Category Archives: Disaster Recovery

Data Backup Strategy Tips for World Backup Day

Posted on by

As tomorrow’s World Backup Day should remind us all, there is one risk mitigation measure every company should have in place and regularly reevaluate: a data backup strategy. A data backup is an archive or copy of a company’s information, sensitive or otherwise, and presents a critical part of any enterprise’s disaster recovery plan, especially in the event of a data loss. Data loss can come in many forms, including physical theft, hard drive failures, simple human mistakes, and ransomware attacks. Given the range of potential risk scenarios, risk professionals and business leaders assess their backup strategy as part of all disaster preparation and response plans. 

While 93% of small businesses use cloud-based backup solutions, there are many options for risk professionals or IT leaders to consider. For example, there are also smaller storage methods like removable media like USB flash drives or external hard drives that you might encourage remote employees to use to protect their data. There are also backup services companies can use to outsource their data backup strategy altogether. 

When creating or reassessing a company’s data backup approach, there are few concepts business leaders should familiarize themselves with:

Recovery Point Objectives

RPO, or recovery point objective, is the amount of time between your routine data backups. This can also translate into the amount of data that may be at risk in the event of a data loss. If you backup your company’s data once a week, for example, you potentially could lose a week’s worth of data. Choosing to back up more frequently can thus help reduce data loss risks. 

Recovery Time Objectives

RTO, or recovery time objective, is the time it takes for your business to restore its data from a backup. This is entirely dependent on how robust your data backup is and how much data you need to recover from it. Generally, the more streamlined your data backup strategy is, the faster your recovery time will be. Putting all of your data in the same type of storage solution can also improve your RTO.

The 3-2-1 Backup Strategy

Whether your business is large or small, one data backup strategy is considered best practice—the 3-2-1 backup strategy:

    • Create three copies of your data.
    • Put those copies of your data on at least two types of data storage solutions.
    • Store at least one of those storage solutions in a remote location. 

In honor of World Backup Day on March 31, check out the infographic below for more data backup tips and data loss statistics from Norton:

an infographic summing up data backup solutions and storage options, plus data loss statistics

Preparing for the Next Stage of the COVID-19 Pandemic at RIMS Content Roundtable

Posted on by

In last week’s “RIMS Content Roundtable: COVID-19 Vaccines and Distribution,” a group of RIMS members gathered for an exclusive Q&A with Dr. Adrian Hyzler, chief medical officer at Healix International, who focused on progress with COVID-19 vaccination efforts and moving toward a “next phase” of the pandemic.

“Where we’re headed is: this pandemic will end—all pandemics end—but it doesn’t end all of a sudden, it goes out with a whimper…it sort of just seeps away at different rates around the world,” Hyzler said, noting the rates of vaccination and controls implemented country by country will curb the coronavirus at different paces. “But it’s now going to be an endemic disease, meaning it’s something we live with. We’re not going to get rid of this disease.”

He believes recognition among public health experts that COVID-19 will become endemic rather than be eradicated prompts new conversations about expectations and preparations around the world.

“The new dialogue is: what is the acceptable level of COVID and what is the acceptable level of deaths from COVID? Because COVID is a respiratory disease and people die of respiratory diseases every year, especially in winter. That’s something we live with,” Hyzler said. “We’re going to have to get to a point where there are going to be people who die from COVID every year, but they’re not going to overrun hospitals, and they’re not going to affect care of other diseases.”

Getting to the stage of “a disease we live with” requires mass vaccination, and he stressed the importance of the widespread effort to encourage people to get COVID vaccines as soon as possible. Scientists are not yet sure what percentage of the population will need to be fully vaccinated to control the pandemic sufficiently and, he said, “that’s vaccinated across the whole population evenly, and that’s not the case—we know there are communities where they are vaccine-hesitant, we know there are religious groups that are not as confident about the vaccine, and they tend to cluster, so those are always ready for outbreaks.”

Rather than discuss the sometimes controversial or scientifically debatable concept of “herd immunity,” Hyzler encouraged thinking about “community immunity.”

“‘Community immunity’ is good because it’s more about what we can do for each other,” he explained. “Getting vaccinated, for a 28-year-old, is not necessarily about that person, it’s about what it can do for the community—the older people, the people who have preexisting conditions that make them vulnerable.”

This kind of community orientation and widespread adherence to best practices will be critical in getting to any next phase of the pandemic, and to staying there. Reflecting on his experience of the acute lockdowns implemented in the U.K., for example, Hyzler stressed the lessons learned about the impact of mass adherence to mitigation and prevention measures. “Even with the variant that’s come out here that is very transmissible and has become common in the States, we’ve shown that non-pharmaceutical interventions—which are masks, distancing, isolation, hygiene—they work,” he said.

