By:
On:
In: *Connecting the Dots Blog*, Health Care

  Check out this recent overview of 10 of the largest data breaches from 2010 resulting in the loss of millions of data records. Lessons Learned: Is your organization providing ongoing situational awareness training?  People are the weak link for the majority of data breaches which are caused by human error, lost devices, social engineering attacks and numerous other poor decisions.  It is critical for organizations to educate their employees (and third-parties) ongoing as risks, threats, requirements, and ’next’ practices are constantly changing.  Lessons learned clearly reveal that once-a-year general training is not enough.Read More →

By:
On:
In: *Connecting the Dots Blog*, Human Resources, Regulatory Compliance

  OCEG recently announced poll results from a One Minute Poll about Policy Management.  In their poll, 429 members replied to the following question: How do you primarily manage lifecycle of internal policies, procedures and guidelines? 32% use an internally developed database or intranet system 24% have no formal structure 18% use file folders or centralized network drive 14% use document or policy management software  8% track changes in Word  4% use other methods   Lessons learned:  Bad guys already know what the results from this poll clearly reveal…People are an organization’s weakest links.  As long as 86% or more of organizations continue to useRead More →

By:
On:
In: *Connecting the Dots Blog*, Uncategorized

  How important are platforms? What if you had a great football coach, but no platform (fields, training rooms, etc.) to bring it all together? What if you had a great cast and a great play, but no platform (stage, props, etc.) for performances? What if you had some great software, but no platform (PCs, servers, etc.) to use it on? Most organizations would tell you their people are their greatest assets, but many organizations do not have a platform that empowers people to come together, keep up with constant changes and achieve better results. With regards to people, lessons learned reveal the following: PeopleRead More →

By:
On:
In: *Connecting the Dots Blog*, Incident Reporting, Workplace Violence

  The Centers for Medicare and Medicaid Services needs to improve the way its staff and contractor staff process complaints from its waste, fraud and abuse hotline.  Long timeframes and inefficient processes have delayed starting work on many complaints.  On average, more than five months passed between CMS receiving complaints from OIG and contractors beginning work on them. Lessons Learned: It is critical for government agencies and all organizations to improve responses to tips and hotline complaints.   Not only are five months of inaction un-excusable, but  employees aware of this timeframe will no longer trust and will no longer report incidents to hotlines that doRead More →

By:
On:
In: *Connecting the Dots Blog*, Government, Human Resources, Workplace Violence

  The Ethics Resource Center’s (ERC) recent survey revealed that 40% of employees observing misconduct do not step forward to report it out of fear of retaliation, mistrust or feel their reports will be ignored. Lessons Learned: Organizations must develop secure, anonymous and/or confidential reporting solutions to empower all employees (and third-parties) to report suspicious incidents, violence, fraud, misconduct, ethical violations, etc.  And once an incident has been reported, all appropriate personnel (ethics, legal, management, compliance, safety, law enforcement, etc) should be immediately and automatically notified to ensure a timely response and ensure red flags do not fall through the cracks. Based on other surveysRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Security

  A review of security practices and investments at 46 global organizations finds that compliance with industry security standards actually saves money over the long-term.   A recent Ponemon Study revealed that companies that consistently comply with security requirements and standards save three times more in security-related expenses annually than non-compliant companies. Lessons Learned: Compliance does not equal security, but security can benefit from compliance.  Organizations investing in comprehensive compliance programs are better prepared to prevent expensive breaches, lawsuits, fines, etc. and save money and resources over time.Read More →

By:
On:
In: *Connecting the Dots Blog*, Business Continuity, Information Privacy, Information Security

  A targeted phishing e-mail with the subject line “2011 Recruitment Plan” tricked an RSA employee to open a document attached to an e-mail.  The document contained a virus that led to a sophisticated attack on RSA’s information systems. Lessons Learned:  Are your employees aware of changing and more sophisticated risks?  Does your organization update employees with situational awareness as more and more attacks target your employees?  All employees must understand their individual roles and responsibilities for protecting sensitive information.  Organizations need to implement comprehensive and ongoing awareness programs to ensure all individuals understand changing risks, threats, best practices, etc.Read More →

By:
On:
In: *Connecting the Dots Blog*, Regulatory Compliance, Risk Management

  Miami-based Pacific National was fined a $7 million penalty for violations to the Bank Secrecy and USA Patriot acts. Lessons Learned: Fines for gaps in AML practices are becoming more severe.  Financial organizations must ensure they have the appropriate policies and procedures in place and ensure their people are aware and accountable for their decisions to meet ongoing compliance requirements.  Organizations also need legal-ready and audit-ready documentation to avoid expensive fines, lawsuits, and embarrassing headlines.Read More →

By:
On:
In: *Connecting the Dots Blog*, School Safety

  What does recent a school survey reveal about ‘thou shall not snitch’ culture?  Can schools take advantage of real life situations to create a culture of preparedness, safety and prevention? The responses to this survey at H.D. Woodson High School reveal opportunities for schools to open the lines of communication, but only if school leaders understand how to relate to students and how to build trust with students. Lessons Learned:  Status quo responses to a survey, status quo comments from adults and status quo news articles validate how status quo approaches are not going to solve the problems and new challenges schools and communities faceRead More →

By:
On:
In: *Connecting the Dots Blog*, Uncategorized

  I have attended several threat management and risk management seminars this year, and it seems like many of the speakers and experts have fallen under the spell of “super-should-a-docious”. Many of the speakers and experts continue to express “You should do this” and “Your people should do that” or “You should implement best practices” and “Your people should know this/that” and on and on. And at the seminars and conferences I have been attending, I sense that attendees  are starting to get tired of the same old “should” dance and would rather hear about solutions that allow them to implement all the “shoulds”.  It’sRead More →