Category Archives: Disaster Preparedness

Data Backup Strategy Tips for World Backup Day

Posted on by

As tomorrow’s World Backup Day should remind us all, there is one risk mitigation measure every company should have in place and regularly reevaluate: a data backup strategy. A data backup is an archive or copy of a company’s information, sensitive or otherwise, and presents a critical part of any enterprise’s disaster recovery plan, especially in the event of a data loss. Data loss can come in many forms, including physical theft, hard drive failures, simple human mistakes, and ransomware attacks. Given the range of potential risk scenarios, risk professionals and business leaders assess their backup strategy as part of all disaster preparation and response plans. 

While 93% of small businesses use cloud-based backup solutions, there are many options for risk professionals or IT leaders to consider. For example, there are also smaller storage methods like removable media like USB flash drives or external hard drives that you might encourage remote employees to use to protect their data. There are also backup services companies can use to outsource their data backup strategy altogether. 

When creating or reassessing a company’s data backup approach, there are few concepts business leaders should familiarize themselves with:

Recovery Point Objectives

RPO, or recovery point objective, is the amount of time between your routine data backups. This can also translate into the amount of data that may be at risk in the event of a data loss. If you backup your company’s data once a week, for example, you potentially could lose a week’s worth of data. Choosing to back up more frequently can thus help reduce data loss risks. 

Recovery Time Objectives

RTO, or recovery time objective, is the time it takes for your business to restore its data from a backup. This is entirely dependent on how robust your data backup is and how much data you need to recover from it. Generally, the more streamlined your data backup strategy is, the faster your recovery time will be. Putting all of your data in the same type of storage solution can also improve your RTO.

The 3-2-1 Backup Strategy

Whether your business is large or small, one data backup strategy is considered best practice—the 3-2-1 backup strategy:

    • Create three copies of your data.
    • Put those copies of your data on at least two types of data storage solutions.
    • Store at least one of those storage solutions in a remote location. 

In honor of World Backup Day on March 31, check out the infographic below for more data backup tips and data loss statistics from Norton:

an infographic summing up data backup solutions and storage options, plus data loss statistics

Preparing for the Next Stage of the COVID-19 Pandemic at RIMS Content Roundtable

Posted on by

In last week’s “RIMS Content Roundtable: COVID-19 Vaccines and Distribution,” a group of RIMS members gathered for an exclusive Q&A with Dr. Adrian Hyzler, chief medical officer at Healix International, who focused on progress with COVID-19 vaccination efforts and moving toward a “next phase” of the pandemic.

“Where we’re headed is: this pandemic will end—all pandemics end—but it doesn’t end all of a sudden, it goes out with a whimper…it sort of just seeps away at different rates around the world,” Hyzler said, noting the rates of vaccination and controls implemented country by country will curb the coronavirus at different paces. “But it’s now going to be an endemic disease, meaning it’s something we live with. We’re not going to get rid of this disease.”

He believes recognition among public health experts that COVID-19 will become endemic rather than be eradicated prompts new conversations about expectations and preparations around the world.

“The new dialogue is: what is the acceptable level of COVID and what is the acceptable level of deaths from COVID? Because COVID is a respiratory disease and people die of respiratory diseases every year, especially in winter. That’s something we live with,” Hyzler said. “We’re going to have to get to a point where there are going to be people who die from COVID every year, but they’re not going to overrun hospitals, and they’re not going to affect care of other diseases.”

Getting to the stage of “a disease we live with” requires mass vaccination, and he stressed the importance of the widespread effort to encourage people to get COVID vaccines as soon as possible. Scientists are not yet sure what percentage of the population will need to be fully vaccinated to control the pandemic sufficiently and, he said, “that’s vaccinated across the whole population evenly, and that’s not the case—we know there are communities where they are vaccine-hesitant, we know there are religious groups that are not as confident about the vaccine, and they tend to cluster, so those are always ready for outbreaks.”

Rather than discuss the sometimes controversial or scientifically debatable concept of “herd immunity,” Hyzler encouraged thinking about “community immunity.”

“‘Community immunity’ is good because it’s more about what we can do for each other,” he explained. “Getting vaccinated, for a 28-year-old, is not necessarily about that person, it’s about what it can do for the community—the older people, the people who have preexisting conditions that make them vulnerable.”

This kind of community orientation and widespread adherence to best practices will be critical in getting to any next phase of the pandemic, and to staying there. Reflecting on his experience of the acute lockdowns implemented in the U.K., for example, Hyzler stressed the lessons learned about the impact of mass adherence to mitigation and prevention measures. “Even with the variant that’s come out here that is very transmissible and has become common in the States, we’ve shown that non-pharmaceutical interventions—which are masks, distancing, isolation, hygiene—they work,” he said.

