Coronavirus: Taking Care of Your Team

Wanted to send a few updates in response to the first quarantine in the NYC metro area of the coronavirus and I wanted to be sure you were included. Learn more here: https://www.bloomberg.com/amp/news/articles/2020-03-10/new-york-to-close-gathering-places-in-suburb-hit-by-coronavirus

Here are some immediate next step suggestions:

  • Take inventory of who on your staff, vendors, contractors (critical business partners) that can be impacted (even by a travel commute).
  • Business continuity: If your staff works remotely for the rest of the week can all business critical process be conducted remotely and securely? (Finance, accounts payable, accounts receivable, HR, security etc.
  • Security and Privacy: Is your team able to work remotely and STILL maintain the confidentiality, integrity, privacy and availability of systems data? (Not sure – give Jessica a call and she can take you though a quick check list. 929-800–1184).

Good information shared from one of our PurePoint Community Members:

Regarding any in person meetings (no matter how critical):

  • If someone is not feeling well, it is recommended they stay home and rest.
  • Carry tissues to cough or sneeze into, and have a little “trash bag” to put those used tissues into once finished.
  • Wash hands as soon as staff arrive anywhere after traveling. Avoid touching backs of chairs and handles of doors/shopping carts, etc directly – use a tissue or sanitizing wipe before grabbing.
  • Use hand sanitizer or a sanitizing wipe to clean hands after contact with “life”.
  • Bump elbows when greeting each other.
  • Avoid touching your face.
  • If you have a mask, it’s not about filtering out the germs – the sole purpose of a mask is keeping hands away from mouth and nose.

The other “tip” is get Zinc lozenges. Take one every 2-3 hours (follow package instructions). There has been a memo from a doctor going around where he says Zinc works like a charm for blocking cold and flu viruses, including the corona virus.

The last piece I’d like to share are thoughts  known to help our bodies strengthen its immune system and create an optimized environment in the body so it can do its job:

  • Double up on your nutritional regimen (of course, consult a nutritional/wellness practitioner about double dosing protocol on each item you take).
  • Take an option to lessen alcohol intake for the month of March for extra support to your immune system.
  • Get an ideal night’s sleep. It’s that simple.
  • What we focus on expands. Health and mind-state are linked. Our job is to keep our mind free of fear. Fear suppresses our immune system. So the practice is this: if you catch team/staff dwelling on fear (disappointment/upset/breakdown), as leaders help shift the focus to what is working great, what is amazing, by focusing your attention on gratitude or what’s going well (I.e., thankful our team is healthy).
  • Eat a clean diet – at least for the month of March! (Then go back to your favorite processed foods.) Wherever we can, try cutting out processed foods. We are brilliant machines designed to override invasion to the body. Optimizing our well being makes a difference.

We are here to serve you. Please let me know if you have any questions.

Jessica Robinson, CEO of PurePoint International, and works as a Virtual/Outsourced CISO to middle market business in financial services and insurance. You can reach her at jessica@purepoint-international.com.

 

Cornavirus: Top Three Priorities Today

Situation Update:  World Health Organization has declared a global public health emergency for the novel (Wuhan) cornoavirus. There are currently over 37,000 cases with more than 800 people confirmed dead. There are confirmed cases in 25 countries outside of China.

What Has Changed: January 30th it was confirmed the virus was transferred from person to person in the United States after someone returned from visiting China. There is currently no vaccine.

How serous is this as a US resident? There have been 12 cases of the Wuhan virus in the US as of Wednesday. The person to person spread of the virus occurs when people are in close contact for a number of days with someone who carries the virus.

What to keep in mind for your business: This outbreak will continue, so as you think about the workplace over the next several days here are some considerations for you or your leadership team.

  1. Upcoming Travel: Some airlines have now suspended trips to China. Check your airlines for all cancellations and adjustments. For other travel updates, you can check the local airport for domestic travel updates and the State Department for international travel warnings. If you are traveling in the coming days possibly expect longer than usual lines and travel wait times. Also check local alerts from your local public health department.
  2. Working from Home Policy: What is the determining factor to have people work from home in your business. What would determine that and for how long would someone need to stay home? What leader has the authority to makes these decisions? Think about how this may impact your business operations. When deciding what action to take for any crisis this should not be a unilateral approach. It does need to be consistent with existing labor laws and regulations. Communicate with your HR partner, security/operations partner and legal counsel if necessary.
  3. Resource and Fact Sheet for the Virus: Here is an information resource for your business on the virus (symptoms, how individuals can protect themselves).

Jessica Robinson, CEO of PurePoint International, and works as a Virtual/Outsourced CISO to middle market business in financial services and insurance. You can reach her at jessica@purepoint-international.com.

