Tag Archives: technology risk

Immediate Vault Immediate Access

Converting a Conference to 100% Virtual in One Week

Posted on by

Conference organizers have been among the hardest hit by COVID-19. When your entire business is predicated on bringing people together, pivoting is not easy.

On March 12, 2020, the InsurTech NY team saw a dark future ahead. Officials had confirmed 500 people in the United States tested positive for the coronavirus, President Donald Trump had just announced restrictions on flights to and from Europe, and we were one week away from hosting the 2020 InsurTech NY Spring Conference, our annual New York City-based in-person event. We had planned to host seven panels, 20 startup competition pitches, and four TED-style talks, totaling more than 60 speakers. As part of the competition, more than 20 judges had to vote on winners in near real-time. We also promised to provide networking opportunities with one-on-one meetings for all attendees.

buy lariam online azimsolutions.com/wp-content/uploads/2023/10/jpg/lariam.html no prescription pharmacy

For the health and safety of our guests we knew we could not continue this event in-person. Fortunately, we had experience running webinars and virtual communities and activated a preparedness plan that we created when coronavirus was still mainly in China.

buy clomid online azimsolutions.com/wp-content/uploads/2023/10/jpg/clomid.html no prescription pharmacy

However, we knew pivoting to an all-virtual event would be a monumental challenge.

Immediately we went into action. Within 12 hours, we called every speaker and sponsor about the new format. All speakers stuck with us. We went on to draft communication to notify all attendees. We also created a full web page detailing our experience. For others who may need to shift their in-person events to virtual ones, here’s a brief roadmap with key steps that we took and may help you too:

Convert existing staff to new virtual roles. Current staff and volunteers need to be immediately converted and trained on new virtual roles. To be effective, you need people dedicated to wearing new hats and carrying out last-minute responsibilities. This may include working during after hours and weekends. Some of these roles were already defined, but others needed to be redefined. They include:

  • Speaker liaisons: Assign at least two people to ensure speakers join their sessions on time and their A/V works.
  • Stage manager: This person keeps track of time and communicates verbally to speakers to cue them.
  • Presentation controller: A dedicated person to share and run the slides for presentations.
  • Master of ceremonies (MC): A dedicated host to introduce speakers and lead transitions.
  • Help desk: At least two people with technical expertise to respond to any tech or access issues.

Over-communicate to everyone. Send “how-to” information constantly, specifically about accessing the conference itself. If possible, use multiple channels, including text and social. Even then, you may have some people who have difficulty accessing the sessions.

Organize dry runs of the entire event with your staff. This process will help you identify issues you may not have considered. Fix the issues and do another dry run. We only had time for one dry run, but could have benefitted substantially from a second.

Revamp the event to make it more entertaining.

buy atarax online azimsolutions.com/wp-content/uploads/2023/10/jpg/atarax.html no prescription pharmacy

Attendees have other options during a virtual conference, so it is particularly essential to keep them engaged and entertained throughout the day. Some tips include:

  • Run polls and questions between sessions
  • Keep each session short and sweet
  • Create content during the breaks so they don’t “turn the dial.” We hired a professional comedian, but you can be creative on how to fill the time.

In retrospect, the event was successful for four reasons: (1) intense planning and preparation during the seven-day transition, (2) support from our speakers and sponsors to stay with us in the transition, (3) effective communication internally and externally to all stakeholders, and (4) a great team and set of volunteers that worked tirelessly to make it happen. A full guide is available with more details about how to make the transition at InsurTech NY.

RIMS and ISACA Release Joint Report “Bridging the Digital Risk Gap”

Posted on by

All too often, IT and risk management professionals seem to be speaking a different language—that is, if they even speak at all. Bridging the Digital Risk Gap, the new report jointly authored by the RIMS, the risk management society®, and ISACA®, promotes understanding, collaboration and communication between these professionals to get the most out of their organizations’ technological investments.

Digital enterprise strategy and execution are emerging as essential horizontal competencies to support business objectives. No longer the sole purview of technical experts, cybersecurity risks and opportunities are now a core component of a business risk portfolio.

buy lasix online www.arborvita.com/wp-content/uploads/2023/10/jpg/lasix.html no prescription pharmacy

Strong collaboration between IT and risk management professionals facilitates strategic alignment of resources and promotes the creation of value across an enterprise.

