR: Managing Expectations

I’ve sat through many meetings between IT and Business Unit (BU) representatives where people assume they know what the other wants or is trying to say; constantly interrupting and providing their own commentary before the other finishes theirs.  Has this ever happened to you and were you the interrupter or the interrupted?  Maybe both depending on the meeting.  It got me thinking that there is often a big gap between what the Business Unit needs (or wants) with that of current technology capability…or understanding.

Too often the two don’t speak the same language and instead of listening and then requesting clarification to get a clearer picture of what is needed, the two interrupt each other and make lots of assumptions when the meeting ends.  This doesn’t help anyone.

I was listening to a recent webinar about Recovery Time Objectives (RTO) and how IT develops them…and then later in the day I was reading a document at a client site, which outlined the RTO that was set by a specific Business Unit.  I did a bit of digging through corporate sites and through a few questions and found that there was actually two (2) sets of RTO’s.  The first was the one desired by the BU and then one based on actuality from IT.  I asked how come there was such a difference and no one could answer it.  It turns out the two almost never touched base on the subject so there was no reconciliation or confirmation of what the actual RTO would be.

...

https://stoneroad.wordpress.com/2016/10/04/bcm-dr-managing-expectations/

In my recent blog, entitled “A Case for Data Lakes in Upstream”, we explored the benefits of implementing a data lake in the upstream industry. As a follow-up, in this post I will dive deeper and discuss how a data lake architecture should look.  Assuming a capital investment has been made and the proper governance is in place, a savvy Upstream energy executive will be interested in how a big data analytics platform can be integrated with existing infrastructure to provide a high level of business value insight extraction.

A natural lake is typically created when many water sources converge to fill it. Rain, streams and tributaries unite to create this new entity.  Similarly, a data lake is made up of data from myriad sources, (e.g. PDFs, spreadsheets on a SharePoint site, data warehouses) consisting of multi-structured data.  These data sources flow into the lake and should be deposited in the landing zone or “raw” area.  From there, data will be modified and placed in either the “refined” area or the “user-defined” area, each of which has a designated role to play.

...

http://www.enaxisconsulting.com/diving-deeper-data-lake-architecture-in-upstream/

Overprovisioned. Undersubscribed. Those are some of the most common adjectives people apply when speaking about IT architecture or data centers. Both can cause data center operational issues that can result in outages or milder reliability issues for mechanical and electrical infrastructure. The simple solution to this problem is to “right-size your data center.”

Unfortunately, that is easier to say than to actually do. For many, the quest to right-size turns into an exercise akin to a dog chasing its tail. So, we constantly ask ourselves the question: Is right-sizing a fool’s errand? From my perspective, the process of right-sizing is invaluable; the process provides the critical data necessary to build (and sustain) a successful data center strategy.

When it comes to right-sizing, the crux of the issue always comes down to what IT assets are being supported and what applications are required to operate the organization. However, with the variability in computer load and the ability to load-balance and shift loads within the data center without any disruption to operations, let alone the ability direct these IT loads to other data center, picking the size of mechanical/electrical infrastructure is the challenge.

...

http://www.datacenterknowledge.com/archives/2016/10/04/is-right-sizing-your-data-center-a-fools-errand/

IT risk management can be a risk all by itself. Although the principles sound straightforward, applying them incorrectly can lead to wasted effort, mistakes in risk postures, and failing to spot relevant risks or changes in those risks.

At best, you could end up with a risk management approach that leaves other experienced parties sighing with disappointment. At worst, your enterprise could be unprepared and exposed if risks turn into reality. Avoiding the following traps can be a good way to start improving the situation.

...

http://www.opscentre.com/four-pitfalls-risk-management-avoid/

John Boruvka looks at the findings of a recent IDG Research survey, explores its implications for business continuity, and looks at what you can do about it.

