Tag Archives: Compliance

Bored and distracted employees “could be biggest data security risk” warns Centrify

Employees who become distracted at work are more likely to be the cause of human error and a potential security risk. That’s according to a ‘snapshot’ poll conducted by Centrify.

While more than a third (35%) of survey respondents cite distraction and boredom as the main cause of human error, other causes include heavy workloads (19%), excessive policies and compliance regulations (5%), social media (5%) and password sharing (4%). Poor management is also highlighted by 11% of security professionals, while 8% believe human error is caused by not recognising data security responsibilities at work.

According to the survey, which examines how human error might lead to data security risks within organisations, over half (57%) of respondents believe businesses will eventually trust technology enough to replace employees as a way of avoiding human error in the workplace.

CentrifyDataSecurity

Despite the potential risks of human error at work, however, nearly three-quarters (74%) of respondents feel that it’s the responsibility of the employee, rather than technology, to ensure that the host company avoids a potential data breach.

“It’s interesting that the majority of security professionals we surveyed are confident that businesses will trust technology enough to replace people so that fewer mistakes are made at work, yet on the other hand firmly put the responsibility for data security in the hands of employees rather than technology,” commented Andy Heather, vice-president and managing director at Centrify EMEA.

“It seems that we as employees are both responsible and responsible: responsible for making mistakes and responsible for avoiding a potential data breach. It shows just how aware we need to be at work about what we do and how we behave when it comes to our work practices in general and our security practices in particular.”

Leave a comment

Filed under Risk UK News

Organisations “need to do more” to ensure EU GDPR compliance

Organisations need to do more work to ensure compliance with the European Union’s General Data Protection Regulation (GDPR) which is due to come into force in May 2018. While organisations are largely aware of their upcoming obligations, levels of maturity to meet the new standards are low.

Overall, organisations are only complaint with less than 40% of the principles laid out in the GDPR. DLA Piper’s Global Data Privacy Snapshot 2017 notes that some industries are progressing towards compliance better than others. The hospitality and banking sectors are ahead of the rest with 48% and 43% compliance respectively, compared to the average of around 37%. Healthcare and manufacturing are at the bottom end of the scale with 34% and 35% compliance.

Data breaches are already the second greatest concern for business continuity professionals. That’s according to the latest Horizon Scan Report published by the Business Continuity Institute. Unless organisations become compliant by the time the GDPR comes into force then a breach could become even more disruptive.

Patrick Van Eecke, partner and global co-chair of DLA Piper’s Data Protection practice, said: “The responses show that many organisations still have work to do on their data protection procedures. Any organisations operating in Europe will need to see major improvements in their score by May 2018 if they’re to avoid potentially heavy financial penalties under the GDPR, not to mention serious reputational damage as people become more and more aware of their rights in this area.”

eugdprweb

Van Eecke added: “With more and more organisations placing data centre stage, data protection will become an increasingly prominent issue. It’s vital that organisations invest now in the strategy and processes needed to help them to meet their obligations.”

Jim Halpert, the US co-chair of DLA Piper’s Global Data Protection practice, added: “As privacy requirements such as privacy by design, data portability and extensively documenting a privacy program become more complex, compliance demands significant operational work that takes time. In this sense, the results are not surprising. The time to step up compliance efforts is this year, not next.”

The GDPR will apply to processing carried out by organisations operating within the EU and to organisations outside the EU that offer goods or services to individuals in the EU.

The UK Government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR. Organisations failing to comply with the GDPR after its implementation in 2018 could face fines as high as 4% of global annual turnover.

Leave a comment

Filed under Risk UK News, Uncategorized

Telefonica UK Property and ISS choose Ideagen’s Enlighten system to manage governance, risk and compliance

Telefonica UK, a leading digital and communications company, and ISS, the global facilities management service provider, are set to work with software firm Ideagen on improving governance, risk and compliance operations across the O2 estate.

Ideagen Enlighten, Ideagen’s cloud-based GRC application, is to be implemented and rolled out to bring several operational improvements to Telefonica UK’s Property department. The software will provide one source of truth for the management of controlled documentation, improve visibility of audit scheduling and automate action management and escalation. Enlighten will also enhance levels of reporting and increase accessibility for Telefonica’s mobile workforce.

Darren Bryanton, Telefonica’s national FM operations manager, said: “We regularly participate in audits to assist Telefonica UK in retaining an impressive portfolio of certifications and standards which are essential in demonstrating world class service to our customers. Enlighten will manage audits and document control for the department.”