Many of these non-pharmaceutical interventions will not be going away any time soon—indeed, they may be just as critical moving forward. Hyzler predicted, “I think, into next year, we may still be wearing masks in many situations and there may be a great move to more things outdoors, since we know how much safer that is, and I think we’ll have learned a lot of things from this… Hopefully we’ll also be more ready for something that will happen again.”

As the world moves toward mass vaccination to help curb COVID-19, companies should be preparing for the next stage of the pandemic and creating detailed plans for safely returning to work. To that end, Hyzler noted some large private companies have publicly offered resources to help other enterprises protect employees and operations amid the pandemic and prepare for a return to workplaces.

For example, Ford has published two versions of a “Return to Work Playbook,” one for manufacturing and another for non-manufacturing companies. According to Ford, in addition to providing these documents to employees, “the company is also providing a copy to its suppliers, business partners and relevant third parties to ensure they are all aware of its health and safety practices when they are on site at Ford facilities or are interacting with Ford personnel.” Companies outside of Ford’s supply chain can also benefit, however.

“Add in some CDC advice, and look at what people [around you] are doing, because there are little things you can do that are very specific to your area or your workforce,” Hyzler recommended. “Then, take the information [from the playbook] that’s useful and mold it into a mini version of a playbook, if you’re a smaller company.”

In addition to the Ford playbooks Hyzler mentioned, check out these publicly available resources from the private and public sectors that may offer help in managing COVID-19 risks and creating a return-to-work plan for your enterprise:

Ford’s Return to Work Manufacturing Playbook [PDF]
Ford’s Return to Work Non-Manufacturing Playbook [PDF]
IBM’s Return to Workplace Playbook [PDF]
Kaiser Permanente’s COVID-19 Return to Work Playbook
CDC’s Guidance for Businesses and Employers Responding to Coronavirus Disease 2019 (COVID-19)
CDC’s “Daily Activities” Guide for Returning to Work
OSHA’s Protecting Workers: Guidance on Mitigating and Preventing the Spread of COVID-19 in the Workplace

Participants in the roundtable event were able to debrief with fellow risk professionals in breakout rooms, sharing impressions from the session and experience addressing related risks within their own organizations. For more opportunities to discuss return-to-work plans, vaccine considerations and other COVID-related risks with other risk professionals, all RIMS members can continue the conversation on Opis, the society’s community engagement and networking platform. Among almost 200 education sessions, the upcoming RIMS Live 2021 virtual conference will also offer dozens of COVID-related education and networking events from April 19 to 30, and registration is now open. To hear more insights directly from Dr. Hyzler, you can check out his appearances on the RIMScast podcast.

After COVID, Cyberrisks Top Agenda for Risk Professionals in India, Marsh and RIMS Report

Posted on by

For risk professionals in India, the COVID-19 pandemic has underscored the critical need to build business resilience and develop mature yet flexible business continuity plans to address both short- and long-term threats. In the new Marsh and RIMS report Excellence in Risk Management India 2020, Spotlight on Resilience: Risk Management During COVID-19, 63% of risk professionals in India said a new pandemic or continued fallout from COVID-19 was a top risk facing their organization, followed by cyberattacks (56%), data fraud or theft (36%), failure of critical infrastructure (33%), fiscal crises (31%), and extreme weather events (25%).

This mix of top risks illustrates the critical task before risk professionals heading into 2021: ensuring capability and procedures to respond to fast-emerging disasters, while not losing sight of the critical work to boost baseline resilience against foreseeable risks across the enterprise.

“Organizations need to balance their focus between longstanding and emerging risks,” said Sanjay Kedia, country head and CEO of Marsh India. “While there has long been an awareness of weather-related risks, low-frequency risks generally receive less attention. The pandemic has underlined the need for risk managers to keep all perils on their radar.”

Indeed, Marsh and RIMS found risk assessment and modeling are critical gaps for India-based risk professionals to focus on to mature their risk management programs. “As businesses recover from COVID-19, many senior leaders are shifting attention to questions of resilience.

buy nizoral online greendalept.com/wp-content/uploads/2023/10/nizoral.html no prescription pharmacy

But, as our survey shows, the use of advanced risk management techniques in India remains limited—for example, more than one-fifth of respondents do not assess or model emerging risks,” the report noted.

