Category Archives: Loss Control

Data Backup Strategy Tips for World Backup Day

Posted on by

As tomorrow’s World Backup Day should remind us all, there is one risk mitigation measure every company should have in place and regularly reevaluate: a data backup strategy. A data backup is an archive or copy of a company’s information, sensitive or otherwise, and presents a critical part of any enterprise’s disaster recovery plan, especially in the event of a data loss. Data loss can come in many forms, including physical theft, hard drive failures, simple human mistakes, and ransomware attacks. Given the range of potential risk scenarios, risk professionals and business leaders assess their backup strategy as part of all disaster preparation and response plans. 

While 93% of small businesses use cloud-based backup solutions, there are many options for risk professionals or IT leaders to consider. For example, there are also smaller storage methods like removable media like USB flash drives or external hard drives that you might encourage remote employees to use to protect their data. There are also backup services companies can use to outsource their data backup strategy altogether. 

When creating or reassessing a company’s data backup approach, there are few concepts business leaders should familiarize themselves with:

Recovery Point Objectives

RPO, or recovery point objective, is the amount of time between your routine data backups. This can also translate into the amount of data that may be at risk in the event of a data loss. If you backup your company’s data once a week, for example, you potentially could lose a week’s worth of data. Choosing to back up more frequently can thus help reduce data loss risks. 

Recovery Time Objectives

RTO, or recovery time objective, is the time it takes for your business to restore its data from a backup. This is entirely dependent on how robust your data backup is and how much data you need to recover from it. Generally, the more streamlined your data backup strategy is, the faster your recovery time will be. Putting all of your data in the same type of storage solution can also improve your RTO.

The 3-2-1 Backup Strategy

Whether your business is large or small, one data backup strategy is considered best practice—the 3-2-1 backup strategy:

    • Create three copies of your data.
    • Put those copies of your data on at least two types of data storage solutions.
    • Store at least one of those storage solutions in a remote location. 

In honor of World Backup Day on March 31, check out the infographic below for more data backup tips and data loss statistics from Norton:

an infographic summing up data backup solutions and storage options, plus data loss statistics

How to Prepare Now for Your Next Crisis Post-COVID

Posted on by

As business leaders remain hyper-focused on navigating through the pandemic, few have sufficiently considered how to prepare for the next major crisis. There are many steps leaders can take, some of which include reassessing their risk management plans, constructing cohesive frameworks that proactively identify potential gaps, and identifying protocols and procedures to fill those gaps in preparation for future crises, no matter how big or small. 

Reflect and Optimize

Very often, companies have not taken the time to assess how they responded to previous crises because they are either too busy afterwards, or too happy to have survived with minimal consequences. But the pandemic has shown that this is a dangerous game to play. While we have seen that most organizations had some of the core elements of crisis management success—whether a crisis management plan and team, mass notification technology, risk and intel monitoring capabilities, or business continuity plans and teams—many had (and still have) not connected these parts into a successful framework. Moreover, they have not reflected on those plans to improve them and optimize their crisis and risk management approaches.

Businesses must evaluate their preparedness for and response to past crises and use lessons learned in those reviews to optimize their responses moving forward. Given COVID-19’s unexpectedly “long tail,” companies should review and reflect on their plans now, rather than wait months or years.

Create or Enhance Your Plan

While enhancing an old crisis plan or developing a new one will take work (and cost money) upfront, it is a process that will pay massive dividends in the long run. Once businesses have a concrete crisis management plan in place, have practiced the plan, and are prepared, the cost will realize itself both in terms of the monetary outlay and by mitigating potential risks that could prove highly detrimental to the business down the line. While different companies take varied approaches to crisis management planning, certain plan elements have proven their value during COVID-19 and likely will again during future crises. This is demonstrated in “the 3 S’s”: scenario analysis, stakeholder analysis, and standing media agenda.

