Friday, 31 January 2014

A nice cup of tea

I do like a nice cup of tea. In fact tea is pretty near the top of my all time favourite drinks list. Five or six cups a day is the norm when I’m at home or in the office. And I have to say that Mrs Oz does make a cracking cuppa.

When I’m out and about, though, I tend to drink coffee. That’s because generally other people’s tea isn’t anywhere near as good as Mrs Oz’s. In fact, in my humble opinion, a surprisingly large number of people don’t have the faintest idea of how to make a decent cup of tea.

My brother thinks there’s no such thing as a bad cup of tea (perhaps that’s because his tea making capability is distinctly average – don’t tell him I said so though!) but I beg to differ. In fact, I’m sat drinking one right now in a hotel with my breakfast and wondering why I didn’t order coffee instead.

A bad cup of tea is, in my view, worse than no cup of tea at all. It might have all the ingredients (not that there are many) but if it’s not done right it can be awful.

In a similar(ish) vein, my view is that a bad business continuity plan is as bad as – and possibly worse than – no plan at all. A bad plan might seem to have all the right ingredients but, as with a cup of tea, if they’re not put together properly, the results can be somewhat disappointing. And, as with a bad cup of tea, the only time you really find out how unpalatable the results are is when you come to try it.

So, at the risk of being contentious, my advice would be the same in both cases – if you can’t make a decent one (or find someone who can), it’s probably not worth bothering at all!

Andy Osborne is the Consultancy Director at Acumen, and author of Practical Business Continuity Management.
You can follow him on Twitter and his blog or link up with him on Linked In.

Friday, 24 January 2014

White Paper Examines Cybercrime and its Stalking Ground: Social Media

The internet fundamentally changed the way we conduct business: we can order goods, make payments and complete entire transactions with just a few mouse clicks. Few of the traditional barriers to commerce - such as time, distance and currency issues - pose the same problems in the internet age as they did before we took our business online.

The story doesn't end there, however. The internet also led to the social media phenomenon. Naturally, humans are not all business, all the time – we are inherently social creatures, and this inclination took root online as strongly as any practical applications. We chat online, we connect with friends, family and colleagues on Facebook, LinkedIn and similar sites, we use Twitter to share thoughts and commentaries... some even use online dating sites to find the next romantic partner. We share details and information about ourselves with others across the internet. Unfortunately, however, it is not only our friends, family and colleagues who can find this info. The fraudsters are tuned in, as well.

A new white paper from CRI Group, “Risks of Cybercrime and Social Media,” explores the troubling crossover where social media meets fraud. The paper's author, CRI Group CEO Zafar I. Anjum, details the factors that make our online socializing so risky: the loss of privacy, the vulnerability to identity theft and other issues. Statistics are presented that provide a comparison of cybercrime losses among the countries where its incidence is highest (note: the U.S. leads in dollar losses).

The paper also highlights the newest regulations to combat cybercrime. Yet, as you'll read, these measures are thus far falling short in seriously controlling the damage caused by this type of crime. More action is needed by government and regulatory authorities worldwide, a point that is clearly asserted, but with one important caveat: individuals using social media also bear a responsibility to take more care, protect themselves, and not become the next cybercrime victim.

Click here to read the white paper in full.

Lara Jezeph is the Marketing and PR Manager (EMEA) at the CRI Group.

Thursday, 16 January 2014

Are we ready for significant power outages?

Have a quick look around you and see what is powered by electricity in your buildings, pretty much everything. We need to start asking questions, questions like:

  1. Can we maintain Power for all our critical services through generator provision? Remembering that accessibility to large quantities of fuel becomes difficult without electricity.
  2. Are we up to date with our alternative power supply testing regimes?
  3. If our plans include the hire of generators, will they be available to you? Have you an agreement in place? Remember that everyone might want one.

The power outages may be localised meaning staff can work from other sites, therefore:

  1. Have we alternative sites and are staff able to work remotely?
  2. Can we switch sites/are staff happy to move?
  3. Do we have a home working policy?

There are no hard and fast answers to this and you will no doubt be mindful that the only way to respond is to be aware, plan and test. I think this may well be the biggest issue facing practitioners over the next 18 months, being prepared for power loss on a grand scale is no mean feat, but with careful consideration of this issue in your plans between now and whenever will no doubt assist in your response.

Steve deBruin is the Business Continuity Lead at North Somerset Council, UK.

Friday, 10 January 2014

How MAD are your Top Management?

Dare to ask that question of your Top Management? Maybe not, but a Risk Manager would try to understand their attitude to risk and their mythical 'Risk Appetite'. As a Business Continuity Manager, why not explore their 'Maximum Attitude to Disruption' (M.A.D.) a phrase I believe I uniquely use and created hoping it becomes more prevalent in a commercially driven BC world.

Risk appetite is a feeling, a sense of danger perhaps. Your risk attitude is what you intend to do about avoiding that danger, your Maximum Attitude to Disruption is a mixture of your Top Management’s risk appetite and risk attitude expressed in a business continuity context.

How much disruption are they willing to tolerate in terms of impacts to the business over time and to what reduced service levels? It’s in part a BIA output, but not simply this alone. How many times do I hear that "quantifying and qualifying” your impacts is too hard to do expressed financially? Conversely how quickly do people manage to count the cost of the disruption after the event, who professes not to be able to do this beforehand?

Questions

Can you quantify your fixed cost associated with your business continuity management arrangements? Can you estimate your variable costs associated with an invocation of your response strategy and tactics and resource requirements? Do you know the estimated cost of your impacts over time and what is intolerable to Top Management?

M.A.D.

Somewhere in this wealth of (cost) data gleaned in the analysis and design stages of the business continuity lifecycle is your Maximum Attitude to Disruption. An acceptable commercial ratio between the cost of disruption over time and the cost of your response leading to resumption.

Impacts grow exponentially over the time of a disruption if left unchecked. Each response phase carries a cost of achieving your time objectives, each phase will attract negative impacts, without a planned response cost spirals upwards leading to an intolerable level of impacts. For those of you that are now saying, but not all impacts are financial, pause a moment and think of a reputational impact that has no financial impact associated with it.

When undertaking the 'Initial BIA/Strategic BIA', if your report to Top Management included an estimated (expressed financially and based on a seasonal view) set of impacts over time, would this focus their mind on what was their desired set of time objectives and minimum service levels? In doing so, would you then arrive at a draft Maximum Attitude to Disruption?

Armed with this aspirational view from Top Management you can progress through the lifecycle to the end of the design phase at which point you will be capable of answering the questions I asked previously prior to your next sign off gateway.

What are you asking Top Management to sign off? The outputs from your analysis stage and the outputs from the design stage. The cost of achieving their time based objectives to reduce impacts to that which is tolerable over time to achieve the Top Management's Maximum Attitude to Disruption.

David Window is the Managing Consultant of Continuity 22301 Ltd in Cheshire, UK.
There was an error in this gadget