If you live in the Northeast United States – anywhere from DC to Maine – you’re likely living through the Blizzard of 2015 right now. Snow and heavy winds are pounding the East Coast, with snow totals expected to exceed 2 to even 3 feet in many areas and wind gusts to reach hurricane strength.
During weather events such as this, it’s critical that firms take precautions to ensure that not only do their technologies work and their businesses remain operational, but that their employees are safe, connected and receiving constant communications. We’ve experienced many events such as this in recent years – Hurricane Sandy is probably the most memorable – but the Blizzard of 2015 is an important reminder to firms about employing comprehensive business continuity plans and disaster recovery systems.
Here are a few reminders to get your firm through this latest weather event:
Communicating effectively with your employees is especially critical before, during and after disasters and other weather events. Be sure to keep your employees in the loop on what’s happening and what’s expected of them. Should they work remotely in the event they can’t get to the office? Are non-essential personnel expected to use paid time off? When can they expect updated communications regarding next steps?
If your firm employs a comprehensive BCP, you’ve likely already shared regional Quick Reference Cards so your staff is aware of evacuation locations, remote access policies and instructions and other communication essentials.
According to the Center for Disease Control (CDC), "All national key flu indicators are elevated and about half of the country is experiencing high flu activity." So here are some tips to keep your firm operating smartly during flu season. Watch, read and learn.
Monitor the flu situation.
Get a flu shot.
Limit exposure to others if you have flu symptoms.
Limit onsite meetings.
Keep contact information current.
Review BCP and DR activation procedures.
Update employee DR materials.
Communicate flu policy.
Supply disinfecting wipes for all offices.
Stay home if you have the flu.
Contact us to discuss in more detail the role flu preparedness should play in your BCP.
Recovering from a scene of workplace violence can be a tricky situation. Not all situations would necessitate the need to activate business continuity plan/procedures. But for the situations that do, it is important to be able to account for employees, communicate, assist/provide resources and resume business operations as quickly and sensibly as possible.
OSHA defines workplace violence as any act or threat of physical violence, harassment, intimidation, or other threatening disruptive behavior that occurs at the work site. It ranges from threats and verbal abuse to physical assaults and even homicide. It can affect and involve employees, clients, customers and visitors.
During instances of workplace violence, it is important that employees can react to obstacles or changes in the evacuation plan - whether it be utilizing an alternate route on your way out or going to the secondary evacuation site. In some instances, such as with an active shooter, choosing not to evacuate and exposure yourself to the shooter can be the safest decision. Managers/floor wardens who are tasked with ensuring employees have exited the building need to be able to complete their jobs to help building management and responding agencies have a better understanding of how many people might still be in danger.
Categorized under: Business Continuity Planning
It’s officially 2015! With the New Year upon us it is important to set new goals for the future. In today’s post, we offer five resolutions hedge funds should consider to help pave the pathway for another prosperous year.
Resolution #1: Prepare for Cybersecurity
In 2014, hedge funds were revamping their IT policies and upgrading their methods of preventing, detecting and responding to cyber threats. However, this push to overhaul and enhance security was largely reactive to the several breaches we witnessed in 2014. Among those companies affected were Sony, Target, JP Morgan Chase and Home Depot. In 2015, we predict cybersecurity will remain at the forefront of headlines. That being said, hedge funds should prepare ahead of time and have detailed information security policies in place.
Resolution #2: Avoiding Common Cloud Mistakes
When it comes to hedge fund operations and technology, there is no margin for error. Common mistakes range from not sizing bandwidth adequately to business needs to not planning proactively for applications and assuming deep security safeguards are in place. Hedge funds that take the proper precautions and do their research when cloud shopping save themselves from preventable stress and inflated issues down the road.
If you’re a loyal Hedge IT reader, you may remember we highlighted a few simple dos and don’ts a few months ago that, when utilized, can go a long way in shoring up your firm’s security. To make it easy, we’ve put these tips together into a video. Take a look below and discover a vast range of security tips and tricks from email encryption to proper security measures for protecting computers and mobile devices.
When it comes to the cost of a successful data breach, the ensuing ramifications are not limited to monetary loss. A firm’s confidential information, customer trust and overall operations are all at risk of being compromised. To protect their data and systems from cyber-attacks and breaches, it is critical that firms become as secure as possible.