  • Scenario analysis: Scenario analysis encourages companies to focus on the best, worst, and most-likely case scenarios when confronting a crisis and planning for various organizational responses. At the beginning of COVID-19, many companies saw the crisis as a “China problem,” and did not actively prepare for its potential global impact. Preparing in this way would have enabled them to have a broader, more proactive approach to crisis management, rather than getting caught in constant response mode, as many companies were. 
  • Stakeholder analysis: In times of crisis, businesses must quickly identify the key internal and external players that will be impacted and require critical attention. The companies that do so will be able to quickly identify their specific needs and/or interests and build their crisis responses around them. Not doing so often results in disorganized management of key stakeholders, exacerbating the impact of the crisis and/or causing additional work for the crisis team.  
  • Standing meeting agenda: Standing meeting agendas are crucial for helping to keep meetings on track, ensure discussions are impact-based and holistic, and guarantee key facets of the response are consistently revisited until resolved. Organizations that do not utilize standing meeting agendas often find their meetings to be frustrating, disorganized, and never-ending as conversations go around in circles.

Practice Responding to Crises

It would be easy to believe that you do not need to practice your crisis responses and exercise your plans after navigating a massive crisis like COVID-19, but that would be a mistake. Every crisis has its own unique characteristics, impacts, and challenges, and crisis exercising has proven to be one of the most effective means of preparing organizations and their leaders for navigating the next crisis or managing multiple, smaller crises at once. Just as with physical exercise, crisis exercising keeps organizations nimble and helps develop organizational muscle memory to ensure businesses and leaders are prepared for a real crisis.  

Do Not Forget Travel 

While most business leaders are thinking about bringing people back to the office, few have considered that many, ironically, are going to be looking for opportunities to leave it again—getting back on the road and visiting suppliers, customers, etc. So it would be short sighted for companies to only focus on policies and procedures around returning to the office, when they should start thinking about policies around returning to travel too. This will bring exponentially more challenging situations given the lack of consistency and (likely) inequity of vaccine distributions across the world, especially in developing nations where many employees may be traveling. Business leaders should be thinking about this now and planning for how to enable and support employee travel when it is safe to do so.

Take Risk Management and Monitoring Seriously

Risk management programs can no longer be developed with a “check-the-box” approach. As COVID-19 proves, high impact-low probability events are not only possible but probable, and so companies must take risk management and monitoring seriously. During this time, companies have started to build information and intelligence monitoring capabilities to help them digest the large volume and varied kinds of information they are receiving. This has included agreeing on scenarios and triggers that, when met, result in particular organizational action (e.g., reopening the office when case counts are at a certain level or enough people have received the vaccine). The last thing companies should do is stop monitoring when it seems as though the pandemic or any other crisis seems to be slowing or ending. In fact, organizations should not only maintain this monitoring but expand it to include other risk types identified during the crisis that could create another significant disruption down the line. This will allow the organization’s leaders to make data-based, proactive decisions rather than waiting until a crisis happens.

Crisis and business continuity planning has never been more important. The COVID-19 pandemic has dramatically shifted the way businesses operate and has created new problems that business leaders must solve. To effectively plan for the next crisis, leaders must prioritize these capabilities, creating a holistic framework that addresses various types of threats. Taking these steps now will better prepare organizations for the next major crisis, however unlikely and no matter the scope and scale.

After COVID, Cyberrisks Top Agenda for Risk Professionals in India, Marsh and RIMS Report

Posted on by

For risk professionals in India, the COVID-19 pandemic has underscored the critical need to build business resilience and develop mature yet flexible business continuity plans to address both short- and long-term threats. In the new Marsh and RIMS report Excellence in Risk Management India 2020, Spotlight on Resilience: Risk Management During COVID-19, 63% of risk professionals in India said a new pandemic or continued fallout from COVID-19 was a top risk facing their organization, followed by cyberattacks (56%), data fraud or theft (36%), failure of critical infrastructure (33%), fiscal crises (31%), and extreme weather events (25%).

This mix of top risks illustrates the critical task before risk professionals heading into 2021: ensuring capability and procedures to respond to fast-emerging disasters, while not losing sight of the critical work to boost baseline resilience against foreseeable risks across the enterprise.

“Organizations need to balance their focus between longstanding and emerging risks,” said Sanjay Kedia, country head and CEO of Marsh India. “While there has long been an awareness of weather-related risks, low-frequency risks generally receive less attention. The pandemic has underlined the need for risk managers to keep all perils on their radar.”