This is particularly the case with emerging cyberrisks. Cyberattacks and data loss or theft ranked among the top three threats, and the pandemic escalated the already rising number of cyberthreats to companies in India with the shift to remote work, online business, and ransomware attacks. Indeed, the report noted that the pandemic led to a surge in cyberattacks against Indian companies, with New Delhi among the top 10 most often attacked cities with regard to ransomware in 2020, and more than a third of Indian respondents to a June survey by Microsoft reporting they had fallen prey to a pandemic-related phishing email. Yet only a third of respondents to the Marsh/RIMS report said they model potential cyber loss scenarios, and only 26% plan to do so in the next year. Key cyberrisk management measures and the rate of implementation among Indian companies include:

Whether it is phishing attacks on employees or internet outages interrupting operations in the supply chain, the report notes that the next major event for Indian companies could well be a cyberattack. Focusing on building cyber resilience was one of the report’s four key recommendations, noting “organizations should shift their focus from solely trying to prevent an attack to accepting the inevitability of a cyber event and taking action to mitigate its effect.”

The report’s other top recommendations for risk professionals in India were:

  • Regularly review existing business continuity plans – “Companies should carefully review and refine their business continuity plans. They should ensure their plans enable them to respond effectively to threats that bring short-term pain and long-term and widespread challenges, as is the case with COVID-19.”
  • Embrace the changing working environment – “Lockdowns intended to stem the spread of COVID-19 required many companies to quickly move to remote working, change their business models, and implement new safety measures upon return to the workplace. Other perils, like a natural disaster, could necessitate and precipitate such shifts, even if shorter in duration. Businesses should invest in structures that allow employees to work remotely effectively, efficiently, and safely and should educate employees on new ways of working under changing circumstances.”
  • Remap and remodel your supply chain – “The COVID-19 pandemic emphasizes the need to re-examine supply chains regularly, with special focus on understanding the resilience and reliance of vendors. Companies would benefit from understanding their vendors’ ecosystems; both to provide a clearer view of how they could be affected by different risks and to review contracts to better understand liabilities.
    buy inderal online greendalept.com/wp-content/uploads/2023/10/inderal.html no prescription pharmacy

Moving forward, there is considerable room for risk professionals to be more involved in scenario analysis and strategy

In December, RIMS introduced additional resources specifically for risk professionals in India looking to elevate their risk practice. The report was released around the recent RIMS Virtual Risk Forum India 2020, which brought together hundreds of risk and insurance professionals from across India and around the world. Soon thereafter, the risk management society also announced the official formation of a RIMS India Chapter.

“The exchange of knowledge and experience drives the risk management profession, allowing practitioners to more effectively enhance corporate decision-making, strengthen resiliency and leverage new and exciting opportunities for their organizations,” said Roop Kumar, chief of risk at SBI Life and inaugural president of the India chapter’s board of directors. “RIMS India Chapter will quickly become an exceptional resource for all business leaders. We look forward to delivering cutting-edge risk management insight to support our members as they advance their programs and their careers.”

Other members of the inaugural board of the India chapter include: Keerthana Mainkar, head ERM at Infosys; Amol Padhye, head of market risk at HDFC Bank; Amber Gupta, head legal and corporate secretary at Birla Sunlife Insurance; Anand Shirur, CEO of Digitangle Consulting PVT, Ltd; Steward Doss, associate professor at National Insurance Academy; Monika Mittal, professor at BIMTECH; Shibyanshu Sharma, vice president of risk management at SBI Life; and Yogesh Ghorpade, head of ERM and insurance lead at Thermax Industries.

“RIMS India’s Board of Directors truly represent a cross-section of the country’s risk management community,” said Gopal Krishnan K S, head of RIMS India Operations. “The Society looks forward to learning from their unique experiences and welcoming others to contribute so that, together, we can develop the highest standard of risk management education to address corporate India’s biggest concerns.

buy cozaar online greendalept.com/wp-content/uploads/2023/10/cozaar.html no prescription pharmacy

Key Insurance Considerations in a Record Hurricane Season

Posted on by

The active 2020 hurricane season has produced so many named storms that scientists ran out of traditional names and have moved to the Greek alphabet for the first time since 2005. Most recently, Hurricane Sally struck the Gulf Coast, making landfall in Alabama with winds above 100 miles per hour, causing widespread destruction, and leaving hundreds of thousands of residents and businesses without power. Ensuring that your business’ insurance program is ready to deal with such perils will prove critical to maximizing insurance recovery for business interruption and property damage claims. Below are critical steps policyholders can take now to ensure that insurance available if and when it is needed.

Locate a Copy of Your Policy

Having your policy on hand prior to a loss will help start your claim as soon as possible, as it may be more difficult to contact your insurer or broker following a storm, when thousands of claims are taking place simultaneously. Your policy will also provide important information regarding how to get in touch with your insurer following a loss.