Many organizations protect their utmost critical applications with business continuity plans, and that’s great; but where is the plan for the next 20 or 30 applications that still have significant impact on the business?  The results of a recent IDG Research survey reveal that 55 percent of critical software applications do not meet expectations for application support. As you may expect, this wastes valuable resources, drives up costs, and disrupts the continuity of your business operations. If you are concerned with business continuity in your company, it’s important to understand the risks associated with licensing critical software applications, and why you need to take protections to safeguard the software at the heart of your business operations.

Reasons why vendors don’t meet support expectations

Any software application can be mission-critical in today’s digitized business world. A company can only survive and thrive when it gets adequate support for the applications that drive it. In the IDG Research survey, sponsored by Iron Mountain, IT decision makers reported on a number of reasons why an outside vendor did not meet support expectations, as shown in figure one.

...

http://www.continuitycentral.com/index.php/news/business-continuity-news/1449-business-continuity-for-critical-software-applications

Tuesday, 04 October 2016 00:00

Cybersecurity’s False Front

It’s the beginning of October and that means it is Cybersecurity Awareness Month. We certainly came into this month with a lot of cybersecurity news that has businesses, government and consumers alike taking notice of the risks involved in a breach and the fact that we have a real need for improved cybersecurity practices. I thought this would be a good time to take a look at what the cybersecurity landscape looks like right now.

We’re making some progress in the cybersecurity battle but there is still a long way to go. At least, that’s what CyberArk’s 10th annual Global Advanced Threat Landscape Survey found. According to the report, 82 percent of organizations believe the IT security industry has made some headway against cyberattacks, but any progress has been stymied by poor security practices in three primary areas: privileged access, the cloud and third-party access. While companies are thinking about breaches, the report added, the focus seems to continue to be on the post-breach process, and IT and security departments are overconfident in their ability to stop attacks – an overconfidence that may actually be putting networks and data at greater risk. As John Worrall, CMO with CyberArk, said in a formal statement:

- Advertisement -

The findings of this year’s Global Advanced Threat Landscape Survey demonstrate that cyber security awareness doesn’t always equate to being secure. Organizations undermine their own efforts by failing to enforce well-known, security best practices around potential vulnerabilities. There’s a fine line between preparedness and overconfidence.

...

http://www.itbusinessedge.com/blogs/data-security/cybersecuritys-false-front.html

(Bloomberg Gadfly) — If horror-film villain Freddy Krueger had threatened terror for nine movies but never followed through with evil acts, eventually movie-goers would have stopped being scared of him.

Google is at risk of becoming that neutered Freddy Krueger.

For years, Google’s cloud software for businesses has been seen as a scary, looming threat to Amazon Web Services (AWS) and Microsoft. It has Google Apps for Work, a competitor to Microsoft Office, and a relatively newer cloud business vying against AWS and Microsoft to take over back-end computing chores. Executives have said they expect Google’s cloud software to make more money than its ad products in 2020.

To put that ambition in context, Google’s ad products generated $67 billion in revenue last year.

...

http://www.datacenterknowledge.com/archives/2016/10/03/google-must-prove-its-making-headway-in-the-cloud-gadfly/

Data breaches can wreak havoc on organizations. While most companies concentrate their security energies on fighting hackers and educating end users, one area of security that seems to be getting the short shrift is proper data removal.

According to a study by Blancco Technology Group, more than half (53 percent) of global IT professionals use two common, but ineffective, methods to erase data on corporate desktop/laptop computer, external drives and servers.

The study, Delete vs. Erase: How Companies Wipe Active Files, involved 400 IT professionals in the U.S., Canada, Mexico, UK, France, Germany, Japan, China and India.

...

http://www.itbusinessedge.com/blogs/smb-tech/majority-of-organizations-use-wrong-data-erasure-tactics.html

BATON ROUGE, La. – FEMA has awarded the state approximately $146 million to reimburse local entities for expenses related to response and recovery efforts as a result of August’s severe storms and floods.

Here is a breakdown of the funding:

  •  Nearly $40 million for debris removal expenses in East Baton Rouge Parish.
  • More than $6 million for debris removal expenses in Livingston Parish.
  • More than $5 million for expenses related to the National Guard’s public safety actions during the disaster response.
  • Nearly $95 million for the state’s Shelter at Home program that provides emergency repairs to disaster-damaged homes of disaster survivors.