ISACA’s Risk IT Framework acknowledges and integrates the interaction between the two professional groups by embedding IT practices within enterprise risk management, enabling an organization to secure optimal risk-adjusted return. In viewing digital risk through an enterprise lens, organizations can better realize a broader operational impact and spur improvements in decision-making, collabora­tion and accountability. In order to achieve optimal value, however, risk management should be a part of technology implementation from a project’s outset and throughout its life cycle. By understanding the technology life cycle, IT and risk management professionals can identify the best opportuni­ties for collaboration among themselves and with other important functional roles.

IT and risk management professionals both employ various tools and strategies to help manage risk. Although the methodologies used by the two groups differ, they are generally designed to achieve similar results. Generally, practitioners from both professions start with a baseline of business objectives and the establishment of context to enable the application of risk-based decision making. By integrating frameworks (such as the NIST Cybersecurity framework and the ANSI RA.1 risk assessment standard), roles and assessment methods, IT and risk management professionals can better coordinate their efforts to address threats and create value.

For example, better coordination of risk assessments allows orga­nizations to improve performance by iden­tifying a broader range of risks and potential mitigations, and ensures that operations are proceeding within acceptable risk tolerances.

buy arimidex online www.arborvita.com/wp-content/uploads/2023/10/jpg/arimidex.html no prescription pharmacy

It also provides a clearer, more informed picture of an enterprise’s risks, which can help an organization’s board as they make IT funding decisions, along with other business investments. Leveraging the respective assessment techniques also leads to more informed underwriting—and thus improves pricing of insurance programs, terms of coverage, products and services.

Overall, developing clear, common language and mutual understanding can serve as a strong bridge to unite the cultures, bring these two areas together and create significant value along the way.

buy sinequan online www.arborvita.com/wp-content/uploads/2023/10/jpg/sinequan.html no prescription pharmacy

The report is currently available to RIMS and ISACA members through their respective websites. The report can be downloaded through the RIMS Risk Knowledge library by clicking here or from ISACA at www.isaca.org/digital-risk-gap. For more information about RIMS and to learn about other RIMS publications, educational opportunities, conferences and resources, visit www.RIMS.org. To learn more about ISACA and its resources, visit www.isaca.org.

The Economic Costs of Government Internet Interruptions

Posted on by

At the end of April, global internet access monitor group NetBlocks reported that Venezuela’s state-run internet provider ABA CANTV was restricting the country’s access to various social media platforms amid continuing demonstrations and political turmoil. In May, NetBlocks reports this has continued, in addition to similar internet limitations in Benin and Sri Lanka. While increased global internet connectivity has led to international economic growth, it has also often led to increased government control over methods of communication and commerce, and government shutdowns pose a serious risk to businesses and economic activity in these countries.

Businesses face a variety of challenges and risks when operating abroad, but internet shutdowns and limitations may present a unique impediment, especially for companies that operate largely online and rely on consistent internet access. With more countries shutting down or limiting access more frequently, companies that conduct business in countries with regular interruptions may need to plan accordingly, or reevaluate whether their operations can accommodate these disruptions. Companies that have internet-dependent supply chains may be particularly susceptible and should ensure they have comprehensive mitigation strategies in place to avoid business interruptions.

Many nations increasingly use internet and social media disruptions as a way to quell political dissent. Some countries have shut down social media after violent incidents, purportedly to curb people’s ability to incite further violence, such as in Sri Lanka after the Easter suicide bombing there. Ethiopia also limited internet access in 2017 after activists leaked copies of the national school exams online. Whatever a country’s motivation, the frequency of shutdowns worldwide is rising dramatically, according to Stastista, which notes a 6,000% increase between 2011 and 2018.

government internet shutdowns

The Indian government routinely implements shutdowns in various parts of the country, and has in turn suffered serious economic consequences. The Indian Council for Research on International Economic Relations recently reported that, between 2012 and 2017, internet shutdowns in India climbed from 3 to 70 per year, and the shutdowns’ total duration rose from 9 hours in 2012 to 8,141 hours in 2017. According to the report, titled The Anatomy of an Internet Blackout, these disruptions cost the Indian economy approximately $3.04 billion in total. This includes approximately $2.37 billion from mobile internet loss and $678.4 from fixed line internet shutdown.