Indeed, Marsh and RIMS found risk assessment and modeling are critical gaps for India-based risk professionals to focus on to mature their risk management programs. “As businesses recover from COVID-19, many senior leaders are shifting attention to questions of resilience.

buy nizoral online greendalept.com/wp-content/uploads/2023/10/nizoral.html no prescription pharmacy

But, as our survey shows, the use of advanced risk management techniques in India remains limited—for example, more than one-fifth of respondents do not assess or model emerging risks,” the report noted.

This is particularly the case with emerging cyberrisks. Cyberattacks and data loss or theft ranked among the top three threats, and the pandemic escalated the already rising number of cyberthreats to companies in India with the shift to remote work, online business, and ransomware attacks. Indeed, the report noted that the pandemic led to a surge in cyberattacks against Indian companies, with New Delhi among the top 10 most often attacked cities with regard to ransomware in 2020, and more than a third of Indian respondents to a June survey by Microsoft reporting they had fallen prey to a pandemic-related phishing email. Yet only a third of respondents to the Marsh/RIMS report said they model potential cyber loss scenarios, and only 26% plan to do so in the next year. Key cyberrisk management measures and the rate of implementation among Indian companies include:

Whether it is phishing attacks on employees or internet outages interrupting operations in the supply chain, the report notes that the next major event for Indian companies could well be a cyberattack. Focusing on building cyber resilience was one of the report’s four key recommendations, noting “organizations should shift their focus from solely trying to prevent an attack to accepting the inevitability of a cyber event and taking action to mitigate its effect.”

The report’s other top recommendations for risk professionals in India were:

  • Regularly review existing business continuity plans – “Companies should carefully review and refine their business continuity plans. They should ensure their plans enable them to respond effectively to threats that bring short-term pain and long-term and widespread challenges, as is the case with COVID-19.”
  • Embrace the changing working environment – “Lockdowns intended to stem the spread of COVID-19 required many companies to quickly move to remote working, change their business models, and implement new safety measures upon return to the workplace. Other perils, like a natural disaster, could necessitate and precipitate such shifts, even if shorter in duration. Businesses should invest in structures that allow employees to work remotely effectively, efficiently, and safely and should educate employees on new ways of working under changing circumstances.”
  • Remap and remodel your supply chain – “The COVID-19 pandemic emphasizes the need to re-examine supply chains regularly, with special focus on understanding the resilience and reliance of vendors. Companies would benefit from understanding their vendors’ ecosystems; both to provide a clearer view of how they could be affected by different risks and to review contracts to better understand liabilities.
    buy inderal online greendalept.com/wp-content/uploads/2023/10/inderal.html no prescription pharmacy

Moving forward, there is considerable room for risk professionals to be more involved in scenario analysis and strategy

In December, RIMS introduced additional resources specifically for risk professionals in India looking to elevate their risk practice. The report was released around the recent RIMS Virtual Risk Forum India 2020, which brought together hundreds of risk and insurance professionals from across India and around the world. Soon thereafter, the risk management society also announced the official formation of a RIMS India Chapter.

“The exchange of knowledge and experience drives the risk management profession, allowing practitioners to more effectively enhance corporate decision-making, strengthen resiliency and leverage new and exciting opportunities for their organizations,” said Roop Kumar, chief of risk at SBI Life and inaugural president of the India chapter’s board of directors. “RIMS India Chapter will quickly become an exceptional resource for all business leaders. We look forward to delivering cutting-edge risk management insight to support our members as they advance their programs and their careers.”

Other members of the inaugural board of the India chapter include: Keerthana Mainkar, head ERM at Infosys; Amol Padhye, head of market risk at HDFC Bank; Amber Gupta, head legal and corporate secretary at Birla Sunlife Insurance; Anand Shirur, CEO of Digitangle Consulting PVT, Ltd; Steward Doss, associate professor at National Insurance Academy; Monika Mittal, professor at BIMTECH; Shibyanshu Sharma, vice president of risk management at SBI Life; and Yogesh Ghorpade, head of ERM and insurance lead at Thermax Industries.