Many of these non-pharmaceutical interventions will not be going away any time soon—indeed, they may be just as critical moving forward. Hyzler predicted, “I think, into next year, we may still be wearing masks in many situations and there may be a great move to more things outdoors, since we know how much safer that is, and I think we’ll have learned a lot of things from this… Hopefully we’ll also be more ready for something that will happen again.”

As the world moves toward mass vaccination to help curb COVID-19, companies should be preparing for the next stage of the pandemic and creating detailed plans for safely returning to work. To that end, Hyzler noted some large private companies have publicly offered resources to help other enterprises protect employees and operations amid the pandemic and prepare for a return to workplaces.

For example, Ford has published two versions of a “Return to Work Playbook,” one for manufacturing and another for non-manufacturing companies. According to Ford, in addition to providing these documents to employees, “the company is also providing a copy to its suppliers, business partners and relevant third parties to ensure they are all aware of its health and safety practices when they are on site at Ford facilities or are interacting with Ford personnel.” Companies outside of Ford’s supply chain can also benefit, however.

“Add in some CDC advice, and look at what people [around you] are doing, because there are little things you can do that are very specific to your area or your workforce,” Hyzler recommended. “Then, take the information [from the playbook] that’s useful and mold it into a mini version of a playbook, if you’re a smaller company.”

In addition to the Ford playbooks Hyzler mentioned, check out these publicly available resources from the private and public sectors that may offer help in managing COVID-19 risks and creating a return-to-work plan for your enterprise:

Ford’s Return to Work Manufacturing Playbook [PDF]
Ford’s Return to Work Non-Manufacturing Playbook [PDF]
IBM’s Return to Workplace Playbook [PDF]
Kaiser Permanente’s COVID-19 Return to Work Playbook
CDC’s Guidance for Businesses and Employers Responding to Coronavirus Disease 2019 (COVID-19)
CDC’s “Daily Activities” Guide for Returning to Work
OSHA’s Protecting Workers: Guidance on Mitigating and Preventing the Spread of COVID-19 in the Workplace

Participants in the roundtable event were able to debrief with fellow risk professionals in breakout rooms, sharing impressions from the session and experience addressing related risks within their own organizations. For more opportunities to discuss return-to-work plans, vaccine considerations and other COVID-related risks with other risk professionals, all RIMS members can continue the conversation on Opis, the society’s community engagement and networking platform. Among almost 200 education sessions, the upcoming RIMS Live 2021 virtual conference will also offer dozens of COVID-related education and networking events from April 19 to 30, and registration is now open. To hear more insights directly from Dr. Hyzler, you can check out his appearances on the RIMScast podcast.

How to Prepare Now for Your Next Crisis Post-COVID

Posted on by

As business leaders remain hyper-focused on navigating through the pandemic, few have sufficiently considered how to prepare for the next major crisis. There are many steps leaders can take, some of which include reassessing their risk management plans, constructing cohesive frameworks that proactively identify potential gaps, and identifying protocols and procedures to fill those gaps in preparation for future crises, no matter how big or small. 

Reflect and Optimize

Very often, companies have not taken the time to assess how they responded to previous crises because they are either too busy afterwards, or too happy to have survived with minimal consequences. But the pandemic has shown that this is a dangerous game to play. While we have seen that most organizations had some of the core elements of crisis management success—whether a crisis management plan and team, mass notification technology, risk and intel monitoring capabilities, or business continuity plans and teams—many had (and still have) not connected these parts into a successful framework. Moreover, they have not reflected on those plans to improve them and optimize their crisis and risk management approaches.

Businesses must evaluate their preparedness for and response to past crises and use lessons learned in those reviews to optimize their responses moving forward. Given COVID-19’s unexpectedly “long tail,” companies should review and reflect on their plans now, rather than wait months or years.

Create or Enhance Your Plan

While enhancing an old crisis plan or developing a new one will take work (and cost money) upfront, it is a process that will pay massive dividends in the long run. Once businesses have a concrete crisis management plan in place, have practiced the plan, and are prepared, the cost will realize itself both in terms of the monetary outlay and by mitigating potential risks that could prove highly detrimental to the business down the line. While different companies take varied approaches to crisis management planning, certain plan elements have proven their value during COVID-19 and likely will again during future crises. This is demonstrated in “the 3 S’s”: scenario analysis, stakeholder analysis, and standing media agenda.