FEMA continues working with its local and state partners to ensure they are reimbursed all eligible disaster-related expenses.  

The funds were made available through FEMA’s Public Assistance (PA) program. The program reimburses disaster-related expenses to eligible local, state and certain private nonprofit entities in 26 designated parishes to repair or replace disaster-damaged facilities and infrastructure.

The 26 designated parishes for PA funding are Acadia, Ascension, Assumption, Avoyelles, Cameron, East Baton Rouge, East Feliciana, Evangeline, Iberia, Iberville, Jefferson Davis, Lafayette, Livingston, Point Coupee, St. Charles, St. Helena, St. James, St. John the Baptist, St. Landry, St. Martin, St. Tammany, Tangipahoa, Vermilion, Washington, West Baton Rouge and West Feliciana.

FEMA typically reimburses 75 percent of eligible PA expenses. However, applicants will be reimbursed 90 percent of eligible PA expenses given the magnitude of the August severe storms and floods. The federal portion is paid directly to the state, which then disburses the funds to the applicants.

Excavator picking up debris on the side of the road.
Wednesday, Aug. 24, 2016. Debris cleanup begins in Zachary, La. (Photo by J.T. Blatty/FEMA) Download Original

According to the results of a recent Alertsec survey of 1,200 U.S. residents, 97 percent of respondents said data breaches "unsettle" them and result in negative brand perception.

Almost a third (29 percent) of respondents said it would take them several months to begin trusting a company again following a data breach.

And while 22 percent of respondents said it would only take them a month to forgive the company, 17 percent of men and 11 percent of women said their trust in the company would be lost permanently.

...

http://www.esecurityplanet.com/network-security/97-percent-of-consumers-say-theyre-unsettled-by-data-breaches.html

When authorities zeroed in on suspect Ahmad Khan Rahami in connection with recent bombings in Manhattan and New Jersey, they called on a formidable new force in the manhunt. We’re not talking about a branch of law enforcement or a covert Special Forces agency. We’re talking about millions of civilians with the unprecedented potential to aid in Rahami’s capture thanks to receiving real-time smart phone alerts aimed at harnessing their collective vigilance. Let’s take a closer look at this breakthrough technology, along with highlighting how community policing is transforming public safety.

What is Community Policing?

While police exist to protect people and property, the fact is that there are only so many of them. Simply put: they can’t be everywhere at every time. But this doesn’t have to mean that their reach is compromised by their limited numbers. Enter community policing.

...

http://blog.sendwordnow.com/manhunts-go-digital-community-policing-toward-enhanced-public-safety

The Business Continuity Institute - Oct 04, 2016 15:29 BST

Writing a business continuity plan is a piece of cake these days, isn't it? A quick trawl of the internet will turn up several plan templates that you can download, or you could try and get hold of another organization's plan from one of your friends or acquaintances. Then all you need to do is to insert your organization's name and contact details and Bob's your uncle, there's your plan.

Clearly this is utter nonsense! However, it's surprising, if not a mite worrying, that some people actually adopt this approach. But it's missing the point somewhat. And the point is that there's a huge difference between a business continuity capability and a business continuity plan.

Developing that capability means planning as opposed to just writing a plan. It means having a strategy and implementing solutions. And, amongst other things, it means involvement from the business, education and awareness and exercising and testing, to develop, instil and prove that capability.

Filling in your details in someone else's document might make you feel like you've got a plan. Just don't expect it to actually work when you need it will you?

Andy Osborne is the Consultancy Director at Acumen, and author of Practical Business Continuity Management. You can follow him on Twitter and his blog or link up with him on LinkedIn.

ATLANTA, Ga. – Disaster Survivor Assistance Teams are working in hurricane-stricken neighborhoods to help Florida hurricane survivors register for assistance.

