Blog

At lunch recently, I opened my fortune cookie and found this message inside: “Any journey must begin with a single step, and you can be the one to take it.” That simple message inspired me to write this blog.

Events taking place after the Trump administration withdrew from the Paris climate agreement have demonstrated there is more than one way to get things done.

A few mayors throughout the country individually decided to take action. Now, the movement has blossomed, and more than 200 mayors, sev

Even if you don’t realize it, your identity is all over the internet. Whether you posted to an internet forum in 1996 or you ever had a MySpace page, this information is still out there, and you have to protect it. Here are some simple and easy ways that you can protect your digital life:

1. Change Passwords – The first thing you should do is make sure you are regularly changing passwords. Make your passwords difficult to guess, and a mixture of letters, numbers, and symbols. Also, make sure that yo

Now Available: A web based interactive map in WPS! The map generates a complete overview of all permit requests, work permits and isolations (LOTO).  Go to https://www.workpermitsystem.com/functionalities/interactive-map for more information.

SANS has recently published its annual security awareness report (click on the link for a copy). Key is the concept of ‘security awareness’, which when combined with their Security Awareness Maturity Model provides a pathway to improved cyber security by managing the organizations cyber security culture.

Sound familiar? It should as that has been my message for years and is integral to my approach and courses. All the cyber security technology is worthless if the organizations cyber security cult

Here's Why Compliance Solutions Are Inadequate for Managing Regulatory Changes

Regulatory compliance is mandatory, but it’s not the end goal; it’s the minimum operating standard. For strong companies, compliance is a mere byproduct of performing well and managing uncertainty. Compliance solutions can also cause difficulties in the face of domestic political risk, which includes significant fluctuations in the regulatory environment.

The biggest differences between regulatory compliance and risk ma

I have facilitated countless workshops for executive teams. Sometimes we kick goals because the exec team have done their homework and really know their business and the challenges they face. They have done enough of the hard-smart work to know what they need to tackle and now they are working through the options and determining the best path forward.

Then there are the ones that have not done their homework. The formation of strategy appears based on hope or even wish rather than facts and consi

You might think it’s crazy to actually hire a hacker, but if you don’t have an ethical hacker on your security team, you could be playing a dangerous game.

Ethical hackers are called “white hat hackers” and are legal hackers, that help businesses find security problems in their networks. Developer and security teams, who build out codes, should have a white hat hacker on their side. This way, they will know from the start if the code is vulnerable. This is also known as “application security”.

How

Symantec recently released its latest Internet Security Threat Report (ISTR). If you are not familiar with this report it provides a global snapshot of the state of internet threats. It examines Targeted Attacks; Email: Malware, spam & phishing; Web attacks, toolkits, & exploiting vulnerabilities online; Cyber Crime and the underground economy; Ransomware: extorting businesses & consumers; New frontiers: Internet of Things, mobile, & cloud threats.

If you want to get an understanding of the threa

A lesson many businesses learn the hard way is that in today's ever-changing and complex regulatory and political environment operational risks appear to be increasingly exponentially. In order to take control of Operational Risk leaders of the company and risk managers need to have the answers to many questions. Can I profitably grow my business? How do I effectively monitor my outsourced activities? Am I paying enough attention to the risk I am taking on?

With every business having its own ri

Last week, news broke of a global ransomware attack that has struck individuals and companies around the world. In the wake of the attack, which has affected computers in 150 countries, many companies are wondering 1) if they’re going to be hit and 2) what they can do to protect themselves.

The WannaCry ransomware attack still isn’t over, and we’ll see over the coming weeks what the final numbers are. It’s not too late to improve preventative measures for the next wave, which will likely be smart

If you use Gmail, pay attention! Security experts have announced that there is a very effective phishing scam out there, and you are a target. This scam, which has only been growing over the past couple of months, is also hitting other email providers, too. However, it’s quite difficult to detect.

According to researchers at WordFence, who make a security tool for WordPress, this is a pretty serious attack and can have quite an impact, even for those who are up on security.

Here’s how it works:

You

I have always been fascinated by the old question, “Which came first, the chicken or the egg?” According to one article I read prior to writing this blog, the chicken came first because the formation of eggs is only possible due to proteins found in a chicken’s ovaries. Because that was the answer I wanted to hear, that is as far as my research went. Now to my point.

Communicating the benefits of an intangible benefit is incredibly difficult. Take communicating the benefits of a program that help

Believe it or not, you just can’t shred too much. If you aren’t destroying your sensitive data, my best advice is for you to start now. There are people out there who make a living diving into dumpsters in search of credit card info, bank account number, mortgage statements, and medical bills; all things they can use to steal your identity.

Here are 12 tips that you can use to help you destroy your sensitive data:

1. Buy a shredder. That said, I don’t own a shredder. I’ll explain shortly. There are a

For more than four years, malware has been posing as legitimate software and infecting industrial equipment across the globe.

The malware, which looks just like the Siemens control gear software, has affected at least seven plants in the US. According to security experts, the malware was specifically designed to attack this industrial equipment, but what it does is not totally known. It is only described as a type of “crimeware.”

The malware was first hinted at in 2013, but at that time, it was no

On Friday, as most of you know, there was a massive global cyber attack that took the form of ransomware. The cost of which is still be calculated.

When you read the articles and analysis several things stand out, which I have been advising you about for some time. The attacks exploited non technical issues. Specifically the all too human behavior that clicks on emails or links that are not secure and not doing updates to key software in a timely manner. All the security technology is helpless if

A new study was just released by the National Association for Information Destruction. What did it find? Astonishingly, about 40% of all digital devices that are found on the second-hand market had personal information left on them. These include tablets, mobile phones, and hard drives.

The market for second hand items is large, and it’s a good way to find a decent mobile device or computer for a good price. However, many times, people don’t take the time to make sure all their personal informati

The Oil and Gas industry is growing but at the same time increases in Oil and Gas activity correlate with an increase in the rate of fatal occupational injuries, particularly when inexperienced workers are not sufficiently trained in safety and precautionary measures.

In addition, Oil and Gas companies also face unprecedented regulatory pressures –organizations are faced with the challenge of effectively managing their OSHA, BSEE, USCG, DOT, EPA, Conflict Minerals, NI-52109, COBIT, ISO and compli

Last blog I said it was good to be common and pointed you to my latest paper on building tribes with a common purpose. This blog I’m not so sure you will be happy to have something in common with insurance companies.

I used to work in the insurance industry. I was there at the Ides of March 2001 when HIH went into liquidation. The insurance industry was and remains a tough industry and has a lot more in common with support functions than you may realise.

The top five things corporate support funct

Storm of Content

The Affordable Care Act. HIPAA. OSHA. If there is one thing hospitals aren’t short of these days, it’s new rules and regulations. And for every fresh law or regulation that gets passed, new or updated policies follow. Add in new technology adoption by the way of Electronic Health Records (EHRs) or mobile health and you’ve got a storm of seemingly countless—and constantly changing—policies and procedures that overworked employees must navigate daily.

The number, type, and complex