“RIMS India’s Board of Directors truly represent a cross-section of the country’s risk management community,” said Gopal Krishnan K S, head of RIMS India Operations. “The Society looks forward to learning from their unique experiences and welcoming others to contribute so that, together, we can develop the highest standard of risk management education to address corporate India’s biggest concerns.

buy cozaar online greendalept.com/wp-content/uploads/2023/10/cozaar.html no prescription pharmacy

Spending Risks Shift as the Pandemic Continues

Posted on by

When Twitter offered permanent work-from-home status to all of its 4,600 employees in response to the COVID-19 pandemic, it did so with a $1,000 stipend per employee to furnish and set up functional home office spaces.

For many organizations, such a sweeping move would carry higher risk as more employees, especially those not trained in company spending policy, would be expensing items. During COVID-19, enterprises of all sizes contend with the changing financial implications of adjusting business practices.

Data scientists at Oversight—a global leader in spending management technology—saw out-of-pocket spending increase 17% from April to May and expected this number to rise further in June as more employees without a corporate card make COVID-related expenses. These findings are published in the company’s Spend Insights Report, which analyzed information derived from customer interviews, market observations and Oversight data.  

Several Oversight clients reported finding big-screen TVs and soundbars on expense reports for work-from-home setups. Any of these could ultimately be for personal use or resold for personal gain. One client found that one of its employees spent $7,000 in corporate funds to set up a new home office space.

The months since COVID-19 forced employers everywhere to pivot their office strategies and open expensing capabilities to a broader subset of the employee base. As a result, the fundamental assumptions about spending and risk management in finance operations no longer apply.

New patterns of risk are emerging from these new transactions. However, finance operations teams that take the time to analyze these patterns can develop best practices.

Five key lessons enterprises should understand about spending risk in the 2020 business environment are:

1. Good and Bad Spending Have Reversed Roles

When the rapid shutdown of normal business operations forced the global workforce to shelter in place, travel discontinued abruptly. Airline and transportation activity plummeted in both March and April, as did hotel spending. But purchasing activity was higher than expected in the high-risk categories of mail/phone orders and miscellaneous stores (including merchants such as Amazon, Best Buy and Apple), while out-of-pocket expenditures in the name of business continuity increased dramatically. The result was a business scenario in which much of the historically “good” spending, like travel expenses, was suddenly deemed wasteful to the organization. In contrast, much of the traditionally categorized “bad spending” was now necessary.

2. The Pattern of Risk is Shifting, As is Mitigation Collaboration

Because the risk looks significantly different than it did before the pandemic, finance operations teams are applying more scrutiny to employee spending, and collaborating more. Operations teams are engaging more than ever with counterparts in forecasting, tax and audit to navigate the nuances of risk during the crisis, creating a new best practice that makes identifying and mitigating spending risk easier.

3. Rising Miscellaneous and Out-of-Pocket Costs Cause Payment Platform Risk

Third-party payments increased 40% year-over-year in April according to the Spend Insights Report, as the pandemic drove a significant increase in online shopping activity. That shift to online—as reflected in rising miscellaneous and out-of-pocket spending—was often processed using third-party payment platforms like PayPal and Stripe. When employees spend using these platforms, organizations are exposed to greater risk due to limited visibility into transaction and vendor data.

4. New People Spending is New Risk

Regardless of COVID-19’s impact on an organization, one good rule is that risk is a function of people. According to Oversight data, 70% of employees are good stewards of corporate funds. An additional 25% may make errors or act out-of-policy in certain circumstances, but these individuals are not intentionally involved in waste or fraud. The remaining 5% of employees could use opportunities like COVID-19 to spend maliciously or otherwise act outside of corporate compliance guidelines. Every organization’s goal should be to engender visibility into the 5% of bad actors, while simultaneously seeking to better inform the remaining 25% about the steps they can take to adhere to policy. 

5. Align your Teams and Tools to Ensure Visibility into Spending

By quickly understanding as an organization what employees are spending on today, and at what frequency, leaders will be better suited to manage and mitigate risk. While the profile may be different than before the pandemic, the same tools that guided visibility into spending and risk are available to help organizations understand and analyze spend in the new business climate.

The situation at most organizations is fluid. The essential take-away is to develop a framework and process for near-real-time awareness of employee spending and the associated risks. By recalibrating your sense of the necessary expenditures now, organizations can ultimately ensure continuous control over risks as they emerge.