Author Archives: Justin Smulison

About Justin Smulison

Justin Smulison is the business content manager at RIMS and the host of RIMScast, the society's weekly podcast.
Для тех, кто интересуется безопасным доступом к онлайн-играм, наш партнер предлагает зеркало Вавады, которое позволяет обходить любые блокировки и сохранять доступ ко всем функциям казино.

Risk and Crisis Management Explored at Cyber Event

Posted on by

NEW YORK—Cyberattacks and data security need to be high priorities for all businesses, experts stressed at ALM’s cyberSecure 2017 event here, Dec. 4 and 5. In fact, not only is failing to prepare for an attack or breach risky, it’s foolish, Kathleen McGee, internet & technology bureau chief for the Office of the Attorney General of the State of New York said in Monday’s opening address. She added that not reporting a breach in a timely fashion has its own set of legal and reputational risks, referring to the SHIELD Act (the Stop Hacks and Improve Electronic Data Security Act), introduced to New York State legislature by Attorney General Eric Schneiderman in November.

“Under the SHIELD Act, companies would have a legal responsibility to adopt reasonable, administrative, physical and technical safeguards for sensitive data,” she said Monday, adding that the standards would apply to any business holding data of New Yorkers, whether or not they do business in the state.

McGee noted that even though a company may not have all the details in the first 72 hours following a breach, reporting it to the New York Department of Financial Services (NYDFS) or another regulator is crucial. It is a legal requirement as part of the NYDFS Cybersecurity Requirements for Financial Services Companies, and even if all the pertinent information about an attack is not yet available, divulging what is known will prevent further enforcement action from the state.

“For some companies, data is the only commodity,” she said. “But in the past 10 years, risk assessments have not evolved as quickly as data collection.”

That observation lent itself to a segue for the next session, “Integrating Periodic Risk Assessment to Avoid Becoming the Next Target of a High-Profile Cyberattack.” Panelists covered the importance of formal risk assessments, which will be legally required by regulators like the NYDFS and the General Data Protection Regulation (GDPR) in Europe and goes into effect in 2018.

Moderator Eric Hodge, director of consulting at CyberScout, said education charts the path to a positive assessment and suggested using non-traditional training methods to onboard clients and employees over the course of a year.

“There are a lot of ways to educate other than the traditional annual training session set in a typical conference room,” Hodge said. “You can try white hat phishing to trap people in a safe way. Share your stories every month and be honest about your own failures. There are ways beyond just checking a box.”

eHarmony Vice President and General Counsel Ronald Sarian said his company has learned from its past incidents to better prepare and to update its ERM framework. The dating and compatibility company’s site was breached in 2012, before he joined the group.

“You need to do a data impact assessment and ask: What are your family jewels?” noted Sarian, who said he aims to implement ISO27001 as the ERM framework to secure eHarmony’s international and cyber presence. “We had so much in place already that I thought we should take a shot at it. It takes at least a year but so far it’s working for us.”

When considering ransomware, experts from healthcare, insurance and electronic payments companies spoke passionately during a dedicated session about how they mitigate risks. Christopher Frenz, director of infrastructure at the Interfaith Medical Center strongly advocated for network segmentation, which he uses at the center, in an effort to keep intrusions contained.

As previously reported, Advisen’s recent Information Security and Cyber Risk Management Survey indicated that, for the first time in the seven years of the survey, there has been a decline in how seriously C-Suite executives view cyberrisk. With that trend in mind, panelist Christopher Pierson, Ph.D., chief security officer & general counsel of ViewPost, a provider of electronic invoice and payment services to businesses, outlined his approach to eliciting a response from board members.

“You can’t tell the board that [paying] is not an option unless it’s illegal,” Pierson said. “Educate the board and explain that it is an option to pay terrorists and criminal syndicates. You’ll see the looks on their faces and then you’ll get them [to want to take action].”

For more information about GDPR, read Risk Management magazine’s coverage.

Santa’s Impact on Business and Finance

Posted on by

Just as Santa Claus brings gifts down chimneys, his name alone also carries the stigma of risks that transcend all industries. Indeed, thanks to the logistics of his job we better understand the risks of reindeer-led aviation. But perhaps more importantly, Kris Kringle’s presence has long influenced finance and business.

Mentioning him on Wall Street this year may trigger an underlying wealth management risk. The annual “Santa Claus Rally” marks an uptick in the stock market and a 1.4% average return of the S&P 500 index from the last five trading days of the year through the first two of January. This phenomenon can be attributable to people spending and investing a bit extra – possibly from holiday bonuses – leading to a generally happy mood on and off trading room floors.