  • Scenario analysis: Scenario analysis encourages companies to focus on the best, worst, and most-likely case scenarios when confronting a crisis and planning for various organizational responses. At the beginning of COVID-19, many companies saw the crisis as a “China problem,” and did not actively prepare for its potential global impact. Preparing in this way would have enabled them to have a broader, more proactive approach to crisis management, rather than getting caught in constant response mode, as many companies were. 
  • Stakeholder analysis: In times of crisis, businesses must quickly identify the key internal and external players that will be impacted and require critical attention. The companies that do so will be able to quickly identify their specific needs and/or interests and build their crisis responses around them. Not doing so often results in disorganized management of key stakeholders, exacerbating the impact of the crisis and/or causing additional work for the crisis team.  
  • Standing meeting agenda: Standing meeting agendas are crucial for helping to keep meetings on track, ensure discussions are impact-based and holistic, and guarantee key facets of the response are consistently revisited until resolved. Organizations that do not utilize standing meeting agendas often find their meetings to be frustrating, disorganized, and never-ending as conversations go around in circles.

Practice Responding to Crises

It would be easy to believe that you do not need to practice your crisis responses and exercise your plans after navigating a massive crisis like COVID-19, but that would be a mistake. Every crisis has its own unique characteristics, impacts, and challenges, and crisis exercising has proven to be one of the most effective means of preparing organizations and their leaders for navigating the next crisis or managing multiple, smaller crises at once. Just as with physical exercise, crisis exercising keeps organizations nimble and helps develop organizational muscle memory to ensure businesses and leaders are prepared for a real crisis.  

Do Not Forget Travel 

While most business leaders are thinking about bringing people back to the office, few have considered that many, ironically, are going to be looking for opportunities to leave it again—getting back on the road and visiting suppliers, customers, etc. So it would be short sighted for companies to only focus on policies and procedures around returning to the office, when they should start thinking about policies around returning to travel too. This will bring exponentially more challenging situations given the lack of consistency and (likely) inequity of vaccine distributions across the world, especially in developing nations where many employees may be traveling. Business leaders should be thinking about this now and planning for how to enable and support employee travel when it is safe to do so.

Take Risk Management and Monitoring Seriously

Risk management programs can no longer be developed with a “check-the-box” approach. As COVID-19 proves, high impact-low probability events are not only possible but probable, and so companies must take risk management and monitoring seriously. During this time, companies have started to build information and intelligence monitoring capabilities to help them digest the large volume and varied kinds of information they are receiving. This has included agreeing on scenarios and triggers that, when met, result in particular organizational action (e.g., reopening the office when case counts are at a certain level or enough people have received the vaccine). The last thing companies should do is stop monitoring when it seems as though the pandemic or any other crisis seems to be slowing or ending. In fact, organizations should not only maintain this monitoring but expand it to include other risk types identified during the crisis that could create another significant disruption down the line. This will allow the organization’s leaders to make data-based, proactive decisions rather than waiting until a crisis happens.

Crisis and business continuity planning has never been more important. The COVID-19 pandemic has dramatically shifted the way businesses operate and has created new problems that business leaders must solve. To effectively plan for the next crisis, leaders must prioritize these capabilities, creating a holistic framework that addresses various types of threats. Taking these steps now will better prepare organizations for the next major crisis, however unlikely and no matter the scope and scale.

After COVID, Cyberrisks Top Agenda for Risk Professionals in India, Marsh and RIMS Report

Posted on by

For risk professionals in India, the COVID-19 pandemic has underscored the critical need to build business resilience and develop mature yet flexible business continuity plans to address both short- and long-term threats. In the new Marsh and RIMS report Excellence in Risk Management India 2020, Spotlight on Resilience: Risk Management During COVID-19, 63% of risk professionals in India said a new pandemic or continued fallout from COVID-19 was a top risk facing their organization, followed by cyberattacks (56%), data fraud or theft (36%), failure of critical infrastructure (33%), fiscal crises (31%), and extreme weather events (25%).

This mix of top risks illustrates the critical task before risk professionals heading into 2021: ensuring capability and procedures to respond to fast-emerging disasters, while not losing sight of the critical work to boost baseline resilience against foreseeable risks across the enterprise.

“Organizations need to balance their focus between longstanding and emerging risks,” said Sanjay Kedia, country head and CEO of Marsh India. “While there has long been an awareness of weather-related risks, low-frequency risks generally receive less attention. The pandemic has underlined the need for risk managers to keep all perils on their radar.”