The teams are made up of disaster specialists from the Florida Department of Emergency Management (FDEM) and the Federal Emergency Management Agency. They are canvassing areas to give residents an opportunity to register for disaster assistance and to quickly identify and address immediate and emerging needs. The teams can also provide application updates and referrals to additional resources when needs remain.

These mobile team members can be identified easily by their photo identifications and FDEM or FEMA clothing. Florida residents are reminded to ask for photo identification before providing personal information.

Homeowners, renters and business owners affected by Hurricane Hermine from August 31 to September 11, 2016, in Citrus, Dixie, Hernando, Hillsborough, Leon, Levy, Pasco, and Pinellas counties are eligible to register for federal assistance.

In addition to the registration opportunity offered by recovery teams, survivors can register for assistance by the following methods:

  • Online at DisasterAssistance.gov.
  • By calling the FEMA helpline at 800-621-3362, which is video relay service accessible. Survivors who are deaf or hard of hearing or who have difficulty speaking may call TTY 800-462-7585. Lines are open from 7 a.m. to 10 p.m. local time, seven days a week. Assistance is available in multiple languages.
  • Business owners can find an electronic loan application on the U.S. Small Business Administration’s secure website at https://disasterloan.sba.gov/ela. Questions can be answered by calling the SBA disaster customer service center at 800-659-2955/ (TTY) 800-877-8339 or visiting sba.gov/disaster.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-FEMA (3362). For TTY call 800-462-7585.

FEMA’s temporary housing assistance and grants for public transportation expenses, medical and dental expenses, and funeral and burial expenses do not require individuals to apply for an SBA loan. However, applicants who receive SBA loan applications must submit them to SBA loan officers to be eligible for assistance that covers personal property, vehicle repair or replacement, and moving and storage expenses.

(TNS) - Hurricane Matthew bore down on Jamaica and Haiti Saturday as an "extremely dangerous" Category 4 storm, following a projected path that showed an increased risk to South Florida.

Conditions had already begun deteriorating Saturday in Jamaica, where high waves pounded the coast and flooding temporarily cut the road from the airport to the capital. Authorities said a hurricane watch, already posted for Jamaica and Haiti, could be extended to eastern Cuba later Saturday.

The storm, which reached monstrous Category 5 strength overnight, with winds of 160 miles per hour, weakened slightly Saturday to a Category 4, with maximum sustained winds of 140 miles per hour, according to the National Hurricane Center.

...

http://www.emergencymgmt.com/disaster/Hurricane-Matthew-bears-down-on-Caribbean-islands-may-threaten-South-Florida.html

ATLANTA, Ga. – The Federal Emergency Management Agency has extended federal disaster aid in eight Florida counties to help the state, local and tribal governments and certain private nonprofits cover disaster-related expenses and the repair or rebuilding of critical infrastructure.

The state, local and tribal governments and certain private nonprofits in Alachua, Baker, Gilchrist, Manatee, Marion, Sarasota, Sumter, and Union counties can now request funding through FEMA’s Public Assistance grant program to help pay for debris removal, emergency protective measures, and the repair or rebuilding of roads, bridges, water control facilities, buildings, equipment, utilities, parks and recreational facilities.

Citrus, Dixie, Franklin, Jefferson, Lafayette, Leon, Levy, Liberty, Madison, Pasco, Pinellas, Suwannee, Taylor, and Wakulla counties were previously designated for FEMA Public Assistance funding.

“The additional federal infrastructure funding is intended to help Florida’s hard-hit communities recover from the devastation left by Hurricane Hermine,” said Federal Coordinating Officer Terry L. Quarles.

Assistance for Individuals and Businesses

Individuals and businesses in Citrus, Dixie, Hernando, Hillsborough, Leon, Levy, Pasco, and Pinellas counties can begin the disaster assistance process by registering online at DisasterAssistance.gov or by calling 800-621-3362, which is video relay service accessible.

Survivors who are deaf, hard of hearing or who have difficulty speaking may call TTY 800-462-7585. Helpline hours are 7 a.m. to 10 p.m. local time, seven days a week until further notice.

