Archive for 'Information Risk Management'

3 Steps You Must Take TODAY to Reduce Your Software Risks

The following is a post written by guest author Kit Merker.

Kit Merker has been in technical and management roles for over a decade, doing everything from project management, coding, design, testing, and running a service. He currently works at Microsoft as a Developer Evangelist. Kit Merker has a blog dedicated to preparing for software disasters. Be sure to follow Kit on Twitter after reading his guest blog post below! 

These are times of economic uncertainty for many businesses, and the very idea of spending much-needed funds on something that might happen may seem like suicide. According to CIO.com, business continuity & disaster recovery is NOT a top priority for CIO’s.

It’s a normal human tendency to stay optimistic and believe that you are immune from disaster. We say, “that’ll happen to other people, I’ll hope for the best and focus on my day-to-day activities.”

But, as I say probably too frequently, hope is not a strategy.

Software Risk ManagementImagine if a disaster hit and you sustained serious downtime, got hacked, or lost data your customers needed. The results would be disastrous for your reputation and could mean the end of your business. You’d be kicking yourself for not preparing.

But just like a teenager learning to drive, sometimes getting in an accident helps you learn to operate more safely. The good news is that there are practical things you can do to reduce your risks of software disaster.

Here are 3 things you can do TODAY to reduce your software risks:

1. Create a Crisis Phone Tree

I am a huge fan of lo-fi approaches to dealing with the unknown. This may seem like basic housekeeping, but it will help you handle a crisis much better than having the wrong people or the wrong contact information. When’s the last time yours was updated?

Also, you could create a simple rotation to designate who is “on call” in a given week to handle anything unexpected. You don’t need heavy policy & procedure if you have smart people who are familiar with the software empowered to do the right thing.


Read more

11 Reasons Your Laptop Will be Hacked and How to Immediately Prevent it.

John Downey is the Vice President of Software Development at ClearRisk Inc. The ClearRisk team is excited to share John’s technical expertise to help you manage technology risk at your organization. 

It seems like every day now that we hear about another company’s network or laptop being hacked, or a business accidentally revealing confidential files. From Stanford Hospital exposing 20 000 patient records to the hacker attack on Sony that compromised 71 million accounts, even the largest and most seemingly secure organizations are susceptible to data insecurity.

Collaborating with the IT security experts here at ClearRisk, I’ve created a list of 11 easily preventable mistakes almost everyone unknowingly makes. I’ve also provided information security tips that are necessary to help prevent data insecurity as a result of these common mistakes.

Top 11 Easily Prevented Information Security Threats:

1. Using the same password for multiple account.

Never use the same password for two separate accounts. This is especially important for your email; if a hacker can gain access to your email, it’s likely that they can also get into other important accounts from your email, such as your online bank account. Think about this: if you sign up for a service, providing your email and creating the same password you use for your email, this is the only information the wrong person needs to gain access to everything else. 

Preventing Data BreachesAt the very least, you can create different groups of passwords. For example, create one password to be used for your email, one to be used for your banking, and another for all low security accounts. Ideally, you should use a password generator or manager that allows you to create passwords that are impossible to guess.


Read more

RIMS Canada Conference: 10 Years Post 9/11

September 11, 2001 is this generation’s Kennedy assassination. It’s the day when everyone knows exactly where they were and what they were doing when they first found out about it. For risk managers in Canada, that day was spent in Ottawa at the RIMS Canada Conference.

RIMS Canada Conference in Ottawa I was walking through the exhibit hall when a friend with BI&I (the Hartford Steam Boiler -Munich Re) asked if I had heard what happened. I spent the rest of the day mesmerized and horrified in front of my hotel room TV. The rest of the conference was sombre and serious as we thought about our industry friends and colleagues that were among the victims that day.

In a few days, risk managers from across Canada and many from the US will once again gather in Ottawa, the nation’s capital. The annual RIMS Canada conference runs from September 18th through 21st. I suspect there will be a lot of reflection about what has changed in the world of risk and risk management since that dreadful day. The short answer: everything.


