Category Archives: Reputation Risk

Игроки всегда ценят удобный и стабильный доступ к играм. Для этого идеально подходит зеркало Вавады, которое позволяет обходить любые ограничения, обеспечивая доступ ко всем бонусам и слотам.

Risk Management and Business Continuity: Improving Business Resiliency

Posted on by

Preparing for and responding to negative events, from the mundane to the catastrophic, from the predictable to the unforeseen, has become a fact of life for businesses and governments around the world. We don’t have to look any further than the seemingly daily reports of cyberattacks on governments, corporations and individuals to comprehend the severity of the problem.

Tackling these risks requires an integrated and holistic framework with the capability to identify, evaluate and adequately define responses to the circumstances. For more and more organizations, this means adapting an enterprise risk management (ERM) model. ERM seeks to identify all threats—including financial, strategic, personnel, market, technology, legal, compliance, geopolitical and environmental—that would adversely affect an organization. This holistic approach gives organizations a better framework for mitigating risk while advancing their goals and opportunities in the face of business threats. But in order to implement and continuously manage this enterprise-wide model there is a critical need for closer integration of two typically distinct roles within the organization—business continuity management (BCM) and risk management. Together, these two vital elements make up a robust ERM plan and have a tremendous impact on an organization’s ability to contend with interruptions to the execution of organizational activities.

Put in the simplest terms, risk management is concerned with minimizing the probability of and destruction caused by negative events. Operational risk management, as the name implies, must cope with interruptions at the operational level. Recognizing that there are inherent imperfections in systems, people, facilities and general operational functions, the essence of operational risk management is to negate or reduce the probability of an incident occurring. Focusing upon incident-specific, site-specific analysis of potential causes of interruptions, risk managers seek to preclude incidents from occurring. If elimination of the risk is not possible, the focus moves to minimizing the results of the negative event.

For example, suppression systems reduce the risk of operational disruption caused by fire damage. Redundant equipment decreases the possibility of operational interruption resulting from machine breakdown and redundant communications help maintain connectivity. By analyzing past events and examining known hazards (defined flood plains, hurricane-prone areas, construction sites, earthquake areas and terrorism-prone areas) operational risk management seeks to avoid the occurrence of negative destructive events.

But creating strategies to minimize the probability that an event will impact an organization certainly will not prevent the incident from taking place. No degree of preparation can stop a tornado, tsunami or other massively destructive event.

buy nolvadex online www.gcbhllc.org/scripts/html/nolvadex.html no prescription pharmacy

So understanding that every incident is not preventable, our other line of defense is to minimize the impact. That’s where BCM comes in. BCM is concerned with minimizing the impact upon the entity after an event occurs and restoring the organization to its normal operations and delivery of products and services as quickly and safely as possible. In short, BCM helps maintain the viability of an entity under duress.

Because it is event-neutral, BCM is able to categorize effects into four distinct categories:

  • Effects on facilities, making them inaccessible or unusable
  • Effects on operational capability, such as supply chain interruptions, processing errors or staff unavailability
  • Effects on technology
  • Effects on the organization itself, ranging from financial problems to intellectual property rights.

When an event inevitably does occur, the optimal goal is to make any business interruptions imperceptible to those outside the affected organization. Here’s an example of how risk management and business continuity management, working together, enabled an organization to achieve that goal:

One of the world’s most important foreign exchange dealers realized that, as an occupant of a high rise building, it could not control the consequences of all incidents that might impact its ability to service its customers, which were some of the largest financial institutions in the world. A review by the company’s risk manager determined that there was a likelihood of an interruption in service as a result of construction work in the surrounding area. To reduce the risk, it was recommended that they install redundant lines and route them through alternative conduits into the building. So they undertook building redundancy in their telecom network. In addition, the risk of server failure was similarly high and so mirroring was implemented to duplicate all transactions and ensure that no data would be lost in the event of a failure of the building’s infrastructure.

Despite all the precautions to reduce risk, what risk management couldn’t control was an East Coast blackout that terminated power to its operation.

buy antabuse online www.gcbhllc.org/scripts/html/antabuse.html no prescription pharmacy

Recognizing the impact that a loss of power could have, including the loss of use of the facility, the business continuity professional determined that a robust contingency plan was required.