Disaster assistance may include money to help pay for temporary housing and essential home repairs. Low-interest SBA loans may also be available for losses not covered by insurance or other sources.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-FEMA (3362). For TTY call 800-462-7585.

FEMA’s temporary housing assistance and grants for public transportation expenses, medical and dental expenses, and funeral and burial expenses do not require individuals to apply for an SBA loan. However, applicants who receive SBA loan applications must submit them to SBA loan officers to be eligible for assistance that covers personal property, vehicle repair or replacement, and moving and storage expenses.

Monday, 03 October 2016 00:00

The (Sad) Case for BYOD Management

It wasn’t that long ago we were debating the value (improved productivity, increased employee satisfaction) personal mobile devices could bring to the enterprise, beyond BlackBerry Enterprise Server. Note I say "could." Just a few short years ago, we were still discussing whether or not organizations should allow employees to rely on mobile devices for work and whether that would come via personally owned devices or a fleet of pre-approved devices owned and managed by the organization. Fast forward to 2016, and that conversation is nearly null and void--people use their own devices for work whether the organization ultimately "prefers" it or not.

But are your customers equipped to handle the security challenges mobile devices inevitably bring?  Sadly, a new survey commissioned by Bitglass says no. While 72 percent of organizations support BYOD for some or all employees, just 14 percent have deployed some kind of mobile device management.

If your customers are struggling to rein in the use of mobile devices and implement basic data security, here are a few simple steps you can offer to help them get started.

...

http://mspmentor.net/blog/sad-case-byod-management

The global buildout of cloud data centers by internet giants is marching on. The latest move and countermove in the cloud arms race came from Amazon and Google this week, both companies announcing new locations they are adding to their growing lists of cloud availability regions.

They, as well as Microsoft and IBM, have been investing billions of dollars collectively to expand the global reach of their cloud empires by both building data centers and leasing space from data center providers, such as Digital Realty Trust, Equinix, T-Systems, EdgeConneX, and 21Vianet, among others.

Extending physical infrastructure into new regions reduces latency for customers in those regions, gives users more backup location options, reduces data transport costs (for both users and cloud providers themselves), and helps organizations comply with data-location regulations, wherever they apply

...

http://www.datacenterknowledge.com/archives/2016/09/30/amazon-google-detail-next-round-cloud-data-center-launches/

Let’s admit it. We don’t always read everything corporate sends out. We are all bogged down with too many emails, voicemails we rarely hear, and well-meaning company newsletters that hardly get a look. No offense to the people who take the time to put them together, but we all have a lot to manage these days and kind of assume the critical stuff will get to us somehow.

What can a company do to improve employee communications open rates? Here are a few ideas to ensure you get your messages heard.

...

https://www.alertmedia.com/how-to-get-workers-to-listen-to-employee-communications

BATON ROUGE, La.— A quick fix may change your decision if you applied for FEMA help following Louisiana’s August severe storms and floods and you disagree with your determination letter.                                                                                                  

Everybody has a right to appeal. Read your determination letter carefully to understand FEMA’s decision and know exactly what you need to do for your appeal. Many times applicants just need to submit some extra documents for FEMA to process their application. FEMA can reconsider you in some cases if you:                                

  • Submit insurance documents. Provide documents from your insurance company that detail your coverage or settlement is insufficient to make essential home repairs, provide a place to stay, or replace certain contents. FEMA cannot duplicate homeowner or renter insurance benefits.
  • Prove occupancy. Provide documents that prove the damaged home or rental was your primary residence by supplying a copy of utility bills, driver’s license or lease.
  • Prove ownership. Provide documents such as mortgage or insurance documents, tax receipts or a deed. If you don’t have a deed handy, contact your local or parish officials about obtaining a copy.

There are many other reasons you may disagree with FEMA’s decision. If you feel the amount or type of assistance is incorrect, submit an appeal letter and any documents to support your claim, including a contractor’s estimate for home repairs. You should have received a booklet called "Help After a Disaster" that explains what you need to provide for your situation. The booklet is available online at www.fema.gov/help-after-disaster.

