Category Archives: Business

Want to scan your crypto wallet for risks? Check: AML check BTC, USDT, ETH. Checking cryptocurrency wallets for dirty money. You may not be aware of a risky transaction and at any moment, even can increase your AML rating into the red zone.

New Bill Would Toughen Calif. Dam Inspections

Posted on by

DWR Photo: Lake Oroville on Jan. 19, 2018 with lake levels at 707 feet.

A year after the spillway collapse at the Oroville Dam, leading to evacuations of almost 200,000 residents and a beat-the-clock patching job to avoid a break in the tallest dam in the United States, new legislation to strengthen inspections of dams awaits approval of California Gov. Jerry Brown.

The bill would require annual inspections for high hazard dams, raise inspection standards and require consultation with independent experts every 10 years, according to ABC News.

As reported by Risk Management Magazine, problems at the Oroville Dam began when the dam’s main sluice was damaged after a winter season of record rain and snowfall, following five years of drought. Torrential rainfall caused water levels to rise so quickly that large amounts needed to be released to prevent the dam from rupturing and sending a wall of water to the communities below.

A recent report of the root-cause of the spillway failure by the Independent Forensic Team (IFC), which includes members of the Association of State Dam Safety Officials and the United States Society of Dams, notes that:

There was no single root cause of the Oroville Dam spillway incident, nor was there a simple chain of events that led to the failure of the service spillway chute slab, the subsequent overtopping of the emergency spillway crest structure, and the necessity of the evacuation order. Rather, the incident was caused by a complex interaction of relatively common physical, human, organizational, and industry factors, starting with the design of the project and continuing until the incident. The physical factors can be placed into two general categories:

  • Inherent vulnerabilities in the spillway designs and as-constructed conditions, and subsequent chute slab deterioration

  • Poor spillway foundation conditions in some locations

The IFC report concludes that all dam owners in the state need to “reassess current procedures” in light of its findings.

According to the IFC:

“The fact that this incident happened to the owner of the tallest dam in the United States, under regulation of a federal agency, with repeated evaluation by reputable outside consultants, in a state with the leading dam safety regulatory program, is a wake-up call for everyone involved in dam safety. Challenging current assumptions on what constitutes ‘best practice’ in our industry is overdue.”

Initial response to the spillway failure included erosion mitigation for both spillways during the incident, sediment removal and installation of temporary transmission lines at a cost of $160 million, According to the DWR. Phase-two includes removal of the original 730 feet of the upper chute, replacing it with structural concrete.

Prepare Now for Ransomware

Posted on by

In 2017, a company was hit with ransomware every 40 seconds. Organizations in all industry sectors were subject to ransomware attacks, as these attacks often opportunistically take advantage of security shortcomings. The average ransom demand was more than $1,000.00—greater than three times the average in 2015. What’s more, one in five business that paid ransom never got its data back.

So, how do you protect your business? First, make sure you are insured. While traditional policies provide little, if any, coverage for damage to electronic data—and none for other costs associated with cyber extortion—they are covered by cyber extortion insurance. This is available under many cyber liability policies. Cyber extortion provisions typically cover ransom payments and extortion-related expenses such as costs incurred in negotiating the ransom and restoring or replacing data or software.

But insurance is just one aspect of the protection your business should have. Companies also need to prepare an Incident Response Plan (IRP), that establishes responses to ransomware attacks. An IRP should be a “living, breathing” document that is consistently updated to ensure that its information and procedures are accurate and up-to-date. Typical topics addressed by an IRP are:

  • The Incident Response Team. The IRP must identify the team in charge of responding to ransomware attacks. This team should include an executive and inside counsel, and should provide back-ups in case first-line members cannot be reached. The IRP should contain 24-7 contact information for all team members, including means of contact that do not rely on the business-provided phones or email that may be affected by the attack.

Additionally, the IRP should identify team members’ specific responsibilities, such as implementing security measures, investigating the attack, communicating with the extortionists, communicating with customers or the public, and notifying insurance carriers and law enforcement.