The business continuity plan included a strategy that automatically forwarded incoming calls to another facility outside the U.S. and also provided connectivity to its back-up technology center. When the blackout hit, the business continuity plan worked exactly as tested. Phones were switched, systems were accessible and, best of all, customers never knew the difference. The company was actually more prepared than many of its customers who failed to provide similar capabilities and had to cease trading.

buy elavil online www.gcbhllc.org/scripts/html/elavil.html no prescription pharmacy

The combination of risk management and business continuity provides the level of resiliency that most organizations must achieve in light of the uncertainty that exists today. The blend will reduce uncertainty and promote a more stable operating environment.

Risk Management, Board Collaboration Can Bolster Cyber Defense

Posted on by

Risk management executives are charged with preparing companies for, and protecting them from, a broad array of emerging risks. Today, there is perhaps no threat that poses more danger than a cyberattack, which could result in a data breach or compromising sensitive information. Given the rapid increase in frequency and severity of high-profile cyberattacks in recent months, organizations must confront cybersecurity issues with greater focus, specificity and commitment.

Of note, an astounding 43% of U.S. companies experienced a data breach in the past year, according to the Ponemon Institute’s 2014 annual study on data breach preparedness, a 10% increase from 2013. These alarming trends are compelling companies to create programs centered on cyber risk awareness, education and preparedness. These programs are vital to the company’s performance and growth; the 2014 Cost of Data Breach Study by IBM and the Ponemon Institute reveals that the average cost to a company from a data breach was about $3.5 million per breach in 2014 – a 15% increase since last year. A company’s intellectual property and customer data may also be compromised in a cyberattack, expanding potential casualties beyond financial losses.

Risk management executives cannot confront this issue alone. Because the responsibilities of management and boards of directors are not limited to having a thorough understanding of cybersecurity issues, they must also be aligned on a clear-cut strategy for both preventing and responding to cyberattacks. This strategy includes efforts to improve education, implement preparation measures before an attack strikes and continued adherence to best practices in all board-related activities.

Awareness and Education

At the most fundamental level, boardrooms must increase the company’s resiliency in the face of cybersecurity threats by increasing awareness of the topic and the associated risks. Unfortunately, boardrooms are struggling to properly educate directors on the topic: a 2012 Carnegie Mellon poll of how U.S. boards are managing cyber risks found that 71% rarely or never review privacy and security budgets, 80% rarely or never review roles and responsibilities, and nearly two-thirds rarely or never review top-level policies. Additionally, more than half of directors surveyed rarely review security program assessments. Every director should make cybersecurity a topic on the board’s agenda and ask questions if there is any confusion or doubt.

Preparation

Directors who are properly aware and educated on the topic of cybersecurity are therefore more prepared and versed in the case of a crisis, not only as individuals but as a collective management team. Given the potential economic consequences of these attacks, it is essential that boardrooms are aligned on the company’s response strategy. It is critical that there be a clear understanding among all levels of a management team about who is responsible for managing this issue. Directors who are familiar with their company’s IT department are better able to determine if the team is equipped to effectively address cybersecurity. Cyber policies must remain updated and understood by all in order to decrease chances for exposure.

Best Practices

A critical part of boardroom preparedness is ensuring that directors are pursuing best practices to decrease changes for exposure and there increase resiliency. There are several practices companies can adopt to ensure this level of preparation:

  • Education and preparation: Board members must be educated on cybersecurity and its risks so that they are prepared to manage any situation or crisis. Oftentimes, companies increase their vulnerability by failing to provide directors with the proper tools and information.
  • Secure communication: Companies must provide board members with a secure way to share and communicate about critically sensitive information. In order to prevent careless oversharing, this information should never be sent via email. Board members must have a thorough understanding of cloud services. Although these solutions provide an easy way to upload and download files, many have been successfully hacked, compromising private files and email addresses.
  • Collaborate and strategize: When directors have a clear understanding of cyber security and the associated risks, they are more equipped to collaborate and strategize around managing any issues related to cybersecurity. With increased board-level conversation about cybersecurity, directors are able to determine if managing cybersecurity is the purview of the audit committee, a separate committee, the company’s IT department or CIO.