Raising the Bar
Over the past year, we have witnessed more firms strengthening their security measures in an effort to comply with industry regulations as well as the SEC cybersecurity expectations. Additionally, we’ve seen an increase in frequency and sophistication of both data theft and cybercrime. A study by Risk Based Security revealed that within the first nine months of 2014 there were 1,922 data breaches reported and 904 million records exposed. Four of those incidents have made the Top Ten All time Breach List and three hacking incidents combined were accountable for nearly sixty percent of exposed records. Today, most hedge funds are aware of the severe negative effects a security breach can cause; however, gaining this knowledge may have been a tough lesson to learn.
As hedge funds and investment management firms shore up security practices in an effort to comply with the SEC cybersecurity expectations and other industry and investor standards, it can become overwhelming to sort out what's required and how firms should go about achieving compliance. It can also be easy to make mistakes. We asked Eze Castle's Business Continuity and Data Privacy Manager, Lisa Smith, to tell us about some of the common information security mistakes she witnesses firms make and how to avoid them in the future. Here are some of the key questions Lisa answers:
Where are you seeing the most deficiencies in cybersecurity preparedness?
What goes into an effective Written Information Security Plan?
What common mistakes do you find firms are making when it comes to information security safeguards?
Take a look at Lisa's answers!
How important is day to day communications within your company/firm? If an incident or disaster occurred today, how would your organization respond? Do you have a team or group designated to develop messages for both internal (employees, vendors, third parties, building management) and external (public, employee families, media) contacts? Have they practiced? When the pressure is on, is your organization prepared if a disaster or event suddenly puts your firm under the microscope with an onslaught of internal/external calls, questions, requests, emails, social media messages or media requests?
Crises and disasters continue to happen across borders and industries. Let’s not forget some of the more recent large scale disasters such as Hurricane Katrina, Typhoon Haiyan, Deepwater Horizon, Fukushima, Hurricane Sandy, and, of course, the ongoing major data breaches, just to name a few. That list doesn’t include more common events that may not make the major news networks such as utility failures, office fires, and systems outages. Smaller events like previously mentioned can cause minimal to significant disruption to business operations. This is why developing and practicing a variety of communications is vital in an organization’s response to an incident.
Some of these events can be predicted in advance, giving an organization time to make decisions, analyze other organization’s responses, consider impacts, and communicate a message or action. Sometimes events are sudden, such as an earthquake or active shooter. These events require immediate actions, decisions, and communications to be made. In either case - an immediate or delayed event - communication is critical to demonstrating proper leadership and providing employees with proper direction, especially if the event is centered specifically on your organization.
When it comes to cybersecurity defenses, this isn’t a fantasy league. The threats are real and growing in sophistication for the hedge fund and alternative investment industry. In today’s blog, we will discuss how to prepare your firm’s defense for external attacks and internal breaches.
Cybercrime works like a defensive team that studies their opponents and plays and can make midgame adjustments. The only true way to thwart an incident is to establish a layered security program to safeguard against attacks and vulnerabilities of all kinds. Football teams share a similar composition, as there are defensive tackles and ends, cornerback and safety roles. You need to ensure your infrastructure is highly secure and cannot be penetrated by external attackers or easily manipulated by internal threats.
Preparing for Ebola: A Review of the Outbreak, its Economic Impact, and Business Continuity Considerations
This year’s outbreak of Ebola in West Africa is the worst that has ever been recorded. The disease typically occurs in outbreaks in tropical regions of Sub-Saharan Africa. In the short span of a year, the virus, which is affecting Guinea, Sierra Leone, Liberia and Nigeria, has resulted in nearly 3,500 deaths.
In this article, we will look at where this outbreak started and the economic impact it has had both in Africa and internationally. We will also highlight the issues that businesses need to consider as this epidemic continues to expand.
Where Did Ebola Come From?
A report published in the New England Journal of Medicine suggests that Ebola’s Patient Zero (the initial patient of an epidemic) was most likely a 2 year-old boy living in southern Guinea. Unfortunately, the boy became very ill and died on December 6th 2013. Several close relatives died shortly thereafter. After the funerals, some of the attendants became ill. Following established patterns of close contact with the sick, the disease began spreading to other villages, then across the borders into Liberia and Sierra Leone. It wasn’t until March 2014 that the international aid agency MSF (Doctors Without Borders) became aware of the new Ebola outbreak and immediately got involved. In early August, the World Health Organization (WHO) declared “an international public health emergency”. On September 30th, the first case of Ebola was diagnosed within the United States.
At this time, the CDC is making both “best-case scenario” and “worst-case scenario” predictions of the total number of cases expected through January 1st 2015. Unfortunately, the predictions range from 11,000 to well over 1 million cases.