  • Detecting an Incident. The IRP should identify steps for employees to take if they suspect or detect a ransomware attack.
    buy robaxin online dentalhacks.com/wp-content/uploads/2023/10/jpg/robaxin.html no prescription pharmacy

  • Approved Vendors. As you will likely need outside assistance to respond to an attack, your IRP should identify approved vendors such as outside coverage counsel, investigative and cybersecurity firms, and a PR firm to assist with external communications.
  • Reporting to Law Enforcement. The IRP should define when and how ransomware attacks must be reported to which law enforcement agencies. It should also address what evidence should be collected and preserved, and how.  Ideally, these issues should be discussed with the relevant agencies ahead of time, which also helps build a cooperative relationship with them.
    buy lexapro online familyvoicesal.org/resources/images/jpg/lexapro.html no prescription pharmacy

  • Notifying Insurance Carriers. The IRP should identify all insurance policies that could provide coverage for a ransomware attack and detail steps to comply with each policy’s notification requirements.
    buy celexa online familyvoicesal.org/resources/images/jpg/celexa.html no prescription pharmacy

    Outside coverage counsel can assist with both identifying relevant policies and provisions, and following notification requirements.

  • Responding to Extortionists. The IRP must identify who communicates with the extortionists and who decides whether and how to respond to their demands. This should include steps for how to make potentially required electronic currency payments.
  • Investigating the Incident. The IRP should define who is responsible for investigating a ransomware attack and include a checklist detailing specific response steps. It should also establish procedures to increase the chances of identifying the extortionists, and to detect and address security vulnerabilities.
  • Documenting the Response. The IRP should set forth steps to document both your response to and your investigation of the attack, including contacts with the extortionists, the decision-making process resulting in a response, and the technical response and investigation, including the preservation of evidence. Such documentation may be required by regulatory agencies or insurers.
  • Public Relations. To facilitate communications about the attack with customers or the public, the IRP should assign responsibility for doing so and define steps for preparing and releasing such communications.
  • User Training. End-user training of all employees, including management, is key to preventing ransomware attacks. The IRP needs to contain procedures to ensure that all employees receive such training periodically, as common threats change over time.

Appropriate insurance coverage; an IRP that is consistently updated, including through “post mortem” evaluations following attacks; and up-to-date systems security are critical to prepare your business for—and to the extent possible, protect it from—potential ransomware attacks.

Thousands of U.S. Bridges Deemed Deficient

Posted on by

More than 54,000 bridges along the Interstate Highway System in the United States were rated as “structurally deficient,” according to new analysis conducted by the American Road & Transportation Builders Association’s (ARTBA). This was just one of many of the concerning statistics detailed by ARTBA in its 2018 Deficient Bridge Report on Jan. 29.

Other critical details include:

  • The average age of a structurally deficient bridge is 67 years, compared to 40 years for non-deficient bridges.
  • Repair needs are identified among one in three U.S. bridges (226,837 total) and one in three bridges (17,726) along the Interstate Highway System (IHS).
  • There is the equivalent of one “structurally deficient” bridge for every 27 miles of the 48,000-mile IHS, which carries 75% of the nation’s heavy truck traffic.

The ARTBA report echoes the results of the American Society of Civil Engineers’ Report Card for 2017, wherein the U.S. received a performance of D+ based on the physical condition and needed investments for improvement. As reported by Risk Management magazine in 2017, the U.S. spends only 2.5% of its gross domestic product on infrastructure. The American Society of Civil Engineers estimated that, over the next 10 years, the gap between planned investments in infrastructure and investment needs could exceed $2.1 trillion, with the largest investment gap in the transportation sector, followed by schools, electric utilities and water/wastewater systems.

With Americans crossing these deficient bridges 174 million times daily, there is reason for concern among private citizens and companies. At the current pace of repair or replacement, it would take 37 years to remedy all of them, said Alison Premo Black, PhD, ARTBA chief economist, who conducted ARTBA’s analysis.

“An infrastructure package aimed at modernizing the Interstate System would have both short- and long-term positive effects on the U.S. economy,” she said, noting that traffic bottlenecks cost the trucking industry more than $60 billion per year in lost productivity and fuel.

The report was issued just ahead of President Trump’s first State of the Union address on Jan. 30, in which he identified a struggling infrastructure and requested legislation aimed at capital improvements:

Tonight, I am calling on the Congress to produce a bill that generates at least $1.5 trillion for the new infrastructure investment we need. Every federal dollar should be leveraged by partnering with state and local governments and, where appropriate, tapping into private sector investment—to permanently fix the infrastructure deficit.

Any bill must also streamline the permitting and approval process—getting it down to no more than two years, and perhaps even one.

