If I Knew Then What I Know Now…
Posted In Business Continuity, Emergency Management, Legal, Pandemic Flu, Regulatory Compliance on September 15th, 2010 Tags: 9-11, columbine, Compliance, Incident Reporting, Katrina, preparedness, Red Flags, Security, Virginia Tech
Most everyone has heard or muttered these words at some time or another:
If I Knew Then What I Know Now…
The saying is most often used when we look back at our life and we realize that if I knew then (when I was younger) what I know now (with more experience and wisdom), I may have made some different decisions.
The saying also came to mind recently as we were reminded of the 9year anniversary of September 11th and the 5 year anniversary of Katrina and numerous other incidents that have provided experience and wisdom that we could have used before these events took place.
As I was reflecting on these and numerous other events I started thinking about how so many of the incidents and unwanted results could have been prevented from ever happening had certain people known what others knew….and perhaps how this saying should be updated to:
If I knew now what you know now.
We now know that there were multiple people who noticed red flags or knew about 9-11 before the attack. We now know that multiple people at Virginia Tech and Columbine noticed red flags or knew about these attacks before the attacks we launched. In numerous other incidents, we now know other people besides the aggressor(s) knew about red flags, suspicious actions and misguided plans before the tragic incidents actually occurred.
Unfortunately these other people who noticed red flags or knew about what was coming did not provide their information to people who could have intervened and prevented the incidents and could have saved millions of dollars and saved the lives of many.
How are you getting people to report red flags or suspicious behavior or ethics violations or safety improvements?
Lessons learned clearly show that lack of awareness and not connecting the dots will lead to gaps and disconnects that lead to expensive, embarrassing and tragic incidents.
So if you are responsible or accountable for security, safety, preparedness, compliance, legal due diligence, finances, customers, patients, etc….do you know now what others know now??
No Comments
Weekly Update: Implementing Lessons Learned
Posted In Information Privacy, Information Security, Pandemic Flu, Regulatory Compliance on August 24th, 2009Please take a moment to consider how these Lessons Learned could be implemented by managers within your organization to avoid expensive and embarrassing situations…
U.S. Government Advises Businesses on Swine Flu.
Government officials are calling on U.S. businesses to help manage the H1N1 flu this fall by developing customized plans for managing both the seasonal and swine flu, getting vaccines to vulnerable workers and encouraging employees with symptoms to stay home.
Court indicts Hackers in Largest Data Breaches in US History
A federal grand jury in New Jersey indicted Albert “Segvec” Gonzalez in the largest hacking and identity theft case ever prosecuted. Gonzalez was involved in allegedly stealing more than 130 million credit and debit card numbers by hacking into Heartland Payment Systems, as well as Hannaford Brothers, 7-Eleven and other unnamed national retailers. Gonzalez was also indicted on accusations of stealing 41 million credit and debit card numbers from major retailers, including TJ Maxx.
Campaign Monitor, an Australian email marketing application, was a victim of a hacking attack when unauthorized users broke into the Campaign Monitor servers and accessed customer accounts. The compromised accounts were used to send spam, using lists already in the account and lists imported by the hackers.
Massachusetts Data Protection Law Deadline Extended to March 1
The deadline for compliance with the Massachusetts data protection law, 201 CMR 17.00, has been extended to March 1, 2010. 201 CMR 17.00 requires all companies, large or small, that conduct business within Massachusetts to protect the personal information of Massachusetts residents.
Lessons Learned are extremely valuable and must be implemented on an ongoing basis to ensure ongoing success and ongoing CYA! For more information on implementing lessons learned click here.
No Comments
Weekly Update: Implementing Lessons Learned
Posted In Information Security, Pandemic Flu, Regulatory Compliance on August 17th, 2009Lessons Learned Review…Keeping You Out of the Headlines and out of this blog…
Please take a moment to consider how these Lessons Learned could be implemented by managers within your organization to avoid expensive and embarrassing situations…
A recent survey revealed that although most small retailers feel somewhat familiar with PCI-DSS and also understand the importance of security, most small retailers express frustration with understanding, implementing and paying for compliance.
Has your organization met compliance requirements? Is your data secure?
Schools are Given New Flu Guidelines
The federal government released new guidelines as schools across the U.S. prepare for the new school year and brace for the H1N1 virus.
Is your organization prepared?
The homepages of several members of the House of Representatives were hacked and defaced with digital graffiti earlier this month. The breaches were the result of passwords assigned by the vendor to member offices that were never changed.
Are you using default passwords?
Lessons Learned are extremely valuable and must be implemented on an ongoing basis to ensure ongoing success and ongoing CYA! For more information on implementing lessons learned click here.
No Comments
To Do Lists and Got To Do Lists…
Posted In Business Continuity, Information Security, Legal, Pandemic Flu, Regulatory Compliance, School Safety on August 14th, 2009 Tags: FTC, H1N1, Heartland, HIPAA, HITECH, Obama, OSHA, QSAsEvery manager I talk to has a long To Do List and they all say the list is getting longer.
Then I ask them a question about their GOT TO DO LIST? Their responses usually include groans, moans and terribly painful looks on their faces.
As I talk to more and more managers and review more and more headlines in the news, it is obvious to me that managers’ GOT TO DO LISTS are becoming more painful by the day.