Since 1950, the market has declined only 15 times during the Santa Claus Rally period. But due to the uncertainty surrounding the tax reform plan making its way through Congress, that 1-in-4.4 chance of downturn is on the minds of cynical investors. As reported recently by Investopedia, “Some bears think that, if Congress fails to make appreciable progress on tax reform before their holiday recess, Scrooge or Krampus will elbow Santa aside, and send the markets downward at year-end.”

And similar to the way Punxatawney Phil seeing his shadow on Groundhog Day can predict six more weeks of winter, Santa skipping stock exchanges’ chimneys may indicate a frosty new year. According to The Stock Trader’s Almanac, some of the more recent holiday seasons without a rally included the last two, as well as in late 2007 and early 2008 leading up to the financial crisis, and just before the dotcom bubble burst in the 1999-2000 holiday period.

Santa’s influence isn’t just relegated to stock speculation and short-term investments, however. Some executives and employees may emulate his work ethic without realizing it. All eyes turn to him in good times and especially during the bad. He’s trying to meet year-end quotas while keeping a workforce happy and focused. Plus, Santa has the burden of trans-meridian travel with frequent stops over a 24-hour period, which is sure to cause jet lag. Sound familiar?

While one all-nighter might not have major long-term effects, regular ones could lead to shift work disorder, which has been linked to chronic diseases and illnesses. Anyone known to “Santa Claus it” too frequently may accumulate a large “sleep debt” over time. According to the Sleep Foundation, “if you work at night, you’re also going against your biological clock, which is naturally cueing you to become less alert and encouraging you to sleep during the nighttime hours.”

This can lead to seasonal “presenteeism,” an issue Risk Management magazine recently explored, detailing pain management in the workforce. Presenteeism occurs when a worker inhabits a space at their job, but “is unable to focus and perform as expected” and can be an even greater drag on productivity than absenteeism. The condition is indiscriminate – it can affect interns and CEOs – and may cause someone to “miss out not only on the income, but also the sense of meaning, purposefulness and belonging that can be gained from a job. Initial distress may lead to chronic anxiety and even depression.”

Identify these risks now, so that the mention of Santa Claus doesn’t put a humbug in your eggnog this holiday season.

Open Offices and Holidays: A Parade of Risks

Posted on by

‘Tis the season for many businesses to stay open through the holidays and for some to take part in the tradition of partying or watching a parade warmly from behind office windows. That’s why businesses located near public events should inform employees of how their offices will be impacted during the holiday season.

Parades pose various operational risks to property owners and businesses, both inside and outside their buildings. On Nov. 23 alone, at least five large parades will inch their way through the streets of major cities like Chicago and Detroit. Macy’s anticipates 3.5 million spectators to pack New York City’s streets for its annual Thanksgiving Day Parade. That means 2.5 miles of barriers and street closings in the “frozen zone” between 77th and 34th streets, and businesses in the country’s most congested city should prepare for some disruption.

Theresa Morzello, the managing director for asset services for CBRE in New York City, has advised many companies who stay open or host events coinciding with parades and holidays. She said the first steps in mitigating disruption involve communicating with the event organizers and disseminating that information to tenants.

“This way they’ll know, for example, if one of their building’s entrances will close because of a parade,” Morzello said. “We also make sure that employees and their guests know the protocol for providing documentation for entering and exiting. That is usually handled in advance and lists are provided to security. And there are protocols for what to do when someone doesn’t have it. These are all things we do on a daily basis, but amped up a few levels because of the holidays.”

Morzello also said that property managers often try to utilize vacant office space because there is less potential for damage or disruption there. Wherever the gathering takes place within CBRE’s properties, she advises tenants to consider the following:

Hire elevator operators to help keep guests on their assigned floors.

  • Obtain a temporary alcohol license, if necessary.
  • Confirm that outside caterers are insured.
  • Address if the windows are operable and ensure they are kept closed.

But parades and crowded events are not relegated to big cities, as many major retailers take part in the festivities. Acadia Realty Trust manages hundreds of retail and office properties in the U.S. and Kellie Shapiro, vice president of risk management said clearing a physical path is the first step to mitigate safety risks during a high-traffic season.

“We issue a moratorium on any work during the holiday season. We email tenants reminding them to get everything done before Thanksgiving,” she said. “From then until New Year’s is not the time to have scaffolding and things like that.” She added that capital improvements are suspended across most of Acadia’s portfolio to avoid interfering with tenants’ operations during their busiest season.

Businesses can easily lose track of who’s coming and going during the busy holiday season, Shapiro noted. Acadia’s focus is on knowing its vendors, and she reminds tenants to be diligent about vetting third-party contractors for the sake of safety and reputation.