 

 

 

Situation Update: Coronavirus and What You Need to Know

Situation Update:  World Health Organization has declared a global public health emergency for the novel (WuHan) cornoavirus. There are currently over 8,100 cases with 170 people confirmed dead. There are more than 100 confirmed cases in 20 places outside of China.

What Has Changed Today: It has been confirmed the virus was transferred from person to person in the United States today after someone returned from visiting China. There is currently no vaccine.

How serous is this as a US resident? There have been 6 cases of outbreak in the US. The person to person spread of the virus occurs when people are in close contact for a number of days with someone who carries the virus.

What Are Our Responsibilities to Our Business/Organization? This outbreak will continue, so as you think about workplace over the next several days here are some considerations for you or your leadership team.

  1. Upcoming Travel: Trips are being cancelled (some) from the US to China. For other travel updates you can check the local airport you are flying from for domestic travel, and the State Department especially for international travel. If you are traveling in the coming days possibly expect longer than usual lines and travel wait times.
  2. Local Alerts: Check alerts from your local public health department.
  3. Business Operations: Think about what you would do if a higher than normal percentage of your staff called in sick. How could this impact your business operations? What if an employee’s family member is impacted? If a person on your team gets sick from the Wuhan virus, who is the back up for their role, especially if it is supporting a critical function or business critical process for the organization. Think about how this will impact the continuity of your business and current delivery expectations for internal and external stakeholders. In more serious cases, think about what would happen if your entire building or town was quarantined.
  4. Internal Company Communications: What is your communication plan internally? Some organizations in the wake of a major snowstorm, earthquake, or hurricane will make the decision to communicate via phone or text in deciding to close the office for the safety of the employees and clients. It just simply may be safer for employees not travel into work.  Who is involved with this decision? What leader has the authority to makes these decisions?
  5. Working from Home Policy: What is the determining factor to have people work from home. What would determine that and for how long would someone need to stay home?
  6. Go Bag: If your office has Go Bags this could be a good time to update them. Though it may not directly relate to a virus outbreak, it is meant for several emergencies and can be beneficial, especially if your bag happens to have Personal Protective Equipment like facemasks.
  7. Top Down Approach: When deciding what action to take for any Crisis Plan this should not be a unilateral approach. It does need to be consistent with existing labor laws and regulations. Partner with your HR partners, security/operations partner and legal counsel if necessary.
  8. Resource and Fact Sheet for the Virus: Here is an information resource for the leadership team on the virus (symptoms, how individuals can protect themselves).
  9. What We Can Expect: Global coordination by governments to stop the spread of the virusAs necessary, federal, state and local governments have and/or will update travel advisories and guidelines or recommendations for jurisdictions in the United States impacted by the Wuhan Virus.There will be stringent and required monitoring of this outbreak by government officials which could impact small and large businesses alike.

 

If you have additional questions, please let us know: If you have a Crisis Management Plan with us and have specific questions or updates that require implementation, please let us know. If you don’t have a Crisis Management Plan or Business Continuity Plan, but would like to discuss implementing one, please feel free to contact Jessica directly at Jessica@purepoint-international.

The Top 7 Cybersecurity Threats for C-Level Leaders in 2020 That Will Impact Your Company This Decade (If Not Addressed)

 

In looking at the future we must first look to the past. Without a doubt, there will be key cybersecurity focuses from the past five years that will continue into 2020 and beyond. This includes mitigating phishing and ransomware attacks, IoT vulnerabilities, mobile security threats, as well as increasing secure dev ops, and continued migration to the cloud. This is probably not a surprise and something many C-level leaders are aware of whether, or not, their company has fully invested in these areas.

However, in addressing cybersecurity concerns that will impact businesses over the next 10 years they are just as complex, more deeply rooted, and in some cases harder to change. In this article I am not referring to something like quantum computing. I am referring to the challenges that have already plagued us the past few years, and can no longer be allowed to continue over the next ten years if you want to have a thriving business in the next decade and beyond. I am referencing the reality of living in a video streaming world, but still using DVDs players (or beta players) to watch movies. These threats don’t always evolve around technology. It’s a mindset that requires behavior change. It can be hard to understand, and often require us as leaders to look at ourselves and ask the hard questions.

For C-level executives, here are 7 cybersecurity threats of 2020 that will impact your business this decade if not addressed.