Indeed, Marsh and RIMS found risk assessment and modeling are critical gaps for India-based risk professionals to focus on to mature their risk management programs. “As businesses recover from COVID-19, many senior leaders are shifting attention to questions of resilience.

buy nizoral online greendalept.com/wp-content/uploads/2023/10/nizoral.html no prescription pharmacy

But, as our survey shows, the use of advanced risk management techniques in India remains limited—for example, more than one-fifth of respondents do not assess or model emerging risks,” the report noted.

This is particularly the case with emerging cyberrisks. Cyberattacks and data loss or theft ranked among the top three threats, and the pandemic escalated the already rising number of cyberthreats to companies in India with the shift to remote work, online business, and ransomware attacks. Indeed, the report noted that the pandemic led to a surge in cyberattacks against Indian companies, with New Delhi among the top 10 most often attacked cities with regard to ransomware in 2020, and more than a third of Indian respondents to a June survey by Microsoft reporting they had fallen prey to a pandemic-related phishing email. Yet only a third of respondents to the Marsh/RIMS report said they model potential cyber loss scenarios, and only 26% plan to do so in the next year. Key cyberrisk management measures and the rate of implementation among Indian companies include:

Whether it is phishing attacks on employees or internet outages interrupting operations in the supply chain, the report notes that the next major event for Indian companies could well be a cyberattack. Focusing on building cyber resilience was one of the report’s four key recommendations, noting “organizations should shift their focus from solely trying to prevent an attack to accepting the inevitability of a cyber event and taking action to mitigate its effect.”

The report’s other top recommendations for risk professionals in India were:

  • Regularly review existing business continuity plans – “Companies should carefully review and refine their business continuity plans. They should ensure their plans enable them to respond effectively to threats that bring short-term pain and long-term and widespread challenges, as is the case with COVID-19.”
  • Embrace the changing working environment – “Lockdowns intended to stem the spread of COVID-19 required many companies to quickly move to remote working, change their business models, and implement new safety measures upon return to the workplace. Other perils, like a natural disaster, could necessitate and precipitate such shifts, even if shorter in duration. Businesses should invest in structures that allow employees to work remotely effectively, efficiently, and safely and should educate employees on new ways of working under changing circumstances.”
  • Remap and remodel your supply chain – “The COVID-19 pandemic emphasizes the need to re-examine supply chains regularly, with special focus on understanding the resilience and reliance of vendors. Companies would benefit from understanding their vendors’ ecosystems; both to provide a clearer view of how they could be affected by different risks and to review contracts to better understand liabilities.
    buy inderal online greendalept.com/wp-content/uploads/2023/10/inderal.html no prescription pharmacy

Moving forward, there is considerable room for risk professionals to be more involved in scenario analysis and strategy

In December, RIMS introduced additional resources specifically for risk professionals in India looking to elevate their risk practice. The report was released around the recent RIMS Virtual Risk Forum India 2020, which brought together hundreds of risk and insurance professionals from across India and around the world. Soon thereafter, the risk management society also announced the official formation of a RIMS India Chapter.

“The exchange of knowledge and experience drives the risk management profession, allowing practitioners to more effectively enhance corporate decision-making, strengthen resiliency and leverage new and exciting opportunities for their organizations,” said Roop Kumar, chief of risk at SBI Life and inaugural president of the India chapter’s board of directors. “RIMS India Chapter will quickly become an exceptional resource for all business leaders. We look forward to delivering cutting-edge risk management insight to support our members as they advance their programs and their careers.”

Other members of the inaugural board of the India chapter include: Keerthana Mainkar, head ERM at Infosys; Amol Padhye, head of market risk at HDFC Bank; Amber Gupta, head legal and corporate secretary at Birla Sunlife Insurance; Anand Shirur, CEO of Digitangle Consulting PVT, Ltd; Steward Doss, associate professor at National Insurance Academy; Monika Mittal, professor at BIMTECH; Shibyanshu Sharma, vice president of risk management at SBI Life; and Yogesh Ghorpade, head of ERM and insurance lead at Thermax Industries.

“RIMS India’s Board of Directors truly represent a cross-section of the country’s risk management community,” said Gopal Krishnan K S, head of RIMS India Operations. “The Society looks forward to learning from their unique experiences and welcoming others to contribute so that, together, we can develop the highest standard of risk management education to address corporate India’s biggest concerns.

buy cozaar online greendalept.com/wp-content/uploads/2023/10/cozaar.html no prescription pharmacy