In addition to windstorm and flood coverage, commercial policyholders should ensure that they have the following specific coverages in place before a storm hits:

  • Physical Loss or Damage to Insured Property: This is the basic coverage afforded under almost all commercial property policies. Policies generally cover the cost to repair, replace or rebuild property that suffers physical loss or damage. Covered premises are usually listed or scheduled in the policy and may include not only buildings, but also equipment and business personal property such as furniture, machinery, and stock. Although typically a lesser concern, many policies do not include coverage or limit coverage for outdoor landscaping and paved surfaces like parking lots.
  • Debris Removal: This covers costs incurred when removing debris from covered property damaged by an insured peril such as a windstorm. The maximum policy benefit for this coverage is usually expressed as a percentage of the total loss.
  • Expenses Incurred to Mitigate Loss or Damage: Property policies often cover expenses incurred to prevent or minimize loss or, where some loss has already occurred, to mitigate additional loss. In fact, many policies say the policyholder must take steps to safeguard the property and prevent further damage. Failure to do so could jeopardize coverage.
  • Extra Expense Coverage: Extra expense coverage is intended to indemnify the policyholder for expenses that are above and beyond the business’s normal operating expense that are incurred to continue operating the business after damage has occurred. Examples may include the cost of a generator when electricity is lost, increased costs to secure new materials or replacement inventory or costs to operate at a temporary location.
  • Business Interruption Coverage: Business interruption coverage is designed to cover lost business income resulting from the total or partial suspension of operations due to covered property damage. Typically, this coverage does not apply until after a designated “waiting period”—usually defined in hours—which operates as a sort of “deductible.”
  • Orders of Civil Authority: Coverage may also be available when business income is lost as a result of government directives, issued because of property damage to other property, which prevent or restrict access to the insured property. These can include evacuation orders or curfews. These losses may be recoverable even if the company’s own property has not been damaged.
  • Ingress/Egress Coverage: Similarly, many policies cover losses when entry to or exit from a covered property is prevented or hindered by damage of the type insured under the policy, such as downed trees covering a road or a broken bridge. Importantly, the damage need not be to insured property so long as the damage prevents ingress to or egress from an insured location.
  • Service and Utility Interruptions: Some policies may also provide coverage for business interruption losses and extra expense caused by power, water, and telecom outages if those outages are the result of an insured event. This coverage is typically sublimited.
  • Contingent Business Interruption Coverage (CBI): Contingent business interruption insurance and contingent extra expense coverages provide reimbursement to the policyholder for lost income and extra expense resulting from property damage to a separate, non-insured property, often in the policyholder’s supply chain. The third party could be a supplier of critical materials or components; a transporter of goods, materials or resources; or a wholesaler, retailer, or customer who purchases or consumes the insured’s goods on a regular basis. Some policies may offer this coverage for “leader properties” or “attraction properties” within a specific mile radius of the insured property.
  • Extended Period of Indemnity: Policies may also provide for an extended period of indemnity, thus extending the time of covered business interruption losses from the time the property is repaired for several additional months. This coverage is designed to ensure coverage for any “ramp up” period the policyholder experiences to ensure coverage until business returns to normal.
  • Spoilage Coverage: Commercial property policies for food-service and hospitality industry insureds may also contain endorsements providing coverage for loss of perishable stock at the premises of the policyholder.
Have an Insurance Response Team in Place Before the Storm

Commercial policyholders should know who they are going to contact for emergency repairs and services. Having an emergency action plan in place, with cell phone contact numbers, will minimize downtime and maximize recovery efforts after the storm. Document or photograph your pre-loss inventory and other insured assets to provide to your insurer when adjusting your claim. They may not be able to reach your property immediately following the storm.

Following the storm, your team should set up a general ledger to capture all storm-related costs, expenses, and time, including costs incurred to mitigate storm losses. Designate a point person to liaise with the insurer’s adjuster and to submit storm-related invoices, quotes and contracts.  Document everything, including physical damage, evacuation orders, curfews, power outages, supply chain disruptions, and extra costs.

Present Your Claim As Soon As Practicable

Insurance companies require prompt notice of a loss. Once the claim is submitted, check your policy regarding the submission of a proof of loss, as is often required. These documents have deadlines, some of which are triggered without any request from the insurer. Request an extension if you need one to ensure timely submission. Use photographs, videos, or other documentation to substantiate your claim, and keep a log of all communications with your insurer and adjuster, including phone calls. An accurate timeline of communications will assist in any potential litigation regarding your claim.

In the event of a denial, delay, or recovery smaller than required to repair your business, experienced coverage counsel can help you analyze your policies, enforce your rights and hold your insurer to their contractual and statutory obligations.