  1. Uninformed executives continue to be the #1 cybersecurity risk for a company. I know this is a bold statement, but can you really think of anything scarier in a company today than an uninformed C-level executive making decisions that impact not only the cybersecurity program of an organization but the alignment of security and business objectives, including the cybersecurity budget, the organization’s approach to vendor risk, and the overall impact to clients? The ultimate accountability of the cybersecurity program lies with the management team of a business and a true lack of understanding of risks by C-level executives is what will cause a business to not survive in 2020 and beyond. I am not just referring to the impact of one breach. I am talking about on the consistent and ongoing lack of engagement by an executive, or executive team, on the topic of cybersecurity and then making decisions that impacts clients, employees and other stakeholders. Demonstrating cybersecurity understanding and awareness, in the next five years will be critical for all members of executive teams and board members regardless of your role. It will be a qualifying piece in the price of admission. Globally, 40% of companies cited their executives, including the CEOs, as their highest security risk (Information Age/Prescient, 2019). In many cases, executives can be the target of a malicious hacking scheme, and in other cases, an executive can fall prey to an attacker via social media, when traveling, or when accessing email.
  2. Thinking global politics and security trends won’t impact your business. In 2016 we saw how the election impacted the public but also Facebook. Economic espionage by countries, particularly China, is well known and continues to be a persistent threat to business and universities in the United States. Nation-state hacking does not appear to be slowing down and potential war with Iran only increases the likelihood of a cyber war impacting businesses. A cyber war puts all businesses, including small business, on the front lines of a war.
  3. Dismissing AI as part of your company’s detection and response strategy. In this decade as the cyber threats become more AI enabled, our ability to respond will need to be congruent. As technology threats change the way we defend against them will need to change. As a c-level executive, do you know how AI and machine learning are being utilized in your company’s cybersecurity program? The Capgemini Reinventing Cybersecurity and Artificial Intelligence Report states that 69% of enterprises believe AI will be necessary to respond to cyber-attacks. Additionally, 64% of enterprises say that AI lowers the cost to detect and respond to breaches and reduces the overall time taken to detect threats and breaches by up to 12%. The amount of time threat actors remains undetected drops by 11% with the use of AI (Forbes).
  4. Unaware of vulnerabilities from IT teams or managed service providers. Ignoring, or failing to mitigate, risk from those who have access to our environment can be “business ending” in this decade. Managed service providers are increasingly targeted by cyber criminals. Building a zero-trust technology environment is only one a way to address this. Having consistent follow up with third party technology vendors and checks and balances with the IT team, internally, is a trifecta approach to this risk.
  5. Underestimating the impact of 5G on your business. This will severely impact IoT devices in your business and your home. As a c-level executive, are you thinking about the impact of 5G to your company infrastructure and cybersecurity program? Once 5G networks are rolled out to the larger public, devices (IoT) will be connected from a variety of mediums increasing vulnerability from attackers (Malwarebytes). The NotPeyta attack in 2017 caused $10 billion in corporate losses. The combined losses at Merck, Maersk, and FedEx alone exceeded $1 billion. 5G networks didn’t exist at the time, of course, but the attack illustrates the high cost of such incursions (Brookings).
  6. Playing the “waiting game” on privacy. Compliance overall will impact a company’s profitability if there is a breach AND a lack of adherence to a regulation resulting in fines. Privacy and cybersecurity regulations are increasing annually. As a C-level leader, are you reviewing the type of data you collect, what you do with it, and how you protect it? The Global Data Protection Regulation, GDPR (privacy regulation in Europe), and the California Consumer Privacy Act, CCPA (effective January 1, 2020), indicate maintaining reasonable data security is no longer enough. If operating in regulated areas, you must determine how to align your business goals with privacy rights of individuals around the world. Adherence to GDPR (which applies to all businesses, large and small, that collect data on European residents), CCPA or PIPEDA (Personal Information Protection and Documents Act in Canada) is a must as well as understanding how it impacts the roles and responsibilities of the security and technical teams. The European Data Protection Board’s recap of GDPR activities between May 2018 and May 2019 states 144,376 complaints or queries were lodged with EU data protection authorities during that year (The Legal Intelligence).
  7. Believing it’s impossible to defend against cyber threats. This is the defeatist mentality. It’s amazing how many people I meet that say, “Is there really anything you can do about hackers anyway?” Or “We’re too small.” If you don’t impact this way of thinking it will impact your business in the next decade. If fact, you may no longer have a business. In the 2020s, doing nothing in regards to cybersecurity in your business will not be an option. It’s now part of the cost of doing business.

Jessica Robinson is CEO of PurePoint International and works as a Virtual/Outsourced CISO to middle market businesses in financial services and insurance. Jessica and her team specialize in working with companies with $100M-$500M in revenues. You can reach her at jessica@purepoint-international.com.