Your letter should also include:

  • Your full name
  • Your registration number on all pages
  • The FEMA disaster declaration number—DR-4277-LA—on all pages
  • Your signature

Mail documents and your letter within 60 days of receiving your determination letter to:

FEMA National Processing Service Center

P.O. Box 10055

Hyattsville, MD 20782-7055

You can also submit them online at disasterassistance.gov or fax them to 800-827-8112.

If you have any questions about submitting insurance documents, proving occupancy or ownership, or anything else about your determination letter, you may call the FEMA helpline at 800-621-3362. If you use TTY, call 800-462-7585. Those who use 711 or Video Relay Service can call 800-621-3362. Lines are open from 7 a.m. to 10 p.m., seven days a week. You can also visit a Louisiana disaster recovery center and speak with a disaster assistance representative. Locate your closest center by going online to fema.gov/drc or by calling the FEMA helpline.

What to do if you disagree with FEMA’s decision letter1. Read the letter carefully to find out why the decision was made.Do you need to provide additional information?• Insurance determination letter.• Proof of occupancy or ownership.• Proof of ID.• Applicant’s signature.Common reasons for the initial decision:• The damage was to a secondary home or a rental property, not a primary residence.• Someone else in the household applied and received assistance.• Disaster-related losses could not be verified.• Insurance covered all losses.2. Contact FEMA for help with filing an appeal or any questions.Call800-621-3362 (711 or Video Relay Service available)800-462-7585 (TTY)VisitA Disaster Recovery Center3. File a written appeal.Explain why you think the decision was not correct.• Provide supporting information and documents.• Include your FEMA registration number on all documents.• Sign the letter.Mail or fax your appeal within 60 days of the decision letter date, or drop it off at a Disaster Recovery Center.
This graphic explains the appeals process for individuals who've applied for disaster assistance. Download Original

On September 13, 2016, the New York State Department of Financial Services (DFS) released proposed cybersecurity regulations for financial institutions.1 When the regulations become effective, they will make New York the first state to implement mandatory cybersecurity requirements on financial institutions, though others are now likely to follow New York’s lead. The regulations are the culmination of several years of DFS interest in how financial services companies address cybersecurity issues. The regulations will be open for public comment for 45 days and are set to take effect on January 1, 2017.

The proposed regulations apply to all entities that are licensed or registered under New York banking, insurance or financial services laws, which include a broad array of institutions, such as: state-licensed banks, savings banks, insurance companies, private bankers, licensed lenders, mortgage companies and state-licensed offices of non-U.S. banks.2 Under the proposed regulations, covered institutions must appoint a chief information security officer3 and “[s]enior management must take this issue seriously and be responsible for the organization’s cybersecurity program and file an annual certification confirming compliance with these regulations.” In addition, the proposed regulations require covered entities to report to DFS within 72 hours any cybersecurity event “that has a reasonable likelihood of materially affecting the normal operation of the entity or that affects Nonpublic Information.”

...

http://corporatecomplianceinsights.com/new-york-dfs-announces-new-proposed-cybersecurity-regulations/

A recent Bitglass survey of more than 500 IT professionals found that one in three respondents said their enterprise has experienced an insider attack in the last year, and fully 74 percent said their enterprise is vulnerable to insider threats.

Fifty-six percent of respondents said insider leaks have become more frequent in the past year.

Seventy-one percent said they're most concerned about inadvertent leaks resulting from the use of unsanctioned apps, unintended external sharing, and unsecured mobile devices. Sixty-eight percent are concerned about leaks resulting from negligence, and 61 percent are concerned about leaks caused by malicious insiders.

...

http://www.esecurityplanet.com/network-security/one-third-of-enterprises-have-suffered-an-insider-breach-in-the-past-12-months.html

(TNS) - A marker line on the archway of a door in Vinyl Acres on East Patrick Street marks where 3 feet of water reached one year ago after a flood.

“It keeps us from exaggerating,” co-owner Martha Hull said of the water that was throughout the building.

