Data Backup Strategy Tips for World Backup Day

Posted on by

As tomorrow’s World Backup Day should remind us all, there is one risk mitigation measure every company should have in place and regularly reevaluate: a data backup strategy. A data backup is an archive or copy of a company’s information, sensitive or otherwise, and presents a critical part of any enterprise’s disaster recovery plan, especially in the event of a data loss. Data loss can come in many forms, including physical theft, hard drive failures, simple human mistakes, and ransomware attacks. Given the range of potential risk scenarios, risk professionals and business leaders assess their backup strategy as part of all disaster preparation and response plans. 

While 93% of small businesses use cloud-based backup solutions, there are many options for risk professionals or IT leaders to consider. For example, there are also smaller storage methods like removable media like USB flash drives or external hard drives that you might encourage remote employees to use to protect their data. There are also backup services companies can use to outsource their data backup strategy altogether. 

When creating or reassessing a company’s data backup approach, there are few concepts business leaders should familiarize themselves with:

Recovery Point Objectives

RPO, or recovery point objective, is the amount of time between your routine data backups. This can also translate into the amount of data that may be at risk in the event of a data loss. If you backup your company’s data once a week, for example, you potentially could lose a week’s worth of data. Choosing to back up more frequently can thus help reduce data loss risks. 

Recovery Time Objectives

RTO, or recovery time objective, is the time it takes for your business to restore its data from a backup. This is entirely dependent on how robust your data backup is and how much data you need to recover from it. Generally, the more streamlined your data backup strategy is, the faster your recovery time will be. Putting all of your data in the same type of storage solution can also improve your RTO.

The 3-2-1 Backup Strategy

Whether your business is large or small, one data backup strategy is considered best practice—the 3-2-1 backup strategy:

    • Create three copies of your data.
    • Put those copies of your data on at least two types of data storage solutions.
    • Store at least one of those storage solutions in a remote location. 

In honor of World Backup Day on March 31, check out the infographic below for more data backup tips and data loss statistics from Norton:

an infographic summing up data backup solutions and storage options, plus data loss statistics

Texas Cold Crisis: Insurance Options for Severe Weather Disruption

Posted on by

On February 15, a massive and unseasonal storm with frigid temperatures spiked the demand for power and outpaced the supply, severing power to 26 million Texans. Unpredictable weather patterns present risks for business owners, but also create an opportunity to improve their risk mitigation strategies to address future uncertainties. 

Power outages are not caused by storms alone. Heat waves, hurricanes and wildfires can also create power outages—and outages are more common than business leaders may think. S&C’s 2018 Commercial and Industrial Power Reliability Report found that one in four businesses experience at least one power outage per month. The Department of Energy estimates that these outages cost companies $150 million per year. Although companies may face spoilage-related losses, data centers often experience the most severe consequences. When a data center goes down, it can impact a business’s most vital proprietary assets. According to a Ponemon Institute study, the cost of an unplanned data center outage is $5,600 per minute with an average recovery time of 119 minutes resulting in a loss over $690,000.

The cost for businesses goes beyond damage. Litigation tends to run rampant, and with the recent Texas power outages, businesses are already facing lawsuits. The family of an 11-year-old boy who died of hypothermia is suing energy company Entergy and grid operator Electric Reliability Company of Texas. Multiple wrongful death lawsuits are predicted from incidents including carbon monoxide poisonings, house fires and shelter closings.

A range of insurance options can help businesses protect themselves from complex, evolving and completely unpredictable risks such as natural disasters and climate change.

Property insurance protects the building and physical assets like equipment, supplies, inventory, fixtures and computers. However, property insurance may not provide all the coverage needed. Exclusions like floods, sink holes, earthquakes, terror incidents, and chemical, nuclear, biological and environmental events are likely not covered. An unexpected policy exclusion can be devastating and result in a claim being denied, leaving business owners and leaders feeling helpless and infuriated.