Suzanne Burge, ISS’ quality and assurance manager, added: “After a thorough review of the market, we selected Enlighten due its scalability, accessibility and ease of use. We wanted a product that we could design ourselves to fit the needs of the business, not just now but also in the future.”

ideagencorplogo

Tim Blackburne, ISS’ account director, explained: “Telefonica UK’s high standards of operational compliance and audit success rely on clear governance, audit readiness and document management. Ideagen Enlighten gives us this.”

Andrew Neish, Telefonica’s head of property, commented: “Both Ideagen and Telefonica UK share the same vision of how innovation can drive improvement in business. This opportunity to provide a game-changing and transformational system is one that we’re very excited about.”

Ideagen is a supplier of information management software with operations in the UK, the United States and the Middle East. The company specialises in eGRC (Enterprise Governance, Risk and Compliance) and healthcare solutions for organisations operating within highly regulated industries.

Leave a comment

Filed under Risk UK News, Uncategorized

The Legal Risk Management Handbook set for publication by KoganPage

Legal risk covers all areas of business where regulation and the law impact on operations and decisions. From risks arising from contract drafting and management through to regulators’ new focus on conduct, as well as compliance, regulatory and dispute risks, the effective management of legal risk is key for organisations that want to maximise value while minimising cost and exposure to legal losses. The Legal Risk Management Handbook, to be published by KoganPage on 3 December, is a practical guide to making sure your business is legal, protected and making the most of its opportunities.

Written by experts in law and risk management, this highly practical guide sets out a clear definition for legal risk and a framework for its management. Covering the full spectrum of legal risks that international businesses can face, it translates legal concepts into clear mitigatory actions.

Whether you’re an in-house lawyer needing a clear approach to managing risk in your areas of influence, or a member of the risk management function needing a jargon-free guide to your company’s legal responsibilities, you will find authoritative insight and guidance in this publication.

Containing Case Studies from international businesses and real-life insights from those at the coalface of legal risk management, The Legal Risk Management Handbook is essential reading for everyone who needs a better understanding of this important business topic.

legalriskmanagementhandbook

Simon Nasta, general counsel for FBN UK, has provided advance praise for the book, calling it a ‘must read’ for in-house lawyers and new general counsels. “I particularly like the simple and practical guides to implement what are quite advanced legal risk management techniques,” explained Nasta.

Professor Stuart Weinstein of the Faculty of Business and Law at Coventry University commented: “The Legal Risk Management Handbook contains a wealth of information useful for any company involved in international business to consider when managing legal risk. What sets this book apart is that it translates complex legal principles into practical operating tools that business managers and the lawyers who work with them can use on a day-to-day basis. An indispensable compendium for the legal and compliance team, the executive suite and the Boardroom who must work hard to ensure that legal risk management is at the top of the agenda in every organisation.”

Matthew Kellett, EY UK law leader (FSO) stated: “This book challenges all organisations to review their legal risk management strategies and provides practical suggestions on how to flex their approach to enhance legislative and regulatory compliance. All those in leadership or front line advisory roles will relate to the issues raised and can benefit from the proposed solutions to manage their forward exposures to legal loss.”

The book’s authors are Matthew Whalley and Chris Guzelian. Whalley has a unique blend of practical experience and strategic insight into legal risk management and law department operations. He created the UK’s first and only Legal Risk Consultancy in 2012, and has helped FTSE 100 and Fortune 500 clients alike take their first steps towards developing a structured approach to legal risk. Whalley was shortlisted for the Laurie Young Memorial Global Thought Leadership Award in 2014 for his detailed papers on legal risk management.

Chris Guzelian is an associate professor at the Thomas Jefferson Law School in San Diego, California where he teaches business, criminal and American constitutional law courses. Previously, he was a state prosecutor, a civilian officer with the US Department of Defence and a lawyer with the Us bankruptcy courts. Guzelian advises a number of corporate, non-profit and Government authorities on risk-related matters.

  • EAN: 9780749477974
  • Edition: 1
  • Published: 3 December 2016
  • Format: Paperback
  • 232 pages

*To order your copy visit: https://www.koganpage.com/product/the-legal-risk-management-handbook-9780749477974

 

Leave a comment

Filed under Risk UK News, Uncategorized

Advanced recognised by BSI for decade of standards excellence in fire systems sector

Global fire safety systems developer Advanced has received an award from BSI, the business standards company, in recognition of ten years of standards excellence in the field of fire systems.