“You can protect your company by being diligent about who you bring in to your site. You should know who your contractors are – you don’t want to let some criminal just walk right in because you handed over the keys to your building,” Shapiro said. “You would hope tenants, if they saw something suspicious, would pick up the phone. We’d all like to secure something 100% but you have to know your limitations.”

Public safety in the U.S. has been headline news, considering the recent high-profile violence involving weapons and automobiles in just the last two months in Las Vegas, California, Texas and Manhattan. In a recent interview with Risk Management Monitor, Rezwan Ali, risk solutions group head of security at Falck Global Assistance, discussed how businesses and employees should review their emergency plans during high-volume times. He maintained, however, that the odds of being impacted by a terror attack is very low.

“When participating in larger events, such as the Thanksgiving Day Parade in New York, people tend to focus only on the parade and their phones taking pictures and posting on social media,” said Ali. “However, it is important to stay alert and aware of one’s surroundings. Not just to be prepared for terror, but also to prevent being a victim of crime.

buy singulair online https://silvermancare.com/wp-content/uploads/2023/10/jpg/singulair.html no prescription pharmacy

It is recommended to download apps either provided by the authorities or by media outlets that generate alerts allowing you to get direct notifications should anything happen in your vicinity.”

Keeping Parades and Events Safe for Businesses and Employees

Posted on by


Holiday parades will be marching down many U.S. city streets during the next six weeks, with millions of revelers expected to attend. And while these are historically joyous occasions, safety is a top concern for businesses located near the festivities—especially considering the high-profile violence that has recently dominated headlines. Rezwan Ali, risk solutions group head of security at Falck Global Assistance, which advises companies about security, safety and travel risks, spoke about the challenges and best practices faced by businesses and employees located near parade routes.

Risk Management Monitor: How are companies responding to the rise in low-tech terrorism and violence?

Rezwan Ali: Companies have become more aware of the need for crisis management. Recent terror events in cities such as Paris, London, Las Vegas and New York have shown companies that duty of care is much more than just health and safety – it is knowing where your employees are traveling and aiding them if affected by terror or violent events. As companies become more globally oriented, their employees are required to travel more, which expands the company’s duty of care responsibility and creates a need for travel risk management. In recent years, there has been an increase in the demand for travel risk management, which originates in a company’s acknowledgement of providing duty of care services to travelling employees to mitigate the possible impact of attacks on the business, its reputation and employees.

RMM: What steps can businesses take to prevent disruption?

RA: The best way to mitigate disruption caused by terrorism is to be prepared at both the business and individual level. On a business level, companies should implement a crisis management process and a contingency plan. A crisis management process includes appointing a crisis management team and training the organization using various scenarios. The contingency plan provides guidelines on how to maintain business as usual when a crisis occurs and works in parallel with the crisis management process. On an individual level, training can provide employees with tools to cope with stressful situations and alleviate the impact of an incident. When employees know how to manage demanding situations, the effect on the company will also be minimized.

RMM: How can businesses located near a parade route or major event protect their employees?

RA: All businesses should have emergency and evacuation plans, which can be applied in the event of emergency. These plans should cover procedures for evacuating the office, safe areas and roles and responsibilities. Businesses located in areas identified as potential targets for terror attacks should incorporate specific emergency measures related to terrorism into their plans. They should also ensure that all employees know and understand that the emergency plans exist.

buy vibramycin online orthomich.com/img/blog/jpg/vibramycin.html no prescription pharmacy

These plans could include guidelines for what to do should a terror attack take place outside the office, as well how to react in the event of an active shooter. It is crucial that these plans and procedures are trained, exercised and tested.

Having an office in an area prone to various incidents requires the company to be informed of relevant developments. Sound intelligence can alert the company of an event, enabling quick initiation of applicable plans.

buy flomax online orthomich.com/img/blog/jpg/flomax.html no prescription pharmacy

Many companies use their network to provide intelligence or rely on local media to provide alerts. Regardless of the information, it is important to use trustworthy sources to ensure validity. The company can choose to develop a trigger system that determines whether the alert should activate any emergency procedures.

RMM: How likely is it that someone will be a victim of terrorism or violence during a large event?

RA: Although terrorism has severe consequences, the likelihood of being a victim of terror is low when compared to other risks such as traffic accidents and illness. The impact of a traffic accident on the individual can still be high, while the impact on the business will be minimal, in most cases.

buy avodart online orthomich.com/img/blog/jpg/avodart.html no prescription pharmacy

 What makes terror so dangerous is not likelihood, but the fear of it happening. Terror literally means “fear,” and it is the uncertainty and severity of terror that is pivotal for how we perceive it. Employees may express a somewhat irrational fear that must be addressed and taken seriously by the company, as it affects the employee and his/her work.