Business interruption insurance is helpful but may not be enough. Typically, when damage obstructs business operations, it is covered by property insurance, and business interruption insurance covers losses from interruption. However, a natural disaster can create a perfect storm, so to speak. For example, if an establishment is forced to close due to lack of power, there can be a denial of claims. Business owners may be able to have property repaired, but cannot recoup the lost revenue through insurance.

Another option for businesses is to choose captive insurance and own their own insurance company. This establishes a more robust approach to risk management, and enables the business or business owner to own a profitable second business. This can help lower commercial insurance costs, build up assets and loss reserves, enhance critically needed cash flow and liquidity, and help prevent losses from hollowing out the total business entity. Importantly, successful captive insurance companies are filled with liquid assets that back the reserves for potential future losses, owned by the business or business owner. Liquid assets are often more desirable than durable assets that depreciate and may be difficult to sell. Finally, a captive insurance company is a regulated entity.

A captive primarily insures its parent company or related companies, so the parent company can purchase insurance from its wholly owned captive. Such purchases may replace all, or a portion, of its commercial insurance. Additionally, risks that are unable to be insured, are cost prohibitive, or are underinsured in the commercial insurance market can be placed in the captive insurance company. The captive can also insure gaps in third-party commercial insurance policies.

Benefits of Captives in Natural Disasters

While businesses with claims for property insurance or business interruption coverage are denied, a business with a captive insurance company would not face exclusions that leave them vulnerable. Since a captive insurance policy can be written to be broad and robust, it has more triggers than third-party commercial insurance, sos an event may covered where business interruption might not provide coverage.

Captive insurance also serves as a valuable financial strategy. When captives build up loss reserves, backed by corresponding assets, those assets are available for dealing with a catastrophic event. When a business has to restart or relocate their operations, assets are readily available to help it navigate the challenges and pursue big changes. The business owner can use the asset buildup in successfully managed captive insurance companies to help grow the business by funding acquisitions, growth strategies and enhanced risk mitigation strategies via a dividend from the captive insurance company to the business owner.

Before another crisis strikes, businesses should review insurance policies, determine whether current policies offer adequate coverage, and determine if a captive will help them face the next worst-case scenario.

Preparing for the Next Stage of the COVID-19 Pandemic at RIMS Content Roundtable

Posted on by

In last week’s “RIMS Content Roundtable: COVID-19 Vaccines and Distribution,” a group of RIMS members gathered for an exclusive Q&A with Dr. Adrian Hyzler, chief medical officer at Healix International, who focused on progress with COVID-19 vaccination efforts and moving toward a “next phase” of the pandemic.

“Where we’re headed is: this pandemic will end—all pandemics end—but it doesn’t end all of a sudden, it goes out with a whimper…it sort of just seeps away at different rates around the world,” Hyzler said, noting the rates of vaccination and controls implemented country by country will curb the coronavirus at different paces. “But it’s now going to be an endemic disease, meaning it’s something we live with. We’re not going to get rid of this disease.”

He believes recognition among public health experts that COVID-19 will become endemic rather than be eradicated prompts new conversations about expectations and preparations around the world.

“The new dialogue is: what is the acceptable level of COVID and what is the acceptable level of deaths from COVID? Because COVID is a respiratory disease and people die of respiratory diseases every year, especially in winter. That’s something we live with,” Hyzler said. “We’re going to have to get to a point where there are going to be people who die from COVID every year, but they’re not going to overrun hospitals, and they’re not going to affect care of other diseases.”

Getting to the stage of “a disease we live with” requires mass vaccination, and he stressed the importance of the widespread effort to encourage people to get COVID vaccines as soon as possible. Scientists are not yet sure what percentage of the population will need to be fully vaccinated to control the pandemic sufficiently and, he said, “that’s vaccinated across the whole population evenly, and that’s not the case—we know there are communities where they are vaccine-hesitant, we know there are religious groups that are not as confident about the vaccine, and they tend to cluster, so those are always ready for outbreaks.”

Rather than discuss the sometimes controversial or scientifically debatable concept of “herd immunity,” Hyzler encouraged thinking about “community immunity.”

