library

Be ready for any disaster

Just under half of small firms in the UK have no plan in place to ensure that their business could survive an emergency or disaster., according to research from AXA.

Many are not covered against risks that have a much greater chance of hitting their business than terrorism, such as a fire or a flood. If the unexpected happens, companies without a contingency plan could lose thousands of pounds or even go out of business.

The insurer said the fact that these companies had such a plan was worrying because of the time it can take businesses to recover from a disaster. Research by AXA found that almost one in five small to medium-sized firms had been hit by a disaster.

One in 12 said it took them more than six months before they were up and running again and it took one in 20 of them more than a year to get their businesses back on track. AXA's risk control strategy manager Doug Barnett said: "Businesses face a number of challenges and risks and they need to do everything possible to reduce the chances of these happening. "They also need to have an effective plan in place to deal with them if they do.

Every year, thousands of enterprises fold but some of these could be saved if they had a strong business continuity plan in place." Even if a business does have plans in place it is important that companies tweak them so that they are prepared for potential seasonal risks and carry out annual test to see they will work.

END

If you would like to know more about how your organisation can get involved and benefit from working with the Continuity Forum, please email us HERE! or call on + 44 (0) 208 993 1599. 

 


Bombings trigger high state of alert

Aug 3 2005 Liverpool Daily Post

Penny Fray looks at how Merseyside businesses are protecting themselves against the new agents of evil

The world in 2005 is a dangerous and uncertain place. Businesses as much as individuals are vulnerable to the twin threats of urban terrorism and high tech fraud. But experts claim that most companies remain hopelessly unprepared for the consequences of a major attack, estimating that as many as nine out of ten SMEs could go out of business within two years of suffering a catastrophe.

A recent Liverpool Chamber of Commerce report claims that most small to medium sized enterprises have neither a written security policy nor a contingency plan to deal with disasters such as fire, severe flooding or a terrorist bombing. Moreover, 80% of those analysed don't even have adequate procedures to deal with IT and utility failures that would otherwise enable them to function effectively during an emergency.

David Chandler of G Security and Surveillance in Prenton, Wirral, isn't surprised but claims the wheels of change are now in motion. "No-one starts the day believing that the physical presence of a business will be gone later that morning, especially here in Merseyside," says the former police detective turned security expert. "But if the terrorist attacks of September 11 have not already altered the way that businesses view security and disaster planning, the terrible events in London will. "Already, we've had a flurry of calls from both private and public sector agencies worried about safety.

Certain schemes involving public buildings have been brought forward and additional security budgets have been made available." One company that has gone to great lengths to ensure that their security system is bang up to date is Living Ventures, the name behind popular celebrity hang-outs such as The Living Room and Est, Est, Est. "People these days need to feel safe," says Richard Tarran, an IT and systems executive for the company. "That's why we've gone to great lengths to ensure that we're one step ahead of the game through installing equipment and making sure that everything is the best it can be." Although several other large companies in the region confirm a similarly heightened emphasis on security, they've all declined to comment for fear of reprisals.

However, the Daily Post discovered that one large retail outlet has just installed a hi-tech visual verification system, recording vehicle number plates - even those moving at up to 100mph in the dark. Iris scanning, hi-tech firewalls and shatter-proof windows have become popular options for those eager to stay abreast of 21st century crime. "Like most companies who provide extra protection against crime, we've seen a sudden rise in the sale of laminated windows," confirms Kay Ruddy, managing director of Bebington Glass.

Continuity Forum Comment

It is great to see that organisations are investing in better security, but that really is more a comment on what hasn't been done in the past, rather than being a positive step forward in resilience and Business Continuity Planning. Integrating the BIA and Risk Assessment phases of Business Continuity Management presents the organisation with far greater overall Resilience against a wider range of events, while enabling greater value to be achieved.

END 


Small Businesses Increasingly Vulnerable To Security Threats

More than half experienced a security breach this year.

As small businesses begin to depend on increasingly sophisticated technologies to run their operations, they are also leaving themselves wide open for security threats, according to a new survey by the Small Business Technology Institute and Symantec Corporation. Small businesses lack sufficient security controls over such basic systems as email (20 percent are not secured) and wireless networks (60 percent are not secured).

