Category Archives: Reputation Risk

Want to scan your crypto wallet for risks? Check: AML crypto BTC, USDT, ETH. Checking cryptocurrency wallets for dirty money.

State of Privacy in 2018: Q&A With Richard Purcell

Posted on by

Jan. 28 marks the annual Data Privacy Day (DPD), which was adopted in North America to bring together businesses and private citizens in an effort to share strategies for protecting consumers’ private information. Richard Purcell, DPD advisory board member and CEO of the Corporate Privacy Group spoke to Risk Management Monitor about the current state of privacy.

Risk Management Monitor: How do you view privacy?
Richard Purcell: The concept of privacy is really complex and layered. I like to think of it as being grounded by two basic behaviors—respect and discretion.

buy estrace online www.dino-dds.com/wp-content/uploads/2023/10/estrace.html no prescription pharmacy

 The idea of privacy is not the same as secrecy. Secrets are not shared and are kept hidden as unknown ideas or thoughts, whereas privacy is the act of sharing information, trusting that the recipient will not share it any further.

RMM: How has technology redefined privacy?

buy suhagra online www.dino-dds.com/wp-content/uploads/2023/10/suhagra.html no prescription pharmacy

RP: Over the last several years, we’ve heard from individuals who believe that their privacy has been assailed. Upon examination, we might find some reasons that are relevant to our emerging technology use:

There are many instances in which people have lacked respect for their own information, sharing personal information with others and commercial interests without restraint. A simple review of Twitter, Facebook, Instagram, Flicker, Tumblr and other social media sites confirms this. Just as often, commercial players have shown a lack of respect for the personal information entrusted to them by individuals. Examples include banks that have used customer information to open accounts without providing notice or asking for consent. This is a distinct showing of disrespect for the information.

Information has become the basis for commercial activity, so using and sharing personal information is quickly becoming how companies make money—Facebook is a social media site, but makes more than 90% of its revenues by selling users’ data to advertisers—credit bureaus make their money solely be collecting financial info, not from people, but from other companies, in order to calculate risk and sell reports (for example, credit reporting has a long history regarding privacy thru FICRA, FACTA, and OECD FIPs.).

RMM: In 2000 you were named Microsoft’s first corporate privacy officer. How has the privacy landscape changed since then?
RP: Privacy and data protection are beginning to be better and more closely integrated into security practices. It’s taken a long time to get them better integrated.

buy nizoral online www.dino-dds.com/wp-content/uploads/2023/10/nizoral.html no prescription pharmacy

Security practices have strong levels of discipline without much of a human factor. Privacy practices have strong moral bases, which security is getting more in tune with, so they are sharing their traits in ways that are helpful.

We are not there yet, though, because security is a binary condition. You either have the security practices or you don’t. Privacy is harder to define because practices are more behaviorally based. We still find privacy issues are driven by human failings, errors or miscalculations as opposed to technologies.

Privacy professionals have gained more of a voice and authority over time in their organizations. They are not just advisers anymore, saying ‘Watch out for this,’ or ‘We can’t do that.’ They have become people with decision-making authority, which is only increasing. The position analyzes conditions and bases those recommendations on risk profiles and the challenges they present. Companies are then free to choose whether they take the risk or mitigate it.

RMM: What developments will impact your work in 2018?
RP: Regulatory changes matter a lot and apply to industrial sectors in the United States. External regulations are much more broadly applicable.

EU GDPR. Any company doing business in the EU has to adjust its governance program to comply with the GDPR by late May 2018. That means taking a broader definition of personal data; documenting its data processing activities; strengthening its user consent provisions; developing support for data erasure, portability and rectification; enhancing oversight and data breach responsiveness; and generally paying more attention to data protection.

EU ePrivacy. Broadband providers in the U.S. may celebrate the FCC dropping of the net neutrality/privacy rules, but they still have to deal with the EU ePrivacy Directive.

Australia, Korea, Japan and even China are strengthening their data protection programs. China announced its displeasure with the practices of Ant Financial (an Alibaba affiliate), Baidu (search organization) and Jinri Toutiao (newsfeed organization) for lacking adequate policies and practices in collecting, using and sharing personal information. You know something important is happening when China begins enforcing stronger privacy regulations.

Preparing C-Level Employees to Address Risk

Posted on by

As risks associated with technology and cybersecurity have increased in the last decade, it is more imperative than ever that corporations undertake the proper protocols to protect themselves.

When it comes to implementing risk management processes, many assume C-level executives head up these efforts, involving key departments throughout their organizations. According to a recent study conducted by NC State’s Poole College of Management, however, 80% of organizations surveyed from all over the world have no formal risk training for executives.
A quick look at recent headlines shows how quickly a cybersecurity incident can damage a corporate brand. Many companies that have recently experienced data breaches also have been exposed by the media because of ineffective or nonexistent integrated risk management strategies. This can be for a variety of reasons, from executives trying to hide the breach to the belief that they can resolve the issue before it grows into something larger or, possibly the worst of the options, they are not aware that the breach is even occurring.