The award recognises Advanced’s role in driving higher standards in the fire industry and its ongoing role in relevant fire standards committees. For example, Advanced was one of the first to adopt EN54-13, the European standard that ensures optimal fire system performance at all times through rigorous third party testing.

advancedbsiaward

Dave Wilson, who’s responsible for standards and compliance at Advanced, commented: “Our ethos is that our products set the standard in fire systems. We work closely with quality, standards and industry bodies around the world to ensure we remain at the forefront of the market. We’ve worked very closely with BSI for many years now, and it’s a real pleasure to receive this award for our work and the partnership we’ve developed in terms of fire systems and BSI Kitemark-licensed product approvals.”

As a business, Advanced designs intelligent fire systems approved to key international, regional and local standards including UL 864 and EN54. Its products are used in prestigious and challenging locations all over the world, from single panel installations through to large multi-site networks.

Advanced’s products include complete fire detection systems, multi-protocol fire panels, extinguishing control and fire paging systems.

Leave a comment

Filed under Risk UK News, Uncategorized

“UK businesses could spend £1.2 million recovering from a cyber security breach” states new research from NTT Com Security

Most business decision-makers in the UK admit that their organisation will suffer from a cyber security breach at some point. They also anticipate that recovering from a data breach would cost upwards of £1.2 million on average for their organisation. That’s according to the Risk:Value report issued by information security and risk management company NTT Com Security, which surveyed business decision-makers in the UK as well as the US, Germany, France, Sweden, Norway and Switzerland.

While nearly half (48%) of UK business decision-makers say that information security is ‘vital’ to their organisation, and just half agree it’s ‘good practice’, a fifth admit that poor information security is the ‘single greatest risk’ to the business ahead of ‘decreasing profits’ (12%) and ‘competitors taking market share’ (11%) and on a par with ‘lack of employee skills’ (21%).

Well over half (57%) agree that their organisation will suffer a data breach at some point, while a third disagree. One-in-ten state that they simply don’t know if this will be the case.

Respondents estimate that a breach would cost them an average of £1.2 million, even before ‘hidden costs’ like reputational damage and brand erosion are taken into consideration. Again, on average it would take around two months to recover from a breach. Respondents to the comprehensive survey also anticipate a 13% drop in revenue, on average, following a breach episode.

Starting to hit home

The survey shows that recent high-profile data breaches are starting to hit home. A similar report published by NTT Com Security in 2014 revealed that 10% of an organisation’s IT budget was spent on information security compared to 11% this year. However, in the latest report, around a quarter (23%) of UK businesses reveal that more is spent on Human Resources than information security.

In terms of remediation costs following a security breach, nearly a fifth (18%) of a company’s costs would be spent on legal fees, 18% on fines or compliance costs, 17% on compensation to customers and 11% set aside for third party remediation resources. Other anticipated costs include PR and communications (14%) and compensation paid to both suppliers (12%) and employees (11%).

CyberPadlock1

According to the report, the majority of respondents in the UK admit they would suffer both externally and internally if data was stolen, including loss of customer confidence (66%) and damage to reputation (57%) as well as suffering direct financial loss (41%). Over a third of decision-makers (34%) expect to resign (or expect another senior colleague to do so) as a result of a breach.

Stuart Reed, senior director for global product marketing at NTT Com Security, commented: “Attitudes towards the real impact of security breaches have really started to shift. That’s no surprise given the year we have just had. We’ve seen several major brands reeling from the effects of serious data breaches, and struggling to manage the potential damage, not only to their customers’ data, but also to their own reputation. While the majority of people we spoke to expect to suffer a cyber security breach at some point, most fully expect to pay for it as well, whether that’s in terms of third party and other remediation costs, customer confidence, lost business or even, possibly, their jobs.”

Who’s responsibility is it anyway?

*41% of UK organisations have a disaster recovery plan in place, with 40% having a formal security policy in place. In both cases, almost half are in the process of implementing or designing one

*When it comes to responsibility for managing the company’s recovery plan, 15% say the CEO now has responsibility, although this still largely falls to the Chief Risk Officer (CRO), the Chief Information Officer (CIO) or the Chief Security Officer (CSO)

*While 77% agree it’s ‘vital’ their business is insured for security breaches, only 26% have dedicated cyber security insurance. However, 38% of those questioned are in the process of obtaining a policy

*One-in-five respondents in the UK say they don’t know if their organisation has any type of insurance in place to cover for the financial impact of data loss or an information security breach

“It’s encouraging to see that almost all UK businesses now have a disaster recovery and formal information security policy in place, or are at least planning to implement one soon,” added Reed.