Exercise Triton 04 - Lessons identified

Exercise Triton 04 was the first national exercise of its kind and size, It took place in June and July 2004. The scenario covered an extreme event (up to one in 1000 year occurrence) and with extensive flooding affecting nearly half of England and Wales. The exercise tested the nation's ability to work together and deal with extensive flooding. The scenario deliberately tested systems that would not normally be planned for and identified valuable lessons for the Environment Agency and partners in improving: How we work together How we can improve our forecasting The plans and procedures that we use How we communicate The resources at our disposal And in understanding: How the Civil Contingencies Act will change the way we work.

Who took part? Over 60 organisations and agencies took part nationally, regionally and locally. Teams of people based at 35 locations were presented with the emergency scenario and asked to respond as they would if the events were real.

Examining the Risk Management Environment

Half of the risk managers who responded to a recent survey believe that the insurance market is softening and that premium rates will reach their lowest point in 2007 and 2008.

Property and casualty rates are anticipated to drop more significantly than D&O and workers compensation, but despite this optimism, only about a third of those surveyed believe that their insurance spending will decrease in 2005 and 2006.

Business Continuity ' a practical approach' - Free EVENT - 7th July - Derbyshire

EAST MIDLANDS REGIONAL RESILIENCE FORUM, in conjunction with the Continuity Forum

A FREE ONE DAY SEMINAR

Date and Time

Thursday 7th July 2005
09:00 - 16:00

Location

Derbyshire Constabulary Headquarters
Butterley Hall
Ripley
Derbyshire
DE5 3RS

BUSINESS CONTINUITY MANAGEMENT

Practical Implementation

2004 saw the introduction of the Civil Contingencies Act that placed new responsibilities relating to Business Continuity Management (BCM) on organisations involved in civil contingencies work to ensure that they are able to continue their functions in the event of an emergency. However, BCM is not only essential to meet the legislative requirements under the Act but also reinforces a stable economy for commerce, industry and public services.

The aim of this event is to raise awareness of BCM and to inform organisations on the practical aspects of developing and implementing a business continuity plan.

WHO SHOULD ATTEND?

This seminar is of particular interest to employees or officers of:

  • Emergency Planning
  • Emergency Services
  • NHS bodies
  • Local Authorities
  • Voluntary Organisations
  • Other Category One and Two Responders
  • Private Companies

    KEY ISSUES ADDRESSED

  • The importance of BCM
  • BCM as a management discipline
  • The realities of BCM from organisations that have gone through the process
  • A practical exercise to build on how to undertake a BCM programme
  • How private industry can help
  • The promotion duty and community resilience
  • BCM and the CPA

    _______________________

    PROGRAMME

    0900 Registration

    0930 Welcome and Administration
    John Perkins, Regional Resilience Director

    0945 The Importance of BCM
    John Sharp, Policy and Development Director, Continuity Forum

    1015 Embedding the BCM Process: Creating Ownership to Build Resilience
    Eve Coles, Coventry University

    1045 Refreshments

    1115 BCM: A local authority experience
    Maddi Bali, Gloucestershire County Council

    1145 Practical Exercises in Risk Management and Business Impact Analysis
    Patrick Cunningham, Managing Director, Patrick Cunningham Civil Protection Ltd.

    1245 Feedback and Q&A

    1300 Lunch

    1400 Promoting Business Sector Resilience in a Major City Centre
    Richard Davies, Leeds City Council

    1430 What the Private Sector can do for you -
    John Basinger, Cunningham Lindsay

    1500 BCM and the CPA - Speaker TBA

    1530 Q&A session

    1600 Close

    REGISTRATION

    To register to attend this event please mail either Sara McKenna of the Continuity Forum HERE! or Nicola Lees of the East Midlands Resilience Forum HERE! or call Nicola directly on 0115 971 4712.

    Look forward to seeing you there!

    The Regional Resilience Team,
    Government Office for the East Midlands,
    The Belgrave Centre,
    Stanley Place,
    Talbot Street,
    Nottingham,
    NG1 5GG

    Tel: 0115 971 4712
    Fax: 0115 971 4710
    Email: nlees.goem@go-regions.gsi.gov.uk

    This seminar is being arranged on a no-cost basis for delegates and as such will be free. Due to restricted number of places being available, each organisation will be limited to two delegates.

    ___________________________

    If you would like to know more about how your organisation can get involved and benefit from working with the Continuity Forum, please email us HERE! or call on + 44 (0) 208 993 1599.