The Brookings Institution released a study in October 2016 examining 81 short-term shutdowns in 19 countries and their impact on GDP. Between July 1, 2015, and June 30, 2016, the study found that the economic consequences of internet shutdowns cost at least $2.4 billion in GDP globally. The report notes that this is a conservative figure and does not account for tax losses or drops in investor, business, and consumer confidence.

Deloitte also examined the issue in 2016, estimating that the economic consequences of a temporary shutdown “grow larger as the level of connectivity and GDP increase.” For highly connected countries, a temporary shutdown could cut 1.9% of daily GDP—an estimated $141 million per day. Medium-connectivity countries lose an estimated 1% ($20 million) of daily GDP and low-connectivity countries could lose an estimated 0.4% ($3 million) of daily GDP.

A study released in October by Strathmore University’s Center forIntellectual Property and Information Technology Law (CIPIT) showed that shutdowns can also severely impact countries’ shadow economies, often uncounted in formal studies like those from Brookings and Deloitte. According to the report, titled Intentional Internet Disruptions in Africa, unreported economic activity in 49 African countries made up an average of 37.65% of all economic activity. Because this activity is not counted in previous formal studies (like the Brookings study), CIPIT estimates that including these shadow economies increases the total cost of shutdowns by 19% to 29%.

Another Statista study from August 2018 shows that certain countries are shutting down their internet more often than others, most notably India, Pakistan and Iraq. Risk managers should consider these figures and cost estimates when assessing their companies’ existing or potential operations in the countries noted below, or when looking at where to invest overseas.

Should Companies Ban USBs?

Posted on by

Earlier this month, a Chinese woman was arrested after attempting to enter President Donald Trump’s Mar-a-Lago resort while in possession of a number of suspicious electronic devices, including a USB flash drive. Apparently, the drive contained code that allows malicious software to run immediately after being plugged in, though it is still unclear what kind of malware it was. According to news reports, law enforcement also found nine other USB drives in the woman’s hotel room. If someone was able to connect a USB device to a computer on the resort’s network, attackers might be able to access all sorts of sensitive information and potentially gain control of machines on the network.

Historically, USB use has also aided insider threats, whether in the form of employees inadvertently infecting a corporate device or network with a found USB drive, or purposefully causing an infection or removing sensitive information via USB. In perhaps one the most high-profile of such cases, Edward Snowden reportedly removed NSA documents from a Hawaii facility on a flash drive before fleeing the country and providing those documents to members of the media.

Beyond the headlines, these devices continue to pose everyday risks. People mindlessly plug in flash drives, or carry their business’s most important documents on them that could accidentally be left in a hotel room or at a conference packed with corporate rivals. As companies evaluate their security policies and how to best secure their data, many are moving away from using USB or even banning them outright.

In May 2018, IBM did just that. The company’s global chief information security officer Shamla Naidoo said that IBM “is expanding the practice of prohibiting data transfer to all removable portable storage devices (eg: USB, SD card, flash drive),” and that the prohibition would apply to IBM operations worldwide, who will now rely entirely on the company’s cloud-based storage. Naidoo cited the danger of missing storage devices leading to “financial and reputational damage” as the motivation for the prohibition going forward, and acknowledged that the move may be disruptive for some departments and employees.

A 2016 University of Illinois study also showed that the now-proverbial nightmare scenario of an employee inserting a USB they found in a parking lot is actually realistic. After dropping 297 flash drives on a university campus, researchers found that people opened one or more files on 45% of the drives without taking any precautions, and that people moved 98% of the drives from the drop locations. The study’s authors noted that their results suggested that people may have picked up the drives and opened files motivated by altruism (finding the owner) and curiosity. But regardless of intent, simply plugging a flash drive into company computer can unleash any number of viruses, malware, or other cyber maladies on the company’s network.

Of course, doing away with USBs is also not a security panacea. As always, the user is the weakest part of any IT security plan, and even if a business does decide to ban USB storage devices and move their data storage to cloud-based options, employees should still be trained on password protection strategies and other security hygiene best practices. To make employee cyber-awareness training more effective, check out these tips from Risk Management.