So how do we make risk a priority for executives?

buy stromectol online azimsolutions.com/wp-content/uploads/2023/10/jpg/stromectol.html no prescription pharmacy

In my opinion, it comes down to properly re-framing the mindset of executives around risk through effective education and training.

Educate executives on risk types
When it comes to business, the term “risk” generally produces negative connotations, causing many to avoid addressing the phrase—and the issues—altogether. From workplace injuries, data breaches and even social media nightmares, risks tend to mean trouble for executive teams. The reality, however, is that not all risk is bad. Thus, executive teams must be able to distinguish good risk from bad risk.

buy vilitra online www.tvaxbiomedical.com/scripts/css/vilitra.html no prescription pharmacy

What constitutes good risk? Simply put; proactive risk choices that benefit the company. These can include exploring emerging markets and growth opportunities, expanding operations into new product areas and even partnering with new vendors. While these risks can produce negative results, given that they are actively pursued by leadership teams shows that they are intended to better the company and its employees.

Executive teams need to understand the differences in positive and negative risks and their larger impact to their organizations. Specifically, understanding multiple risk types exist can change the approaches your management team takes to recognize and address risks, which will echo throughout your organization.

Train executives on how to address negative risks
Executives must realize negative risks are unavoidable. Because negative incidents will happen, executive teams must learn how to bring proactive approaches to managing these speedbumps in daily operations. Thus, formal training programs should be implanted to educate executives on proper risk management.

Training programs should include internal and external communications strategies, both with positive and negative risks, remediation strategies for negative risks and provide tips on how leadership teams can be risk thought leaders throughout the organization.

Remember, an executive team that places value on proper risk management planning and training will produce a similar culture, enterprise wide.

This will allow organizations to more proactively manage risks before they snowball into larger issues, ensuring long-term success.

Consider creating risk committees
Since all C-level executives are crunched for time, risk management often falls to the back burner. In many situations, I’ve found it beneficial for the C-suite to create corporate risk committees. Designed to reduce the burden on corporate executives by providing an advisory board to report on risks, corporations can benefit from dedicated professionals examining risks throughout the organization in areas including IT and operations.

These committees serve as an extension of the C-suite and can create better transparency, while providing informed insights to help leadership teams make better, more educated decisions.

Remember the importance of a top-down approach
No matter what approach you take to educate your executive team and get them more involved in risk management, corporations must remember enterprise risk management requires working from the top down. As risk professionals, we must do our best to gain leadership buy-in and conduct enterprise-wide training to stay ahead of risk. If NC State’s study has taught us anything, it’s that we still have a lot to learn.

buy phenergan online www.tvaxbiomedical.com/scripts/css/phenergan.html no prescription pharmacy

Annual Data Privacy Day to Focus on Safeguarding Data

Posted on by

Last year was certainly a turning point in the history of online privacy and cyber security. Between ransomware attacks, the Equifax breach and the Federal Communication Commission’s vote to repeal net neutrality regulations—just to name a few high-profile incidents in the United States—businesses and citizens have more reasons than ever to safeguard their information.

To address this important issue, the annual Data Privacy Day (DPD) will be held Jan. 28, with online and in-person events leading up to it now that celebrate individual users’ rights to privacy and aim to prevent cyber theft and risk. DPD has been led by the National Cyber Security Alliance (NCSA) in the U.S. since 2011 and “highlights our ever-more connected lives and the critical roles consumers and businesses play in protecting personal information and online privacy,” said NCSA Executive Director Michael Kaiser.

DPD was created to commemorate the 1981 signing of Convention 108 by the Council of Europe and is observed by more than 47 countries. It was the first legally binding international treaty dealing with privacy and data protection and officially recognized privacy as a human right. NCSA also co-hosts National Cybersecurity Awareness Month and the Department of Homeland Security’s Stop.Think.Connect. campaign, which aims to increase the public’s understanding of cyber threats.

“Our personal information and our habits and interests fuel the next generation of technological advancement, like the Internet of Things, which will connect devices in our homes, schools and workplaces,” Kaiser said. “Consumers must learn how best to protect their information and businesses must ensure that they are transparent about the ways they handle and protect personal information.”
On Jan. 25, LinkedIn will live-stream an event from its San Francisco office exploring the theme of “Respecting Privacy, Safeguarding Data and Enabling Trust.” The broadcast will feature TED-style talks and panel discussions with experts focusing on the pressing issues that affect businesses and consumers. Additional DPD happenings include Twitter chats and networking gatherings to maintain a dialogue about the importance of privacy rights.
The relevance does not end on Jan. 29, noted Richard Purcell, DPD advisory board member and chief executive officer of Corporate Privacy Group. He has witnessed the event’s evolution and its impact on risk management and privacy professionals.

