407-445-2414 info@wrmllc.com
6 Reasons Data Is Key for Risk Management

6 Reasons Data Is Key for Risk Management

Originally posted on ClearRisk by Rebecca Webb.

An average organization only uses 50% of its available data for decision-making. This is significant when you consider 70% of late adopters base their decisions on gut feeling or experience, while 60% of best-in-class companies use data analytics when making decisions.

Data is powerful when used to its full capability; by using all available data, an organization can establish a clear competitive advantage. Storing and regularly accessing relevant information will allow your organization to save time and money while drastically improving decision quality. Below are some of the key benefits that data utilization can have on your organization.

1. Increased efficiency

In a well-established organization, it’s easy to continue doing a task the same way out of habit and convenience. Without referencing data, you may get stuck in a routine and not recognize internal flaws. Streamlining people, processes, and tasks will increase efficiency across the organization.

2. Better decision making

Analyzing your data will provide the information required to run the organization, such as what course of action is necessary and whether your strategies have been successful. To do this, you need to have the right kind of data; ensure that you collect relevant, accurate, and complete information.

The more data you store, the more information you will have to base your next decision on. This can lead to more creative and smart strategies as well as help you choose positive risks and pursue paths that will lead to growth.

3. Financial health

Using data effectively will allow an organization to save money. By consistently tracking and monitoring costs, prices, and other useful information, you can track when spending is higher than it should be. It can also flag problem areas or help you identify costs that you shouldn’t be incurring. Further, making a habit of storing data means you will have a quick and easy process if you are ever audited or when entering tax season.

4. Making a case for any project

No matter the business idea, there needs to be some data and information to support it. By accessing stored information, you will be able to analyze data and use it to support a proposed project. With the collected data, you will be able to present your case to supervisors or employees to prove that the decision would benefit the organization.

5. Increased accountability

Without storing data, it can be difficult to know when something isn’t as it should be. A thorough database can allow management to recognize signs of fraudulent activity. It will show employees that they are being monitored, increasing their accountability and ethical actions. If something does go wrong, your organization will be able to show it had some measures in place to try and prevent the incident, thus protecting brand reputation.

6. Preventative measures

Having data allows you to analyze it. This will let you identify and mitigate against threats, reduce repetitive losses and lawsuits, and even lower insurance premiums. For more detail about the benefits of data analytics, check out our next in-depth blog post!

How CISOs Can Talk to the Rest of the Board About Data Security

How CISOs Can Talk to the Rest of the Board About Data Security

Originally posted on Lepide by Aidan Simister.

We all know by now that cybersecurity isn’t just an IT problem. The dramatic effects a data breach can have on an organization, in terms of both reputation and damages from non-compliance, mean that everyone from the CMO to the CEO needs to be concerned about data security.

One of the biggest problems organizations face is that their employees, particularly those with elevated privileges, mishandle data (most of the time unintentionally). The route of this problem often stems from a lack of awareness surrounding the latest cybersecurity threats and the consequences of mishandling sensitive data.

There is a significant gap between those with cybersecurity at the forefront of their mind (i.e. the CISOs and security teams) and the rest of the board/organization. In many cases, CISOs often have difficulty explaining data security even to the CEOs themselves.

This is a knowledge and understanding gap that needs to be bridged if we have any hope of reducing the number of insider threats that we see each year.

But where do we start?

Understand Where the Rest of the Board is Coming From

In a nutshell, it’s all about empathy.

One of the biggest challenges of being a CISO is presenting data security findings and risk mitigation strategies to the rest of the board in a way that they understand. Each member of the board is coming at the problem from their own unique perspective so, in effect, the CISO has to translate the information into a different language for each individual.

Take the CEO as an example. The main concerns for CEOs are how to grow the business and ensure that the lights stay on. So, when it comes to cybersecurity, they are unlikely to care that you’ve noticed an unusually large number of failed logins over the last few days. They want to know the whole picture, and how it relates to the business in terms of financials.

The key to appealing to the rest of the board is to cite the bigger picture. Stick to the following:

  • Let everyone know the results of your most recent risk assessments in terms they will understand. So, in simple terms, are we at risk right now? What’s are the chances of us suffering a data breach right now and how much would it cost?
  • Go through your current cybersecurity strategies and policies in broad terms. Are you able to cope with a data breach? How long would it take you to recover? How much would it cost?
  • Explain what you need to get your job done more effectively. What cybersecurity training should you invest in? What data security solutions should you choose? How are you going to ensure that the company doesn’t lose money as a result of a data breach?

Be Functional, Not Technical

Nobody likes technical jargon, not even CISOs. There’s no quicker way to lose someone’s attention than by talking in technical detail. Keep conversations purely business focused. Talk in terms of risk, consequences, and benefits.