Read more

The 6 Biggest Risks Concerning Small Businesses

 

SMB RiskI recently participated in an interview on the risks faced by SMBs with Pam Clark of Business Insurance.   Matthew Brodsky of Risk & Insurance Magazine, Jon L. Gelman an expert on worker’s compensation and I set out to give small business owners some useful advice on their most pressing risk management issues. Go here to view the full interview.

Matthew and Jon provided some excellent answers, so the entire article is well worth reading! For the benefit of our readers, I want to reiterate 6 important points we covered.

Early Risks to Address


Read more

How to Reduce Social Media Risk in Your Company: A LinkedIn Discussion

The risk involved with social media is not a new topic. In fact, we talked about it last year in our blog post Social Media Policy: Avoiding a Death-Blow! This is still a relevant topic; with the popularity of social media ever increasing, businesses must prepare for the risks that come along with the opportunities that social media provides.
Social Media Risk Management

I asked the LinkedIn community “How do you handle the risk of social media in your company?” With such a great response, I had to share the discussion. Here’s what several LinkedIn professionals had to say.


Read more

Risk Management is a Team Sport

Risk Management TeamworkThis week, ClearRisk is proud to present a guest blog post by Allan R. Morton, Jr. CIC, CRM.

Allan is the managing partner of Morton Insurance & Risk Management.  15 years in the industry is marked by his passion to drop money to their bottom line and increase negotiating leverage with insurers via proactive risk management.  He is a Certified Insurance Counselor as well as Certified Risk Manager.

One of the biggest challenges I have is how to keep a prospective client’s eyes from glazing over when the phrase “Risk Management” is mentioned.  It’s almost like those two words are part of a magical incantation which puts many in upper management into trance-like states.  It confounds me. There is something utterly unglamorous about it I suspect.  It’s not exciting, flashy, or as sexy as landing a big deal.


Read more

Best of @ClearRisk – Our Risk Management Twitter Feed (Part 2)

This is the second of a series of posts entitled Best of @ClearRisk – Our Risk Management Twitter Feed. Click to read our previous risk management Twitter feed post.

With a busy and constantly updating Twitter feed, it is sometimes easy to miss great risk management content. Last month, we noted some of the most popular blog posts and articles that have been shared on the @ClearRisk twitter feed.  Risk Management Twitter Feed

First, we tweeted about The 10 Best Industry Blogs, a post from Risk Management Monitor. This was our top clicked-on link for risk management news; the post acknowledges 10 of the best blogs in the risk management and insurance industry. We would also like to thank Risk Management Magazine for recognizing our blog amongst these great industry resources. Risk Management Monitor provides daily stories, commentary, interviews, and more, all related to the risk management and insurance industry.  Be sure to visit Risk Management Monitor and read the blogs mentioned within the full post!


Read more

Mobile Risk: What are you really carrying with your smartphone?

Kevin Bacon had his stolen in New York, British Major General Gerry Berragan had his pick-pocketed on a train in China, President Obama may still have his hacked, and at any point in time thousands of smartphone owners could be running information-leaking viruses without knowing it.

Living in an increasingly mobile and connected world changes the boundaries and realities of risk. When you carry the world at your fingertips you take with you risks that, if not properly managed, can bring about huge loss.

Of major concern are risks surrounding viruses, theft and loss. These risks can affect the protection of employee and customer information, your company’s reputation, your intellectual property, and your competitive advantage.

How do we put ourselves at risk?


Read more

How to Protect your Company’s Communications with E-mail Policy

In the wake of a large-scale online denial of service attack made possible through the hacking of personal e-mail accounts, we asked the LinkedIn community if employees should be able to use external e-mail addresses for work-related communications. We share their views and insights with you below.


Read more

Twitter Recovered from two Service Interruptions. Can you?

On August 6th, microblogging service Twitter.com was the victim of a distributed denial-of-service (DDoS) attack that kept it offline and scrambling to recover for over two hours. On the 12th of August, it was again the target of a second DDoS attack that this time kept it offline for a mere 30 minutes.

While a politically-fuelled attack on multiple social networking sites may be pretty far down the list of anticipated risks, we wonder – What planning and procedures did Twitter have in place to address and recover from such an event?


Read more

© 2011 ClearRisk Inc. All Rights Reserved.