Month: May 2017

[Editor’s note: This guest post comes to us courtesy of tech consultant Rick Delgado. To submit guest articles email erik@bernsteincrisismanagement.com]

As the ever changing cyber security threats continue to rise, businesses are eager now more than ever to protect their company networks, computer systems, and confidential information. Having a strong cyber security program is necessary for developing and conducting the right safety measures that will ultimately protect an organization’s data, resources, and assets. However, in addition to the advanced techniques of hackers, with more and more devices that are adopted by businesses creating their own data, storing personal information, and coming equipped with internet capabilities, there are more routes available for hackers to access this information and therefore more opportunities for a business to experience a security breach.

It is important that businesses and other institutions have access to the best talent and technology in order to keep up with and surpass the efforts and persistent threats of cyber hackers. With these constant shifts in technology, whether they be improved data storage or intelligent video analytics, traditional security protocols are just not enough anymore. As businesses look for new security solutions to invest in, they should consider approaching their cyber security efforts in a more methodical way. Specifically, businesses need to find methods that allow for adequate time to perform security monitoring measures without slowing down networks or interfering with a user’s experience. Here are two systematic techniques businesses can use in their cyber security criteria.

Second-Level Screening

Security monitoring and network gateway devices prove to be some of the most fundamental tools within a business’s information security system. However, in order to keep everything running smoothly, these programs are often required to make judgement calls very quickly. While these indicators are fast, they can also be unreliable. This rushed decision making process can lead to errors, both with rejecting clean files and admitting malware. In order to prevent misjudgments but still allow for a speedy detection process, businesses should invest in security architectures that rely on second-level screening processes. Using an additional screening procedure allows for files that originally passed through the quick scan to be examined more carefully. This second screening can use slower but more reliable processes such as detonation, static analysis, and other methods to ensure better and stronger security systems. If infected files did have the opportunity to make it past the original scan, second-level screening will be able to alert a business of this breach, giving them the chance to respond and recover from any damages before they are too severe.

Isolated Web Scanning

Just as using a second-level screening process allowed for slower but more efficient analysis of incoming files, it is important that cyber security monitoring systems have more time when interacting with the web. Traditionally, security systems were able to protect their network from malware sent through email, however, many cyber hackers are now using infected links to the web within emails instead of directly inserting malware. Some security systems attempt to scan these links, but unfortunately these sites can detect when these scanners have accessed the link and can either create complex pathways or present a clean site. In order to protect a business from malware accessed through the web, organizations need to invest in security programs that isolate the browser from the data flow and its movement of the file to the desktop. This separation can keep this data contained while the security monitors have time to analyse and detect whether or not it presents a threat. Incorporating this method of isolation allows for data to be processed without affecting a user’s experience on the web. Additionally, this security protocol only needs to scan files that the user wants to save.

Approaching your cyber security program with these two methodical ways in mind will allow your security systems more time to analyze incoming data and provide more accurate results. By investing in systems with second-level screening and isolated web scanning abilities, businesses will be able to be better prepared for security threats. As data breaches become more and more sophisticated over the years, they also become more complex and expensive. It’s estimated that over the past few years, the average cost of an information breach has increased by 29 percent. It is important for businesses to remember that it is far less expensive to prevent a security breach than it is to pay for the damages of one.

Rick Delgado is a business technology consultant for several Fortune 500 companies. He is also a frequent contributor to news outlets such as Wired, Tech Page One, and Cloud Tweaks. Rick enjoys writing about the intersection of business and new innovative technologies.

Hurricane season is on the way, and tragically many businesses will be caught under-prepared. In 2012 severe weather caused more than $100 billion in damaged within the U.S. alone, and a failure to plan and prepare can mean a big storm takes your business out for good. There are enough unpredictable crises in the world, there’s no excuse to not plan for events that can be expected to impact you.

To help, our friends at MissionMode have published a whitepaper on severe weather planning that includes tips on planning, preparedness, and resiliency:

This white paper is a guide to planning and implementing your weather response, and it’s much more than a simple checklist. Resiliency is the ability to withstand and ‘bounce back’ from an emergency event. The white paper helps you to think through the processes that will result in a successful response to a weather threat. Your business and people will then be truly prepared and resilient.

To download the paper, head to the MissionMode site by clicking here.