Why are GOT TO DO LISTS getting more painful? Look at these articles which include lessons learned as well as future challenges:
Heartland CEO on Data Breach: QSAs Let Us Down
HITECH Act Ramps Up HIPAA Compliance
Obama Wants Big Banks to Pay More for Oversight
FTC Announces Expanded Business Education Campaign on ‘Red Flags’ Rule
Updated Federal Guidelines for 2009 H1N1 Influenza in Schools Offer Many Options
Improving OSHA’s Enhanced Enforcement Program
How are you managing and implementing your GOT TO DO LIST?
No Comments
H1N1 Could Hit Up To 40% of US This Year…
Posted In Pandemic Flu on August 3rd, 2009 Tags: H1N1, Pandemic FluNot sure if most people saw the article in USA Today, but health officials from the Center for Disease Control and Prevention made a disturbing new projection that up to 40% of Americans could get H1N1 (swine flu) this year and next….and several hundred thousand could die if a successful vaccine campaign is not ready.
These projections for the US are nearly twice the number of people that catch the flu bug in a normal season.
Is your organization prepared? Has your organization performed assessments to determine what could happen and what would need to happen if up to 40% of its staff was sick or home with sick family members?
Has your organization developed plans and responsibilities to ensure everyone knows what to do in different situations so your organization is prepared to prevent, respond and recover?
Has your organization considered how they are going to implement the results of your assessments and the details of your plans and responsibilities? In other words, do all managers, employees at work, employees at home, partners, contractors, vendors, service providers, community organizations, municipalities, law enforcement and other third-parties know what to do, when to do things, who should do what, where to go and why?
Now that officials in Europe are seeing more H1N1 flu cases and fast-tracking a vaccine, managers in the US should take note and immediately begin updating and implementing their Pandemic Flue plans and responsibilities to be better prepared for the upcoming flu season.
And one more thing…schools can very quickly become germ factories for the flu and school season is just around the corner.
No Comments
Swine Flu Preparedness…White House Megaphone vs. Twitter Megaphones
Posted In Business Continuity, Emergency Management, Pandemic Flu on April 29th, 2009 Tags: Emergency, Megaphone, Pandemic Flu, Swine Flu, TwitterThis past Sunday I was watching and listening to DHS and HHS officials talk about the Swine Flu Alert. During the announcement I found it interesting that Secretary Napolitano made a special point to clarify the declaration of emergency by saying she wished they could call it a declaration of emergency preparedness, because that is really what it is in this context.
I agree with Secretary Napolitano that a declaration of emergency preparedness is needed because most organizations are not well prepared for a Pandemic flu outbreak….but that is another topic for another day.
Then I came across a headline on CNN about Twitter causing controversy as some of the Twitter micro-blogging is propagating fear, unnecessary hype and misinformation about the outbreak while others comment that the Twitter buzz is a good sign that people are talking about the issue.
No matter what you think about Twitter, everyone using Twitter has a megaphone to use however they want.
So, are there any Lessons Learned involving megaphones? Remember what happened when Orson Welles went on the radio in October 1938 and presented a series of simulated news bulletins that suggested an actual Martian invasion was in progress? The radio show created panic and widespread outrage with some calling the event cruelly deceptive.
So, what happens if an ‘Orson Welles’ or terrorists decided to use Twitter to create panic or spread hype and misinformation about the outbreak? Is your organization prepared to address rumors, hype and misinformation from Twitter and other megaphones?
What happens if your employees stayed home from work because of misinformation?
What happens if ‘bad guys’ or ‘competition’ use Twitter to create panic with your customers and your partners?
Does your organization have a way to securely communicate accurate and sensitive information with your employees? With your partners?
Can your organization ensure integrity and accountability for information at the individual level?
Lessons Learned clearly show megaphones can create complex problems and megaphone management is a dangerous trend that is creating expensive and massive “pains” for organizations of all sizes.
In today’s world of megaphones, organizations need tools that can deliver the right information to the right people in the right place at the right time with accountability and auditability.
No Comments
Swine Flu: U.S. Declares “Emergency of Preparedness”
Posted In Emergency Management, Pandemic Flu on April 29th, 2009On Sunday, Secretary Napolitano declared an Emergency of Preparedness, stating, ‘…we’re preparing in an environment where we really don’t know ultimately what the size or seriousness of this outbreak is going to be.’
I agree that this declaration is needed because most organizations are not well prepared for a Pandemic flu outbreak. Studies show that organizations need to have pandemic plans that address workforce absenteeism rates of 40 percent or higher.
What if 40% of your employees were staying home because:
1) They are home sick
2) Family Members are sick
3) Schools are closed
4) Employees fear becoming sick
What if your vendors are unavailable due to travel restrictions/sick employees?
What if your partners are unavailable due to travel restrictions/sick employees?
What if your employees are unable to travel and make sales calls due to quarantines/border restrictions?
If your organization allows employees to work remotely, how do you know if people are receiving communications?
How can you ensure that all appropriate personnel have access to pandemic flu plans and procedures and understand their roles and responsibilities?
Gaps in communications and coordination efforts must be addressed sooner than later. Has your organization reviewed or updated your pandemic flu plan recently? Are you prepared?
No Comments