“‘Community immunity’ is good because it’s more about what we can do for each other,” he explained. “Getting vaccinated, for a 28-year-old, is not necessarily about that person, it’s about what it can do for the community—the older people, the people who have preexisting conditions that make them vulnerable.”

This kind of community orientation and widespread adherence to best practices will be critical in getting to any next phase of the pandemic, and to staying there. Reflecting on his experience of the acute lockdowns implemented in the U.K., for example, Hyzler stressed the lessons learned about the impact of mass adherence to mitigation and prevention measures. “Even with the variant that’s come out here that is very transmissible and has become common in the States, we’ve shown that non-pharmaceutical interventions—which are masks, distancing, isolation, hygiene—they work,” he said.

Many of these non-pharmaceutical interventions will not be going away any time soon—indeed, they may be just as critical moving forward. Hyzler predicted, “I think, into next year, we may still be wearing masks in many situations and there may be a great move to more things outdoors, since we know how much safer that is, and I think we’ll have learned a lot of things from this… Hopefully we’ll also be more ready for something that will happen again.”

As the world moves toward mass vaccination to help curb COVID-19, companies should be preparing for the next stage of the pandemic and creating detailed plans for safely returning to work. To that end, Hyzler noted some large private companies have publicly offered resources to help other enterprises protect employees and operations amid the pandemic and prepare for a return to workplaces.

For example, Ford has published two versions of a “Return to Work Playbook,” one for manufacturing and another for non-manufacturing companies. According to Ford, in addition to providing these documents to employees, “the company is also providing a copy to its suppliers, business partners and relevant third parties to ensure they are all aware of its health and safety practices when they are on site at Ford facilities or are interacting with Ford personnel.” Companies outside of Ford’s supply chain can also benefit, however.

“Add in some CDC advice, and look at what people [around you] are doing, because there are little things you can do that are very specific to your area or your workforce,” Hyzler recommended. “Then, take the information [from the playbook] that’s useful and mold it into a mini version of a playbook, if you’re a smaller company.”

In addition to the Ford playbooks Hyzler mentioned, check out these publicly available resources from the private and public sectors that may offer help in managing COVID-19 risks and creating a return-to-work plan for your enterprise:

Ford’s Return to Work Manufacturing Playbook [PDF]
Ford’s Return to Work Non-Manufacturing Playbook [PDF]
IBM’s Return to Workplace Playbook [PDF]
Kaiser Permanente’s COVID-19 Return to Work Playbook
CDC’s Guidance for Businesses and Employers Responding to Coronavirus Disease 2019 (COVID-19)
CDC’s “Daily Activities” Guide for Returning to Work
OSHA’s Protecting Workers: Guidance on Mitigating and Preventing the Spread of COVID-19 in the Workplace

Participants in the roundtable event were able to debrief with fellow risk professionals in breakout rooms, sharing impressions from the session and experience addressing related risks within their own organizations. For more opportunities to discuss return-to-work plans, vaccine considerations and other COVID-related risks with other risk professionals, all RIMS members can continue the conversation on Opis, the society’s community engagement and networking platform. Among almost 200 education sessions, the upcoming RIMS Live 2021 virtual conference will also offer dozens of COVID-related education and networking events from April 19 to 30, and registration is now open. To hear more insights directly from Dr. Hyzler, you can check out his appearances on the RIMScast podcast.

Human Trafficking and Supply Chains: Q&A with Tim Nelson of the Slave-Free Alliance

Posted on by

The International Labour Organization estimates that 25 million people are subject to human trafficking around the world, with children comprising one of every four victims. In many cases, the victims are used and transported by their traffickers in supply chains. 

Tim Nelson is the international development director for Hope For Justice, an anti-trafficking organization that aims to end modern slavery. He also holds the same title at the Slave-Free Alliance, an affiliated group that collaborates with businesses to assess and prevent the risk of human trafficking in their supply chains. Nelson recently appeared on RIMScast to discuss the how human trafficking has evolved into a major supply chain risk and how employers and employees can identify signs of this abuse.