The business, which sells used records, lost about $30,000 of inventory and was closed for a few weeks, but has recovered with the help of the community, she said. Vinyl Acres was one of several businesses damaged by heavy rain and flooding Sept. 29, 2015.

...

http://www.emergencymgmt.com/disaster/-One-year-after-flood-Frederick-businesses-grateful-for-communitys-help-in-recovery.html

Friday, 30 September 2016 00:00

MSP Goes From Worst Year to Best Year

A simple business philosophy has largely guided Michael Cook in operating his Norwood, Mass., managed services provider (MSP).

“It’s kind of common sense,” said the CEO and founder of 17-year-old Corporate IT Solutions (CITS). “I never had a lot of advice or consulting.”

That changed last year, when Cook felt he could no longer stand by in the face of some worrying and pervasive trends.

...

http://mspmentor.net/msp-mentor/msp-goes-worst-year-best-year

If you were one of the 500 million who were affected by the Yahoo breach (and I’m right there with you), you have something in common with the top 1,000 companies in the Forbes Global 2000 list. According to research conducted by Digital Shadows, 97 percent of organizations have breached credentials publicly available online, with a median average of 706 credentials per organization. This information is regularly sold, traded, or shared by the hackers, even years after the initial breach occurs. As the report stated:

As a result, the number of compromised credentials that are available online is staggering, providing a goldmine for attackers. With this in mind, it is unsurprising that one report claimed that breached credentials were responsible for 63 percent of data breaches.

These credentials, like passwords and other authentication data, open the door for more damage, the report stated, saying that threat actors will use that information to take over accounts, extort specific individuals within the company, and turn computers into botnets.

...

http://www.itbusinessedge.com/blogs/data-security/most-of-us-are-victims-of-compromised-credentials.html

Friday, 30 September 2016 00:00

Are You As Prepared As You Think You Are?

We’d like to think we’d know what to do in an emergency, but studies show many Americans are not as prepared as they think they are. If we, as private citizens, haven’t prepared our homes and families for emergencies, how can we expect our employers to have a plan in place?

Preparing your home for an emergency is quite different than your workplace. We assume our managers and executives have some sort of plan in the books, right? Maybe the answer is in a poll that revealed more than half of Americans assume local authorities will come to their rescue with disaster strikes, whether at home or in the office. If you’re a business owner or have a management role, particularly related to security, maybe it’s time to look at mass notification software as part of an emergency plan.

...

https://www.alertmedia.com/are-you-as-prepared-as-you-think-you-are/

(TNS) - Tropical Storm Matthew is gaining strength while moving into the Caribbean Sea and could become a hurricane later today, forecasters say.

It's too soon to tell what impact Matthew might have on Florida as its path is still fairly uncertain, but local forecasters say they'll watching this weekend.

An Air Force Reserve Hurricane Hunter plane flew into the storm this morning and found maximum sustained winds of 70 mph, according to the National Hurricane Center in Miami. Winds need to reach 74 mph for Matthew to be upgraded to a hurricane.

...

http://www.emergencymgmt.com/disaster/Tropical-Storm-Matthew-could-be-hurricane-soon-forecasters-say.html

(TNS) — Missouri’s Department of Health and Senior Services is developing a statewide plan for handling the Zika virus, despite federal aid being held up until late Wednesday to assist states in fighting the possibility of an outbreak.

After months of political wrangling, Congress late Wednesday passed a short-term resolution keeping the government open at current spending levels into the new fiscal year, which begins on Saturday, averting a potential shutdown. It includes funding for states to fight the Zika virus and the mosquitoes that carry it.

Zika is a mosquito-borne virus linked to birth defects, putting pregnant women in particular at risk. Many with the virus aren’t aware they have it. In 20 percent of cases, the virus causes mild symptoms of fever, joint pain and pink eye.

...

http://www.emergencymgmt.com/health/Without-waiting-for-federal-aid-Missouri-takes-steps-to-prevent-Zika-outbreak.html