“Clear, concise internal processes and policies for employees and contractors have so often been overlooked, and this is what can lead to complacency and poor security hygiene. When we talk to clients, we make it absolutely clear that educating staff about security should be a top priority, supported all the while by clear and simple procedures and backed up by a solid incident response plan.” 

*The Risk:Value Executive Summary report can be downloaded here

Leave a comment

Filed under Risk UK News, Uncategorized

Cheshire Fire and Rescue Service keeps public informed thanks to CrowdControlHQ’s social media platform

Cheshire Fire and Rescue Service is using a social media risk management and compliance platform from CrowdControlHQ to monitor and govern its corporate social media accounts including Twitter and Facebook. More than 30 users across the Cheshire Fire and Rescue Service access corporate social media accounts via the platform’s central dashboard.

There has been an increase in engagement witnessed across all accounts in the last two years which has seen the number of Twitter followers double to over 17,000.

Cheshire Fire and Rescue Service uses social media for two-way communication with residents and county stakeholders, including other Fire and Rescue Services and local Government officials businesses as well as schools in the area.

CrowdControlHQ was selected for the central management of the Fire and Rescue Service’s social media activity following research and a presentation from the company.

Caroline Jones, digital and media services manager at Cheshire Fire and Rescue, explained: “We chose CrowdControlHQ for the level of control and analytics that the company’s solution provides. We wanted a platform where we could allow multiple people to post to corporate accounts. CrowdControlHQ does that safely and securely and it gives a history of all activity, for example who has posted to what and where. Information like that is important for audit purposes.”

Management from a single point

Using CrowdControlHQ makes it possible to manage corporate social media accounts from a single point. Cheshire Fire and Rescue Service chose to have just one account for each social media channel rather than each fire station or areas of the service posting to individual accounts. This means it’s easier for the public and other stakeholders to receive updates by finding, following and commenting on corporate accounts rather than multiple social media accounts for different fire stations across the region.

Jones continued: “Social media is a great way to communicate with the public. Where there are incidents throughout the day it’s really easy, thanks to the central control in CrowdControlHQ, to publish a Tweet or post a message on Facebook and to then plan Tweets for the weekend. Recently, in just 28 days we had 437,000 impressions and posted 168 Tweets. The management team takes social media very seriously and fully supports it as a communications channel.”

Cheshire Fire and Rescue Service also promotes other Fire and Rescue Services’ campaigns and champions national safety initiatives such as the annual road safety campaign using Twitter and Facebook, with links to a web page. CrowdControlHQ is used to plan Tweets and posts in advance and then measure the success of campaigns using the analytics generated.

James Leavesley, CEO at CrowdControlHQ, commented: “We have seen a variety of social media strategies emerging across Emergency Services providers tasked to drive communications objectives. For some, the emphasis is on single channel or multi-responders while others may adopt a multi-channel or in some cases a partnership-style approach.  However, what consistently underpins all the strategies we see is the need for more brand representatives to become involved in delivering messages to the public, raising the reputation risks associated with delivering complex public engagement. Using a risk and compliance platform gives organisations the confidence that they can manage and respond to social media communications effectively, consistently and in a timely manner.”

About Cheshire Fire and Rescue Service

The Cheshire Fire and Rescue Service is led by the Chief Fire Officer and the Service Management Team.  It has 25 fire stations, four community safety centres, three community fire protection offices and a headquarters based in Winsford.

The Fire and Rescue Service responds to emergency incidents – known as Emergency Response (ER)  – across the four unitary council areas of Halton, Warrington, Cheshire East and Cheshire West and Chester.

*For more information visit: www.cheshirefire.gov.uk

About CrowdControlHQ

CrowdControlHQ is one of the UK’s leading social media risk management and compliance platforms built for enterprise. It’s web-based software used by public and commercial organisations to support employees wishing to optimise their social media engagement delivery.

CrowdControlHQ provides tiered access and specialist control features to help manage the reputation risk associated with the delivery of social media in complex, multi-user, multi-campaign and generally busy customer service environments.

It’s a venture capital-backed British business servicing over 125 clients with over 10,000 users. Clients include Experian, Serco, Welsh Water, the Greater Manchester Police and Arriva.

*Additional information is available at: www.crowdcontrolhq.com

Leave a comment

Filed under Risk UK News