Check out some highlights below, and to take a free deep-dive with Nelson and learn how to take action to prevent human trafficking in your company and community, download RIMScast episode 120.

For more information on steps businesses should take to help identify and combat modern slavery on their premises, you can also check out the Risk Management feature article “Human Trafficking: How Businesses Can Combat the Modern Slavery Epidemic.”

What inspired the creation of the Slave-Free Alliance?

Tim Nelson: We primarily started in the U.K., and formed because of the Modern Slavery Act, which requires companies with £36 million (about $50 million) or more in their annual revenue to state their efforts to remove slavery from their supply chain. Consequently, we tend to work with businesses above that £36 million level and we try and effectively help them honor their commitment.

We also work alongside federal or local police and alongside other NGOs and effectively try and be a trusted friend. Many people, because of the countries that they come from or what they’ve been told, are suspicious of police or are worried about corruption. We can be there to build that bridge of trust.

How can someone identify trafficking and modern slavery?

TN: Traffickers are those individuals who would use other people to generate profit for themselves and are looking for every opportunity. Global estimates indicate that there’s $150 billion made from this illegal activity. And therefore, the traffickers have thought it through. 

One of the complexities in identifying it is that human trafficking is hidden in plain sight. The common form that most people are aware of is sexual exploitation. But ultimately, traffickers [also] realized that they could traffic individuals to work in the supply chains of businesses, making components, working in manufacturing, working in agriculture.

Could you provide an example of how traffickers permeate supply chains?

TN: Last year there was a case where 400 victims were identified as being slaves within the primary supply chain of some of the major supermarkets within the U.K. And, like we said earlier, it was in plain sight—no one could see how this was happening.

This particular occurrence happened because the traffickers had gotten control of a recruitment company and they were able to bring individuals from a non-English-speaking nation to the U.K. Those individuals were given jobs, but the traffickers had control of their bank accounts. They were forcing these 30-plus individuals to live in a three-bedroom property. Many of them were washing themselves in a local river—not having running water was a sign that this is not how people should be living in 2020. 

National Slavery & Human Trafficking Prevention Month is held annually in January to educate about the different forms of human trafficking. What can risk professionals do to ensure the awareness continues all year?

TN: I would encourage all businesses to realize that they’ve got the power to change this so easily if they start to engage and put in different processes and systems. And part of what we’re trying to do is not to just encourage individuals or companies to stop buying goods from a particular company. If you just stop dealing with a company because you suspect there’s modern day slavery or trafficking happening, that company will close and another one will open like a phoenix. Companies can also sometimes be complicit just by not even looking or allowing enough due diligence to show that they are slave-free within the supply chain.

Is there a bottom-line impact as well?

TN: What we are seeing now is, internationally, inaction can be a major risk to your business. I can think of companies where issues around slavery were brought to the fore and share prices dropped by half as institutional investors pulled out. This is a key ESG issue, which makes it a C-suite-level risk in many cases.

What should companies expect when they engage with the Slave-Free Alliance?

TN: The first thing that we would do is conduct a gap analysis. This is not just looking at where you’re getting supply from—it’s to try and identify the weaknesses that may be in your supply chain. And that gap analysis forms something almost like a risk register.

Every company is different. I spoke to a Fortune 100 company last month that didn’t even have a procurement division. And that’s what I would have assumed every major multinational had. But every company has a different approach to it.

Quite often, a lot of people find that the even the thought of how big their supply chain creates a massive complexity because there might be just three people running the procurement department.

When we see something that would sit within the risks that we identify, then we work with the companies to diminish that risk. It could be an [unannounced] site assessment or working with those people who are going in and auditing the factories themselves.

For more information about how your business can combat and identify modern slavery, visit the Slave-Free Alliance and Hope For Justice. You can report suspected activity in the U.S. to the National Human Trafficking Hotline and internationally to the International Labour Organization.