For example, it’s no use trying to explain to the rest of the board how important it is that they regularly update their passwords and improve the strength of their passwords. They may understand the reason why you’re talking about it but it’s still not likely to change behavior. Talk instead about the business impact of not adhering to those policies (particularly in terms of the monetary backlash that could arise).

Remember, cybersecurity is a business problem, not an IT problem. It is the CISOs responsibility to ensure that they are communicating effectively with the rest of the board when it comes to data security.

10 Tips For Keeping Your Personal Info Safe Online

10 Tips For Keeping Your Personal Info Safe Online

Originally posted on Forbes by Expert Panel, Forbes Technology Council.

From shopping to banking and investing to working, much of our lives can be conducted online these days, and many consumers are taking full advantage. Yet many aren’t aware of best practices for protecting their private information. Having one’s personal data stolen is a devastating experience that can take years to correct. Some people even volunteer information online—particularly on social media—that can give the unscrupulous an inside look at their personal lives.

Fortunately, there are steps everyone can take to make their online transactions and interactions more secure. We asked experts from Forbes Technology Council to share their best tips.

1. Use Hardware Security Keys And Complex Passwords

Add a hardware security key, such as YubiKey or Google’s Titan, to every account that supports it. Two-factor identification with SMS is very insecure and easily hacked, but it’s better than a password alone. Computers easily crack passwords less than 50 characters long: Thieves break into sites, copy the password files and crack them offline. Use password managers to generate and keep track of complex passwords. – Sandra CarricoGlynt.AI, a business unit of WattzOn

2. Do A Yearly Checkup

This is an easy, yet often overlooked, hack: Do a yearly audit of the sites you’re using. If you use a password manager like LastPass, you can export all the sites it has saved. Go through those sites and make sure that you have secure passwords (and two-factor authentication), then close out any accounts you no longer use. – Michael ZaicWild Sky MediaForbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?

3. Limit What You Share On Social Media

Stop sharing so much personal information online, including your location, pictures, birthdays and trips. Hackers love this stuff, and considering how sites like Facebook are now admitting that employees and vendors had access to these profiles, it is even more important to not include as much personal information on social media profiles. – Chalmers BrownDue

4. Check Your Bank And Credit Protection Policies

There is no absolute data privacy when it comes to any online activity. If you transact any business online, you should make sure bank and credit accounts have policies to protect you in case of fraud. You do not want to self-insure if your account is hacked and being misused. Finally, never allow your browser or websites to remember your login or payment information—that is a recipe for disaster. – Wayne LonsteinVFT Solutions, Inc.

5. Have A Strong Password Strategy

It’s too easy to reuse passwords when setting up online accounts, which leaves you vulnerable when sites are compromised. I have found that using a password management tool like LastPass provides an additional layer of protection by allowing you to set strong, complex passwords. By relying on a password manager to fill in your information, you become less dependent on your “go to” and can create unique passwords for each account. – Nathan NordbyVelma

6. Don’t Share Your Social Security Number

A surprising number of services will ask for your social security number (SSN), ranging from car rental companies to doctor’s offices. They want your SSN because it allows them to tie your data together with many other sources very reliably, but legally you are not required to provide it to anyone other than the federal government. Refuse to share it and you will keep your data safer. – Sean ByrnesOutlier

7. Use More Than One Email Account

To best protect your data online, you should be creating and using more than one email account. For example, you should have one email address for sensitive information like banking, and you shouldn’t give that email out to just anybody. You should have a second email account to sign up for email lists, to receive retail coupons, for online games, etc., and a third for communication with friends and family. – Thomas GriffinOptinMonster

8. Read The Fine Print And Ask Questions

Consumers must recognize that protecting personal data is a joint responsibility between themselves and the brands they frequent. For their part, consumers should read and question the privacy policies of the websites/apps they use to clarify how and why it will be used. In turn, brands should have documented privacy policies and guidelines and have the ability to effectively address any concerns. – Michael RingmanTELUS International

9. Be Aware Of Scams

It would be so easy if there was only one thing that consumers could do to protect their data, but hackers’ tactics are constantly evolving, and the average consumer cannot evolve that fast. We see a lot of clients/consumers falling for phishing scams. Clients should just take a minute to stop and think before they react to an alarming email asking them for their data or asking them to “click here.” – Warren FinkelACE IT Solutions

10. Set Up Multifactor Authentication

Perhaps the most basic thing that can be done to protect private data is to ensure that you set up multifactor authentication. Most email providers and banks will allow you to turn it on somewhere in settings. Some may then ask you to scan a QR code with an app to enable multifactor authentication. If you have the choice, I recommend Authy. – Justin MorgenthauTriax Technologies, Inc.

