Authored by: John Linden, IRMSA Risk Intelligence Committee Member
At any given moment, there are about 1.2 million people on board 9 700 aircrafts travelling to destinations worldwide, for business or leisure. Part of the ‘global economy phenomenon’ is the reality that international business travel is unavoidable, particularly as businesses establish operations in foreign markets. This is however good for us. It means greater opportunities, long-term market growth, access to new talent and diversification. The World Economic Forum refers to this as flexible work and regards it as, “one of the biggest drivers of transformation.” To maintain a competitive advantage and to foster foreign investment opportunities, we need to compete at this level. The life of the business jetsetter is interesting and rewarding, but it is also physically and psychologically demanding. The landscape has changed over the last decade and the modern traveler faces unique challenges as acknowledged in the opening remark of the executive summary for the Global Risk Report 2019 (14th Edition): “Is the world sleepwalking into a crisis? Risks are intensifying but the collective will to tackle them is lacking.” What are travel risks? To be frank, no matter where our business Travelers direct their gaze, they will face risk. The global economy, unpredictable schedule changes, exposure to infectious diseases, adverse weather patterns, new technologies, country-specific compliance regulations, the global crack-down on tax evasion, the ever-changing security landscape, political unrest and communication across different language barriers. These trials test them emotionally, psychologically and behaviorally. Business Travelers become targets by the very nature of their being in a foreign land in possession of valuables, and often with little experience of the customs and security landscape of their temporary host country. We need to protect against our business Travelers being injured, or even becoming the victim of a kidnapping for ransom or worse. What causes these risks? Corporate ethos tends to focus more on business and less on the human aspect. As a result, unintentionally, companies sometimes neglect their Duty of Care by not embracing an organised programme to brief and train employees prior to international travel. Furthermore, formal policies and guidelines, particularly as relates to restricted travel during security alerts, may not be in place to regulate trips. If we are honest, business Travelers rarely take the initiative to familiarise themselves with prospective travel destinations, the security situation, customs and cultures. This leads to unnecessary stress and even to avoidable incidents. Business Travelers who frequently travel to particular destinations, also tend to become complacent and resist security updates believing that they are familiar with any potential threat. Another issue is lack of reporting of incidents. Travelers involved in incidents may experience embarrassment or may fear disciplinary action due to negligence. How to respond to travel risks? Businesses with global operations should invest in a travel management programme administered by a travel security specialist. This portfolio would be responsible to implement policies and practices governing travel security and ensure that the business takes accountability and acknowledges its Duty of Care. The onus is however not exclusively on the business. Travelers should also empower themselves through knowledge and awareness as, ultimately, being responsible for your personal and professional safety can only count in your favor. Things to consider:
MEDIA CONTACT: Rosa-Mari, 060 995 6277, [email protected], www.atthatpoint.co.za For more information on IRMSA please visit: Website: https://www.irmsa.org.za/ Twitter: https://twitter.com/IRMSAInsight Facebook: https://www.facebook.com/IRMSAInsight/?ref=hl LinkedIn: https://www.linkedin.com/company/irmsa-institute-of-risk-management-sa/
0 Comments
Provided by Wilna Meiring, IRMSA Risk Intelligence Committee Member
From online transactions and banking to shopping and gaming, cyber attackers are methodically finding new ways of using your devices against you, making each one of us increasingly vulnerable. In order to have a positive and safe experience in the digital world, we need to understand the ever-increasing diversity of digital threats and equip ourselves with the necessary knowledge and skills. Unfortunately, too many users/consumers are oblivious to the threats and how quickly cybercrime is evolving. Hackers are no longer as interested in breaking through firewalls or systems just to show they can. Their focus has shifted to theft of personal information and identity theft for financial gain with phishing being the most common method used to trick/deceive you into disclosing your data. According to the 2018 Norton Cyber Safety Insights Report, 37% of consumers globally experienced cybercrime with malicious software being the most common cyber related crime experienced.The report further highlights that less than half of consumers globally have taken any measure(s) to protect their personal information and online activities. The information below will assist to stay abreast of the risks and to anticipate and safeguard us against some of these threats. Protecting information online Companies learn a lot about consumers/users through the data they collect from online activities which assists them in understanding consumer behaviour and developing personalised offerings for targeted advertising. This includes data on preferences when shopping online, social pages that are liked or followed, media channels that are used and the personal information included on social profiles. Another dimension to the digital world and online activities is sharing - users share news, information, events, pictures, experiences and a lot more to build and maintain relationships as well as create new ones. Staying safe and secure in a digital world can be difficult. Not all hope is lost though, and there are some simple measures you can take to protect yourself and your information online:
We have all seen the message “This website stores cookies on your computer” while browsing the internet. So what are cookies? These are essentially a mechanism to how the internet (web) works. An HTTP cookie is a small piece of data sent from a website and stored on the user's computer by the web browser while the user is browsing. Cookies were designed to be a reliable mechanism for websites to remember a record of interaction information or to record the user's browsing activity. While cookies cannot infect computers with viruses or other malware, the danger with cookies are that cyber attackers can hijack cookies and, therefore, browsing sessions and track individuals' browsing histories. Take care to ensure that if you are using a public computer/device, you should delete cookies when you have finished browsing so that subsequent users will not have access to your data (sent to websites) when they use the browser. Business Email Compromise (BEC) BEC is a type of attack where a cybercriminal compromises or spoofs a corporate email account of an executive/senior member of staff to defraud the company, its employees, customers or business partners. In recent years the amount of BEC attacks have significantly increased with the FBI’s Internet Crime Complaint Centre putting global BEC losses in excess of $12 billion (USD) over the last 5 years (2013 – 2018).BEC attackers rely heavily on social engineering tactics and trick unsuspecting employees with well-worded, very specific email requests that appears completely legitimate. While there are many variations, the attack basically entails targeting employees with access to company funds/finances and tricking them into making transfers or payments to the bank accounts of the cybercriminal/fraudster. Requests typically impersonate senior employees and include an element of urgency and a request for confidentiality. The same modus operandi is also used to target customers or business partners. BEC prevention measures that can reduce this risk includes monitoring networks for suspicious emails, encrypting emails, diligently checking the sender details, independently confirming requests with the sender and most importantly employee training given BEC attacks rely primarily on employees’ vulnerability. Email and connected devices In some cases, risk-avoidance behaviour by users do not seem to extend to how email and connected home devices are used.Case in point, approximately half of all users cannot distinguish between a real or scam/fake email or are operating their home devices with limited or no protective measures in place. Frank Abagnale, the subject of the book and film, Catch Me If You Can, states that, “stealing your identity is like counting to three.” The reality is that we are all at times careless with our information or likely to accept certain risks online. Taking a few basic steps will however go a long way to protect yourself and your privacy:
MEDIA CONTACT: Rosa-Mari, 060 995 6277, [email protected], www.atthatpoint.co.za For more information on IRMSA please visit: Website: https://www.irmsa.org.za/ Twitter: https://twitter.com/IRMSAInsight Facebook: https://www.facebook.com/IRMSAInsight/?ref=hl LinkedIn: https://www.linkedin.com/company/irmsa-institute-of-risk-management-sa/ Authored by: MS. Mpho Modisane, IRMSA Risk Intelligence Committee
In recent years, many more organizations have established Business Continuity Management Programmes (BCP’s) which define the different processes (suggestion to utilise the wording of ‘process’ rather than ‘system’ due to general, but not always, confusion around BCP and DRP) of avoiding and recovering from potential disasters to their business. With the number one goal of a Business Continuity Plan (BCP) serving to allow for continuation of operations while recovering from a disaster, the key component of the success of BCP’s relies on the organization’s resilience programme. Resilience Defined: The Business Continuity Institute defines Resilience as the adaptive capacity of an organization in a complex changing environment. Resilience is the more mature aspect of recovering from disaster which is the ability of an organization to uphold its functions regardless of drastic changes in the internal and external environment. Therefore, in their quest to achieve greater maturity in response to and recovering from disasters, an organization must consider a tailor-made resilience program to enable continuation of business under adverse circumstances. Resilience Statistics: In their annual Africa Resilience survey, Ernst and Young (EY) discovered that although majority of African Organizations have good BCPs; they in addition require a matured resilience programme to reduce the likelihood of exposure and recover from disruptive events when they happen. The conclusions from the survey indicate that approximately 72% [Level 2 – Level 5] of the respondents reported that their resilience programme can assist in recovering business operations after a disaster. Of that number, 5% is certifiable and 28% can recover all critical functions within approved Recovery Time Objectives. Only 28% either cannot recover operations or the respondents do not know the maturity level of the programme. Over 64% of the aggregated participants have indicated an alignment of their companies BCM resilience solutions, to international best practices, i.e. ISO 22301, ISO 22316, BS 65000, ISO 27031, the Business Continuity Institute Good Practice Guidelines 2013 and/or COBIT. Of the 64% approximately 10% have specified that their companies are aligned to BS 65000 i.e. a Guidance document on organisational resilience. The EY survey further rated the resilience maturity of the sampled organizations in line with international standards on a five-point scale, with five being the most mature level: Level 5 Certifiable Programme Level 4 Can recover all critical functions with approved recovery time objective Level 3 Can recover some critical functions with approved recovery time objective Level 2 Can recover limited business processes via information and undocumented processes Level 1 Cannot recover from or survive a disruption (programme does not exist) With the survey having revealed that 5% of the sampled organizations have reached level 5, 28% level 4, 24% level 3, 15% level 2 and 10% level 1 maturity of business resilience. The remaining 18% of the respondents indicated level of resilience unknown. What this indicates is that although 72% of the respondents reported that their resilience programme can assist in recovering business after a disaster, only 5% have their risk management sources spread beyond the scope of traditional risk methods. The need to be multinationally resilient: The complication with any organization operating multinationally is that the nature of disasters become foreign, away from the home country. The best assurance any organization can get against unknown material disruptive events is to align with international standards both at policy level and implementation. A multinationally resilient organisation can reduce their vulnerability through adopting a resilience programme which gives them the opportunity to recover all critical functions within the approved Recovery Time Objectives. As a risk professional have you considered that:
ENDS MEDIA CONTACT: Rosa-Mari, 060 995 6277, [email protected], www.atthatpoint.co.za For more information on IRMSA please visit: Website: https://www.irmsa.org.za/ Twitter: https://twitter.com/IRMSAInsight Facebook: https://www.facebook.com/IRMSAInsight/?ref=hl LinkedIn: https://www.linkedin.com/company/irmsa-institute-of-risk-management-sa/ |
Welcome to the IRMSA Newsroom
Archives
December 2020
Categories
All
|