Education, awareness and preparedness are critical components to help mitigate vulnerability and risks of cyberattacks. Boardrooms must be open to embracing new strategies and technologies in order to ensure their communication capabilities are secure while remaining fast and accessible. Organizations need to prioritize cybersecurity training to ensure that boardrooms are acting in the company’s best interest and are confident in its cyber crisis response strategy. Although risk has been an evolving factor impacting businesses of all types and sizes throughout history, cybersecurity presents a new challenge—and it is one that can be confronted successfully with the correct management strategy and tools.

The bebe Hack: Guarding Against Cyberbreach During the Holiday Shopping Season

Posted on by

bebe data breach

On Friday, retail chain bebe announced that it had identified an attack on computers that operate the in-store payment processing system. The attack may have exposed data from cards swiped in retail locations in the U.S., Puerto Rico, and the U.S. Virgin Islands between Nov. 8 and Nov. 26, including cardholder name, account number, expiration date and verification code. The breach did not impact customers who shopped online or in other international locations, bebe reported, and the company has hired a security firm to stop and investigate the attack.

Almost exactly a year after the massive Target hack, this latest incident comes after a steady stream of sizable breaches among retailers, including Home Depot, JPMorgan Chase and eBay. Consumers have begun to find these hacks increasingly less surprising, and stopped paying as much attention – a phenomenon many are calling “breach fatigue.”

But companies are not entirely off the hook. While Target is on the rebound and subsequent breach victims have endured less damage to consumer perception, these cybersecurity incidents still demand a notable amount of contingency planning and mitigation.

According to public relations and social media firm Affect, there are four keys to protecting brand reputation in the event of a security breach:

1) Develop a Fully Locked and Loaded Response Plan

In the digital age, it is essential to have a cyber attack plan in place as part of an organization’s crisis management strategy. Companies can get ahead of a crisis by leveraging social media to diffuse damaging situations. In order to prepare, be sure to anticipate and understand the kinds of threats that could influence your business and your industry.

“There are four phases of crisis communications: readiness, response, reassurance and recovery,” said Sandra Fathi, president of Affect. “In order to properly respond to a crisis, each stage must be ready to go at a moment’s notice — develop materials such as messages and prepared statements, prepare delivery channels like hotlines and social media platforms and train employees regarding awareness and organizational procedures.
buy filitra online https://galenapharm.com/pharmacy/filitra.html no prescription

2) The Customer is Top Priority

Arguably the most important step in maintaining a brand’s image amid a breach is to be honest with customers and inform them about what has occurred — the sooner the better, especially if their personal information is at stake. In fact, 47 states have Security Breach Notification Laws that govern communication with customers in the face of a security breach including the timeline for those communications. Several weeks elapsed before Target released an official statement to their customers and as a result, experienced massive backlash from customers, other organizations and the media alike.

Adam Levin, chairman and founder of IDT911, a provider of data risk and identity management services, believes every company needs to demonstrate three things in the wake of a data breach.

buy amoxil online www.methanol.org/wp-content/uploads/2022/08/png/amoxil.html no prescription pharmacy

“Urgency, transparency, and empathy are all critical. I don’t think they [Target] showed enough of those three,” Levin said in an interview with ABCNews.com. Not being upfront with customers can result in a loss of confidence in the brand that can hinder not only the company’s reputation, but could lead to a loss in revenue.

buy flexeril online www.methanol.org/wp-content/uploads/2022/08/png/flexeril.html no prescription pharmacy

3) Monitor the Situation in Real-Time

Social media can be a powerful tool but “with great power comes great responsibility.” While positive engagements boost a brand’s respect, companies must always monitor for negative interactions in real-time and be even more stringent during a security breach, as customers will turn to social media to respond to situations, regardless of their allegiance to the brand. Develop a Social Media Response Map that outlines anticipated situations and correlated standard responses to avoid any last minute shuffle. Don’t shy away from angry customers that continuously post adverse comments.

buy zydena online www.methanol.org/wp-content/uploads/2022/08/png/zydena.html no prescription pharmacy

Depending on the situation, it may be worthwhile to engage with these individuals in a private forum and resolve their concerns, taking the negative sentiments offline.