5 Ways to Prepare Your Business for Natural Disasters, Catastrophes and Income Loss

5 Ways to Prepare Your Business for Natural Disasters, Catastrophes and Income Loss

Preparing for disaster includes preparing for what follows when your employees and community most need you to be open for business.

Disasters can strike businesses at any time and take almost any shape: A flood takes out a startup’s servers. A founder is imprisoned. A tornado destroys the office building. Whether it’s a natural disaster, a PR scandal or something else altogether, not being ready can add another level of devastation to an entrepreneur’s life.

I know this firsthand. My company, ONTRAPORT, endured the Santa Barbara fires and aftermath that started in late 2017 and ravaged into this year. We also had shifts on our accounting team that resulted in me trying my hand at accounting (not my forte). Needless to say, 2018 has been a year of unexpected change and destruction — both of my team’s physical surroundings and our “usual” way of doing things.

Alongside our CEO, Landon Ray, I debated: “What do we do as leaders of this company and leaders in our community?” It all boiled down to a question that wasn’t so simple to answer: What kind of emergency preparedness should you have in place so when stuff hits the fan, you’re ready to execute?

Stuff hits the fan

The fires and mudslide in Santa Barbara were crazy acts of nature that resulted in evacuations as people’s health was put at risk with the toxic air. Twenty-three people died in what’s been called “the worst disaster in Santa Barbara history.” It was a scary and traumatic experience as people were spread out, unsure of the status of people they cared about.

Before we knew how bad things were going to get, we still knew that the only way to keep our company up and running was by being proactive. We’d created an emergency plan years ago, so when the fires started, I immediately pulled the plan out at 6 a.m. because I had already lost power at my house and knew we were going to lose power in the office. We weren’t in the evacuation area yet, but we needed a generator before they sold out.

We made sure to buy the right masks for everyone after we researched how to stay safe with declining air quality. Unlike most homes in Santa Barbara, our office had air conditioning, so we ordered HEPA filters. And when we realized that wasn’t going to be enough because the air quality had become hazardous, we rented a ranch in Los Osos, two hours away. At that point, we evacuated and couldn’t return to the office. We told people to work where they could — about half came to the ranch, while the rest went to other areas with their families and loved ones.

When safe places no longer feel safe.

We heard stories from others in the area that their employers wouldn’t pay them because they couldn’t work. I get that this was an emergency, and business owners have to make business decisions. We also had some employees who couldn’t work: Our coffee and meal program employee couldn’t take care of people’s food because they weren’t in the office.

In the same vein, our childcare center wasn’t taking care of people’s kids, but we knew that, just like our meal program provider, we had to pay them so they could in turn pay rent. Those are the decisions you have to make as an employer; they go a long way toward building trust with people. Treating people well isn’t just a short-term investment but a long-term one, too. We wanted people to feel really taken care of.

And that applied to the employees who could still work as well. We set the ranch up with Wi-Fi, VPN, laptops and docking stations. We tried to close every loophole that could prevent us from offering customer support, prevent our marketing team from implementing campaigns or stop our engineers from fixing bugs or working on the development of new features on schedule.

How to prevent a disaster from getting bigger

Not every employer can move things around the way we did — but a lot of entrepreneurs can do better than they’re currently planned for. It’s all about remaining thoughtful in how you handle the disaster facing you, and there are some smart ways to do that.

1. Make your priorities known.

The only thing more demoralizing for employees who are going through a situation of disastrous proportions is feeling as if they’re means to an end. Servers, process documents and computers can all be replaced; people can’t be. Make it clear that their safety is the most important thing.

We sent daily morning and evening emails or messages through our ONTRApeeps social media community to keep everyone connected and make sure people were safe. Every day, we also sent updates on the fire situation based on the information we were receiving so our team knew we were staying informed on a situation that directly impacted their lives and livelihood.

2. Plan ahead to stay open.

While some businesses are built to be hands-on entities — say, massage therapy or tutoring services — most entrepreneurs can make plans to keep working when disaster strikes. We proactively placed our servers for customer work in different locations so customers wouldn’t see disruptions, and we created redundancy with Amazon and Google Web Services. Creating tech stopgaps can save your business.

3. Look at what your state provides.

Our state had disaster recovery funds, and employees who didn’t get paid could apply for unemployment during that time. Knowing what state benefits are available can be life-saving for both your business and your employees. Go the extra step to prepare the paperwork for affected employees so they can simply submit it if they’d like to access the benefits. Be informed ahead of time.

4. Always have three people who know how to do a job.

Not every entrepreneur has three employees. However, every entrepreneur can ensure processes are documented so anyone can follow them. When we ran into issues on the accounting side, many employees asked if they could help, but because some processes weren’t documented, we couldn’t take them up on their offers. Enforce documentation updates — if you don’t, you’ll be the one cleaning up the debris.