——————————-
For more resources, see the Free Management Library topic: Crisis Management
——————————-

[Jonathan Bernstein is president of Bernstein Crisis Management, Inc., an international crisis management consultancy, author of Manager’s Guide to Crisis Management and Keeping the Wolves at Bay – Media Training. Erik Bernstein is vice president for the firm, and also editor of its newsletter, Crisis Manager]

Steer clear of trouble on social media

Ahhh social media. It’s so awesome, but at the same time there are so many pitfalls waiting to cause issue for your brand. In this infographic, the experts from Quill.com lay out some ground rules for the most common social media blunders and how to fix the problems they can create.

——————————-
For more resources, see the Free Management Library topic: Crisis Management
——————————-

[Jonathan Bernstein is president of Bernstein Crisis Management, Inc., an international crisis management consultancy, author of Manager’s Guide to Crisis Management and Keeping the Wolves at Bay – Media Training. Erik Bernstein is vice president for the firm, and also editor of its newsletter, Crisis Manager]

“Fake news” has become a major buzzword, but don’t let that distract you from the fact that it’s a real problem. The drive for rapid reporting and need to break stories to grab those ever-more-valuable clicks has hurt journalistic integrity. Now it’s up to you to do the research on news coverage you find online or even in print and decide for yourself whether it’s a story you can trust.

FactCheck.org published a great piece titled, “How to Spot Fake News” back in November, and the IFLA’s Library Policy and Advocacy blog team converted it into the handy infographic below:

——————————-
For more resources, see the Free Management Library topic: Crisis Management
——————————-

[Jonathan Bernstein is president of Bernstein Crisis Management, Inc., an international crisis management consultancy, author of Manager’s Guide to Crisis Management and Keeping the Wolves at Bay – Media Training. Erik Bernstein is vice president for the firm, and also editor of its newsletter, Crisis Manager]

 

[Editor’s note: Many thanks to frequent contributor Tony Jaques for allowing us to use this article, originally published in his Issue}Outcomes newsletter. Tony often covers news out of Australia and the surrounding regions which lets us take a look at great crisis management case studies we may not have seen otherwise.]

Crisis or disaster? IT has helped blur the language

It’s time business stopped misusing the word disaster, and the IT industry needs to take a good share of the blame.

Most recently, an April post on the Hewlett Packard Insights blog, declared: “In general, anything that significantly impairs day to day work can be considered a disaster.” The reality is, No, it can’t!

Writer Wayne Rash went on to say: “It’s worth noting that a disaster in this (IT) context does not necessarily mean widespread destruction, loss of life, or general catastrophe. What a disaster means to you is defined by what interferes with your operations to the point that it endangers your business and thus requires a disaster recovery response.”

What Mr Rash is saying just might, maybe make sense in the IT world where such language is common, but it’s bleeding into general management usage, and that’s a big problem.

Of course the IT industry can’t take all the blame for devaluing the word disaster. Contrary to typical news media headlines, losing a crucial football match is not a disaster, nor is a temporary fall in a company’s share price. In fact, in recent times, the word ‘disaster’ has progressed from being devalued to being entirely trivialised.

A celebrity posting an unwise twitter message is now labelled as a ‘PR disaster’ or a ‘social media disaster,’ while a Hollywood star choosing the wrong dress for a red-carpet event becomes a ‘fashion disaster.’

This language is genuinely unhelpful and distracts attention from serious matters of real concern. Consider by contrast the United Nations definition of a disaster as: “A serious disruption of the functioning of a society, causing widespread human, material or environmental losses and exceeding the coping capacities of the affected communities and government.” Or within a business context, the Dutch crisis experts Arjen Boin and Paul ’t Hart say: “A disaster is a crisis with a devastating ending.” Anything less just doesn’t quality.

While there is clearly a massive difference between a pop culture ‘disaster’ and a true societal or organisational disaster, contamination of broader business language by misuse of the word has serious consequences for issue and crisis managers.

A key consequence arises from the widespread belief in the IT world that the answer to just about every such problem is a disaster recovery plan. As Mr Rash put it: “A disaster recovery response is the set of actions your organisation must take to continue operations in the face of an unforeseen event.”

Business continuity and operational recovery are vital, but they are just one tactical element of an organisation’s crisis management process. The modern approach to crisis management recognises that it should encompass crisis preparedness and prevention; crisis response; and post-crisis management (of which operational recovery is one part). And that it applies to every type of crisis – financial, organisational, legal, political and reputational, not just operational.

We all love IT and the wonders the digital world can bring to issue and crisis management. But any organisation which says: “We have a great business continuity plan so we are crisis- prepared” is in line for a very big and very costly surprise.

Tony Jaques manages Australian-based issue and crisis management consultancy Issue}Outcomes, and is the author of Issues and Crisis Management: Exploring Issues, Crises, Risk and Reputation, available on Amazon now.