4) Don’t Repeat the Same Mistakes

For brands, it is especially important to not make the same mistakes twice. Customers may or may not forgive a first offense, so a second go-around is even harder to rebound from. Companies must carefully document and analyze each breach to identify how it happened, why it happened and how to prevent such an event in the future. Consider changing security vendors, deploying new software, re-training staff and amending company policies. It is also important to communicate these changes to customer to reassure them that a similar breach will not reoccur.

Lessons from MBIA: When Breaches Go Viral

Posted on by

data breach

We can add another breached company to the ever-growing list: the Municipal Bond Insurance Association (MBIA). While not necessarily unique from other breaches we’ve seen lately, the MBIA incident brought another aspect of breach fallout into the public eye, and that’s the potential for data exposures to go viral. These viral breaches generate tendrils of compromised information that reach far and wide, creating a nightmare for containment—and public relations.

Known as the largest bond insurer in the country, MBIA services accounts for many government investment pools. In late September, the company was alerted by an ethical hacker that hundreds of pages of customer data were showing up online for all to see. We’ve since learned that one of the company’s database servers had been improperly configured, resulting in the exposure of highly sensitive data. Account numbers were compromised along with customers’ names, account balances and other confidential information. But the damage didn’t stop there. Not only was MBIA’s customer data floating around the Internet for all to see, it also had been indexed by several search engines. Information that should have been heavily protected was now on the Web in multiple locations, far outside the control of MBIA.

The release of customer data wasn’t the only problem. High-level security keys were also exposed and indexed, including administrative credentials and instructions for creating new deposit accounts. Not only were cybercriminals given a nearly perfect tutorial to dig into additional data held by MBIA that hadn’t been compromised in the first go-round, the instructions also provided a way for thieves to quietly pull funds out of the compromised accounts. The integrity of MBIA’s systems had been damaged far beyond a simple data breach.

Piling on to the organization’s woes were two failures of their own making. One is that their Oracle server is commonly known to need careful configuration to avoid a potential security gap.

buy atarax online meadfamilydental.com/wp-content/uploads/2023/10/jpg/atarax.html no prescription pharmacy

Oracle has even provided documentation to help administrators configure it correctly and ensure the servers are secure. The other was that MBIA was actually notified of the exposure more than a week before the company finally cut off access to the compromised server.

buy diflucan online meadfamilydental.com/wp-content/uploads/2023/10/jpg/diflucan.html no prescription pharmacy

Not only was the company behind the curve in configuring its critical infrastructure correctly, it then delayed in fixing a problem that was brought to its attention.

In many respects, MBIA’s breach wasn’t all that different from other breaches. Network vulnerabilities are common avenues for hackers, and security warnings have been known to be overlooked. Target’s massive 2013 breach and similar recent exposures back this up.

buy estrace online meadfamilydental.com/wp-content/uploads/2023/10/jpg/estrace.html no prescription pharmacy

Unfortunately for MBIA, these factors all came together in a perfect storm that resulted in a truly viral breach. Sensitive customer data was compromised and unspeakably valuable credentials and account creation instructions were also exposed. The indexing of that information on more than one major search engine spread the leaked data far and wide. Containment and mitigation became exponentially more difficult.

There is some reasonably good news in all of this. At this time, it doesn’t appear any of MBIA’s clients were defrauded as a result of the breach—yet. There are also important lessons we can learn from MBIA’s mistakes. Network assets must be carefully administered, as their security is one of the first lines of defense against criminals. In addition, security warnings—whether they’re provided by ethical hackers, concerned customers or automated intrusion detection systems—must be immediately checked out.

We have the tools to thwart thieves.
buy temovate online https://royalcitydrugs.com/temovate.html no prescription

Now is the time to use them.