“The community of privacy professionals is not made up of private people. They want to share information,” noted Purcell, who was named Microsoft’s first corporate privacy officer in 2000. “They initiate a dialogue that the officers bring back to their companies. I have seen how it has stimulated events inside corporations and universities that were inspired by Data Privacy Day networking discussions. The professional development aspects of the day are profound.”
Newly released information from NCSA demonstrates how privacy is impacted in both personal and professional environments—from healthcare and retail to social media, home devices and parenting. Some statistics include:

  • In 2016, 2.2 billion data records were compromised and vulnerabilities were uncovered in internet of things products from leading brands.
  • 41% of Americans have been personally subjected to harassing behavior online and nearly one in five (18%) has been subjected to particularly severe forms of harassment online, such as physical threats, harassment over a sustained period, sexual harassment or stalking.
  • Nearly one-third of consumers do not know that many of the “free” online services they use are paid for via targeted advertising made possible by the tracking and collecting of their personal data.
  • About 78% of respondents to a recent survey of healthcare professionals said they have had either a malware and/or ransomware attack in the last 12 months.

10 Steps to Effective Enterprise Risk Management

Posted on by

Enterprise risk management (ERM) has emerged as a best practice in gaining an overview of strategic, financial and operational threats, and in determining how to mitigate and manage those risks.

A comprehensive approach to risk management is important because it helps management comprehend the true potential of threats and allows organizations to address the cumulative nature of risk.

The following steps can help your company achieve the ERM objective.

  1. Just Do It!
    The process of creating an ERM program is valuable, revealing much about your organization and the interrelatedness of elements within it.

    Document your efforts in your board minutes and share them with any auditors. You will generally find those parties willing to provide constructive feedback because they have a vested interest in the success of your efforts.

  1. Get a Champion
    Your board of directors is accountable to shareholders and the SEC (if your company is public)—and possibly to other entities by industry—for the adequacy of risk management procedures, controls and ultimately for the competence of management. A logical champion of your ERM efforts is the chairperson of your board audit or ERM committee, followed by the chair of the board and other board members. If these individuals understand that an ERM program can help them discharge their duties and protect them from personal financial risk, you will likely see top-level buy-in and a trickle-down effect through senior management.
  1. Merge the Silos
    If existing risk committees and sub-committees are functioning as intended and get consistently high marks from outside auditors, it’s unlikely that fundamental changes are needed. Yet it is important they understand where they fit in the bigger picture. A board-level champion can help provide this perspective, and reinforce the role of the ERM committee in setting the organization-wide level of acceptable risk.
  1. Weight the Risks
    Certain areas of risk have the potential to seriously harm your organization. Others, however, are less critical. When your management team assembles an ERM framework, create a logical mechanism for assigning relative weights to each area of risk, and to selected components within those areas.
  1. Create a Dashboard
    A dashboard containing a high-level summary of major risk elements supported by “drill-down” detail enables board members and senior managers to connect all the pieces of the risk management puzzle.A dashboard need not be complex. Some managers use Microsoft Excel to create multi-layered risk workbooks, which summarize details provided by the risk sub-committees into a single page of high-level information.

  1. Understand Risk and Reward
    Some risks are worth taking, because the reward is greater than the likelihood and consequences of failure. In other cases the reward does not outweigh the potential consequences. Then there are risks not worth considering, when the risk is a “bet-the-farm” proposition, or is illegal or immoral. Each risk committee and sub-committee should understand the risk-versus-reward proposition.
  1. Set Limits
    One important function of the board ERM committee is to work with management to establish limits to risk taking. Management should make recommendations to the board, supported by reasonable data and arguments, which establish the boundaries of the organization’s risk appetite. Management’s role is to advise and inform, with the ultimate decision resting with the board.
  1. Understand the Cumulative Nature of Risk
    An organization that could sustain itself through one or two major weaknesses, or several minor ones, will succumb under too many. For this reason, the board ERM committee should set limits for both individual risks and cumulatively.
  1. Make It Easy
    In the areas of setting limits and risk weighting, management should make it as easy as possible for board members to comprehend and participate in the process. Distill complex regulations, and use accepted business terminology.

    Implementing an ERM framework should be spread over several months, if possible. Give the board ERM committee two or three recommendations per month, in advance, so they can be reviewed, summarized, presented and adopted at the regular monthly meeting.

  1. Refine, Refine, Refine
    New risks emerge every day, and your process must be flexible enough to identify, quantify and incorporate them. The chief risk officer and other senior managers should devote time to researching emerging risks, imagining worst case scenarios and creating stress tests to understand the implications of critical failures.

A Top-To-Bottom Effort
It is possible for ERM practices to become part of your organizational culture. Global awareness of the process and a rank-and-file understanding of the board’s focus on effective risk management are critical to obtaining the buy-in of the entire organization. After all, risk management is everybody’s job—today more than ever.