Monthly Archives: July 2016

What’s your data breach response plan?

data breach

While businesses prefer to avoid cyber perpetrators entirely, these days nearly all organizations are at risk of a breach.

As the number of incidents (and claims) continues to rise, the prudent strategy is for firms to not only work diligently to prevent an intrusion, but also to have a plan in place to respond quickly and effectively if they suspect information has been compromised.

A data breach response plan proactively outlines the necessary actions a business must take, providing a framework that can be regularly matched against emerging risks and updated if the firm’s situation changes — for example, if additional staff are added in key data privacy or technology roles or if partnerships are formed that could change the way sensitive information is processed.

Developing a data breach response plan, one that is easy to follow and quick to implement, gives businesses time to prepare the necessary resources and mitigate the damage an exposure can inflict. Leaving key tasks to the last minute, such as scrambling to identify qualified outside legal counsel, is unwise and can significantly impact the timeliness and expense of a breach response. Likewise, pulling the plug on a single server without seeking guidance from an experienced technology expert may not shut down the unauthorized access that caused the exposure, thus leaving the business open to further harm. Worse, it may even erase key information a computer forensics company may need to assist the investigation. Getting the firm’s ducks in a row in advance of any breach is a far more effective cyber mitigation strategy.

One component of many small business breach response plans is accessing the financial and technical support available through a well-structured Cyber Liability insurance policy. Coverage options vary widely, so businesses (or the insurance broker) must carefully examine their needs before crafting a policy. For those firms with lean internal resources and thin financial margins, the right insurance can be a key asset when it comes to implementing a solid breach response plan. Below, three steps that will help organizations mitigate data breach disruptions before they occur.

1. Assemble the team

Who needs to be involved in responding to a breach? Before attempting to pull together more than a cursory list of post-exposure action items, it’s critical that the firm identify those individuals or groups that should be contacted in the event of a potential breach. The team will vary from one business to the next, but most organizations will want to include representatives from the executive group, legal (either internal or an outside consultant), privacy or information security, risk management, information technology, human resources and public relations.

Given the growing reliance on external partners — cloud providers, payroll processors and the like — firms should also consider where vendor touchpoints exist and how or when those third parties will contribute to the breach response process. They may need to be included on the contact list or they may even be responsible for raising the initial alarm if a breach occurs. It’s also important to ensure vendor contracts clearly spell out the company responsible when a breach occurs and who is liable for notifying those impacted. Other vendors are also commonly part of the response team, such as media relations consultants experienced in crisis management and notification firms with the resources necessary to quickly inform breach victims about the situation.

If the business has Cyber Liability coverage, the insurance company should also be part of the breach response plan. There are support services included in many policies that will be helpful in the event of an exposure, ranging from forensic investigation teams to data recovery specialists. To maximize the value of any applicable coverage, firms must be ready to access available features quickly and through the most efficient channels.

Click to read the article

Comments Off on What’s your data breach response plan?

Filed under Crime, Insurance, Liability, Management And Ownership, Risk Management

Managing the Storeroom Right

When hotels talk about inventory management, it is usually in terms of rooms—you can’t make money without guests in rooms, whether it is a guestroom, meeting room, or ballroom. But let’s step back and think about what it takes to ensure you have those rooms ready for weddings, groups, family reunions, conferences, and individual travelers.

Have you ever had to scramble to a Plan B solution because you were out of stock on a repair item, such as a joint for the bathroom sink or paint to touch up the trim, or inexplicably ran out of light bulbs? What did it cost you to send someone out on a special run to pick up that item or move a guest to another room while you waited for the part to fix that sink? Even without a maintenance problem, turning rooms can be delayed if your staff does not have the cleaning items needed to do their jobs, despite the significant amount of money you budget for those supplies.

managing housekeeping cart

As you can imagine, the concept of inventory management is one that can apply to the products used to maintain and repair your hotel to keep it running at optimum levels as well.

Through research, Grainger discovered that among organizations surveyed, employees leave the supply closet empty-handed 22 percent of the time because they cannot find what they’re looking for. It could be because that item is misplaced, out of stock, or being used by someone else in the hotel. Whatever the cause, the item isn’t there when needed, despite the investment you made to purchase and stock that item. The chances are extra products will be purchased to fix that specific issue, and the worker will either hold on to that extra for fear of needing it again and not being able to find it, put it where he or she believes it goes (which may not be the same place other workers look for it), or place it where it goes and in doing so, find the missing product (because he or she did not see it the first time or it was returned to its proper location after being used). That translates into wasted time and money, and if it happens enough, a world of frustration.

But how can that happen when it seems like your supply rooms are exploding with products, and some of them seem like they have been there for ages? Interestingly, the same research mentioned above also revealed that only 5 percent to 15 percent of maintenance, repair, and operations (MRO) inventories are frequently used, and an equal percentage of the items are duplicated—because you cannot afford to not have a backup supply. You want to avoid having too much of an item, yet do not want to be caught without enough to meet immediate needs. You want to ensure the right products are in the right place at the right time with minimal expense and effort.

Inventory management programs can help. Whether you choose to manage your MRO inventory yourself or have the supplier manage it for you, there are benefits to be gained. A systematic approach based on real usage data can help you make sure you have the right products on hand to maintain your facility, without over investing in items that you don’t need.

For more info: ( )

Comments Off on Managing the Storeroom Right

Filed under Maintenance, Management And Ownership