National Public Radio reported that the White House initially called for a $1 trillion rebuilding plan but raised the stakes during the address, and specifically called out certain phrasing.

“That word ‘generates’ is important,” wrote NPR contributors in an analysis of the speech, “because this would not mean the U.S. government is spending $1 trillion.” President Trump has allocated $200 billion in federal spending on infrastructure. “The bulk of the $200 billion would go toward leveraging state and local money and private investment,” NPR’s David Schaper reported.

Love and Cybersecurity: Q&A with eHarmony’s Ronald Sarian

Posted on by

Now through Feb. 14 is the busy season for the online dating and matchmaking industry. Heavier traffic can present risks to these sites, demanding added precautions. Ronald Sarian, vice president and general counsel (and default risk manager) at eHarmony spoke to Risk Management Monitor about the types of risks he faces—particularly regarding data and cybersecurity—and how he protects the “#1 trusted dating site for like-minded singles,” where “Every day, an average of 438 singles marry a match they found on eHarmony.” (For those familiar with its commercials, the song now stuck in your head can be played in a new tab here—don’t fight it.)

Risk Management Monitor: You joined eHarmony following a data breach in 2012 in which 1.5 million users’ passwords were compromised. What steps did you take to prevent a recurrence?

buy xenical online physiciansalliance.com/wp-content/uploads/2022/08/pdf/xenical.html no prescription pharmacy

Ronald Sarian: Following that breach, we put everything we did under a microscope and brought in Stroz Friedberg to aid our investigation and help improve our processes. We ultimately decided to migrate all credit card data off-site to CyberSource, a third-party vendor. When we need to charge a credit card we get the key from the vendor and then return it when we’re done. We wrote transmission gateways out of all of our internal apps so things aren’t communicating with each other so easily. This way, if there is an attack, it will be “quarantined.” We also employed extensive layering for the same purpose.

buy valtrex online physiciansalliance.com/wp-content/uploads/2022/08/pdf/valtrex.html no prescription pharmacy

We put a much more sophisticated logging system in place, hired a full-time security engineer, and started performing more firewall audits and regular white hat hacks to try to detect vulnerabilities. And we improved our on-boarding and off-boarding for employees.

RMM: What are the prevalent risks you face leading up to Valentine’s Day and how do you mitigate them?

RS: We face risks all year long, but this time of year there are just more of them. There are always fraud issues we deal with and people try to launch bot attacks to take down our systems and cause us grief. We believe we utilize industry best practices for all these issues. For example, to try to prevent fraudsters from getting into the system we have sophisticated business rules that look at keywords or phrases used when filling out the intake questionnaire—certain words or phrases indicate the probability of a fraudster. Misuse of the English language can sometimes signal a problem. These raise red flags in our system.

Our questionnaire is quite elaborate and evaluates psychological factors in order to determine personality traits. We have essentially 29 different dimensions of compatibility we look at and try to glean all these dimensions so we can match you with someone who is typically 80% or higher in each. If you answer the questions in a certain manner for most of the questionnaire and we see a major inconsistency toward the end, for example, that can indicate something is fishy.

We also look at suspicious IP addresses. We utilize these practices all year round but scrutiny is heightened at this time of year and especially when we have free communication weekends. We’re pretty good at sorting these people out before they can communicate. Our system has been developed over 17 years and is constantly being improved as threats change and fraudsters become more sophisticated.

RMM: How else is risk management used in eHarmony’s strategies and operations?

RS: A goal of mine is to adapt the ISO 27001 ERM framework for eHarmony. I believe we have the best practices in place to achieve that when the time and finances are right. It’s quite a bit of work to get the certification and I don’t know if that would happen this year but it’s something I want to do because I think it would be great for us. It basically requires a holistic, top-down look at your entire operation.

buy clomiphene online physiciansalliance.com/wp-content/uploads/2022/08/pdf/clomiphene.html no prescription pharmacy

This is not only from a tech standpoint but from a personnel standpoint as well.

Many breaches start internally, most of the time unintentionally, so people should, for example, know not to click on a link in an email from an unknown source. You also need to assure your vendors are utilizing the appropriate safeguards and you must have a security incident management plan in place. There are many other requirements, of course. I believe we essentially have the information security management system (ISMS) envisioned by ISO 27001 in operation right now. We just need to make it official.