5. Do what you can to help.

Our company did Valentine’s Day candy grams as a fundraiser for affected families, raising several hundred dollars through people buying handmade cards from our HR team. We went together to dig out houses and hosted a bucket brigade of 300 people at our office to show our support. We couldn’t afford to provide housing or write huge checks, but we did what we could.

No one is immune from disaster, but everyone can prepare for disasters so their impact is limited. Entrepreneurs have a lot to lose when disaster strikes, and not being ready ensures that the devastation takes on new proportions. Planning ahead for the inevitable will save not just your sanity, but also your company.

Source: Entrepreneur
Author: Lena Requist

5 ways you could avoid and prepare for cyberattacks in your organization

5 ways you could avoid and prepare for cyberattacks in your organization

Preparing for any potential cyberattack is an increasingly important precautionary steps in every organization. Here’s how your team could do it without disrupting existing processes.

In an age when cybercriminals abound, it pays to prepare and be always on guard. It means being aware of strategies criminals often resort to and investing in monitoring tools as well as preventive measures to avoid such massive cyber atrocities in the first place.

Security software company Avast found that of 132 million routers tested, 41 percent could easily be hacked, a recent GSMA Intelligence report showed. In the recent years, we have seen cyber thieves switching from personal computers to smartphones to steal personal information or credentials and get the unwitting victims’ funds. Successful cyberattacks in years past may also have spawned a new generation of criminals who now focus on the preferred terminal for online payments and shopping transactions: smartphones.

Various forms of cyberattacks

Just as there are software programs that can protect users from cyber crooks’ exploits, including creating malicious phishing websites that closely resemble trusted destinations, there are software that hinders users from accessing their systems. Being locked out of their computers has sent many people into panic mode.

So, what can regular users do to avoid or be ready for cyberattacks? First and foremost, be mindful and do not be easily tricked into clicking on a link or attachment. Accessing the web or sensitive information through VPNs is another way (free VPNs are no way to go!).

Information technology experts have repeatedly warned people about the existence of malicious sites that impersonate legitimate URLs. It is high time PC and other gadget users heed such warnings and keep a closer eye on URLs.

Now that cyber villains have turned their attention to smartphones, it is crucial to protect personal information and other data stored in it in two ways: One is by avoiding installation of unofficial applications. Another is by doing regular updates of the operating system when requested, and not forgetting to enable security mechanisms.

At the recent Mobile World Congress held in Barcelona, smartphone makers have unveiled phone innovations with enhanced security features. With the growing uneasiness of consumers over hacking incidents, companies have lost no time rolling out into the marketplace supposedly more “secure” devices.

Notwithstanding the arrival of gadgets with improved security features, consumers still should not be complacent. Software firm strategists have advised checking out online file sharing services and making the most of protective features that come with certain devices.

With its ability to predict health conditions, support more accurate and timely clinical diagnoses, and streamline clinical operations, artificial intelligence is opening new frontiers in healthcare.

CEOs and IT security experts continue to underscore how perilous cyber threatsare to their organizations. They maintain that there are ways to safeguard systems and be prepared for such attacks. The best form of an advance, they say, is advance planning.

Numerous companies across the world have taken a proactive stance and instilled greater awareness in their workforce on the steps to take to protect organizational assets in the face of rampant cyber attacks.

There are five ways to brace for cyber attacks, as The Guardian gathered from a range of experts:

  1. Identifying the key threats and ensuring that incident management processes address those threats
  2. Deciding which data or information to protect and opting for a pragmatic approach
  3. Practicing response to a potential attack and creating a sense of urgency as well as a culture of security in the workforce.
  4. Enlisting the services of a good forensic vendor at the soonest possible time
  5. Consider the role of big data, and meld data analytics with human threat research

Importance of preparations

Various industries have fallen prey to cyber villains. Studying and using a multi-faceted approach and making informed decisions may save organizations a great deal of resources, apart from eliminating huge stress on IT workers.

At an event in Beijing that doubled up as a pre-briefing for the MWC 2019, Huawei announced the TIANGGANG chip that will support simplified 5G networks and large-scale 5G networks all over the world.

It is also important to note that cyber attacks may strike and affect even established firms. In addition, companies should look into investing in monitoring tools.

David Mytton, CEO of a scalable infrastructure monitoring software company, lamented that “most businesses aren’t up to speed with how to mitigate the damage if an attack occurs.” Among the things that can help is a well-structured recovery plan, and testing the plan with regular simulations and practice runs, The Huffington Post reported.

Cybersecurity measures require more than fleeting attention. Cyber crimes have become commonplace, necessitating planning and implementation of strategies and countermeasures. Undertaking concrete steps now may help neutralize the threats. An updated knowledge on the vulnerabilities that you or your organization faces can go a long way.

Source: CIO
Author: Josh Althuser