  • 7th July - Family Assistance Centre

    Who is the centre for?

    The centre is for all those affected by the events of 7th July. In particular it is for relatives and friends of those who have died, or are still missing, and survivors, whether or not physically injured. It has been set up by those responding to the disaster, as a single point of information and assistance. The centre is secure and private.

    It is where:

    • Information about those who have died, are missing or were injured can be given and received by the authorities
    • Updates on the investigation are made available
    • Those who have been affected can get access to support services such as financial, legal, emotional

    What else is available?

    • The opportunity for a personal meeting with a police family liaison officer
    • Regular updated information
    • Help with accommodation and travel can be arranged
    • Assistance in making contact with appropriate agencies and resolving problems
    • Multi-faith and multi-cultural contact
    • Emotional support
    • Internet and telephone facilities
    • Refreshments
    • Medical care and mobility aids
    • Crèche
    • Financial help
    • Legal advice
    • Information leaflets about bereavement and further sources of support

    If you are coming to the Family Centre from out of town please note that accommodation can be arranged or made available through Transport for London Incident Care Team, tel 0791 700 6865.

    The Family Assistance Centre has now relocated to:

    Lindley Hall (Royal Horticultural
    Halls and Centre)
    80 Vincent Square
    SW1P 2PE

    Call (24-hours): 0845 054 7444

    END

    __________________

    If you have any comments on this article or would like to find out more about the work of the Continuity Forum please contact Sara McKenna, John Sharp or Russell at the Continuity Forum directly on 020 8993 1599 or info@continuityforum.org

    Japan nuclear data leak raises security concerns

    Thursday June 23, 08:51 AM

    TOKYO (Reuters) - Japanese officials scrambled on Thursday to contain the public relations fallout from reports that confidential information about Japan's nuclear plants had leaked onto the Internet through a virus on a personal computer.

    Japan's top government spokesman pledged to take steps to protect information after data on several nuclear plants appeared online, including photographs of their interiors, details of regular inspections and repair work and names of workers.

    "Nuclear plants are important facilities in terms of anti-terrorist measures, security and what not, and therefore we would like to take full steps to ensure information management," Chief Cabinet Secretary Hiroyuki Hosoda told reporters.

    Mitsubishi Electric Corp. said the information was leaked through a personal computer used by an employee of a Mitsubishi subsidiary that was in charge of inspecting the plants.
    Mitsubishi Electric said the leak occurred at one of its subsidiaries and included information from seven Japanese electric power companies and five independent firms.

    "We deeply apologise for causing trouble to many people including electric power companies," Mitsubishi Electric said in a statement. "We will do our utmost to prevent the recurrence of such an incident."

    A trade ministry official in charge of the investigation said the information that was published was not directly linked to the "core part" of the nuclear plants.

    "We believe the information allegedly leaked does not include data directly related to nuclear materials, which are kept under strict control," he said.

    Since the September 11, 2001, attacks on the United States, Japanese police and coast guard forces have tightened security around the country's 52 nuclear reactors.

    END
    __________________

    If you have any comments on this article or would like to find out more about the work of the Continuity Forum please contact Sara McKenna, John Sharp or Russell at the Continuity Forum directly on 020 8993 1599 or info@continuityforum.org

    Worst data theft ever?

    MasterCard scandal: 40 million accounts could be compromised...

    In what could be the largest data security breach to date, MasterCard International on Friday said information on more than 40 million credit cards may have been stolen.

    Of those exposed accounts, about 13.9 million are for MasterCard-branded cards, the company said in a statement. Some 20 million Visa-branded cards may have been affected and the remaining accounts were other brands, including American Express and Discover.
    MasterCard and Visa both say they have notified their member banks of the specific accounts involved so the banks can take action to protect cardholders.

    James Van Dyke, principal analyst at Javelin Strategy & Research in Pleasanton, California, said: "In sheer numbers, this is probably one of the largest data security breaches."
    The breach occurred at CardSystems Solutions in Tucson, Arizona, a third-party processor of payment data, according to a MasterCard statement. An intruder was able to use security vulnerabilities to infiltrate the CardSystems network and access the cardholder data, MasterCard said.

    CardSystems is one of several companies that process transactions for banks and merchants. The security breach at the company was discovered using tools that monitor for credit card fraud, MasterCard said.

    Though credit card numbers were compromised, the cards themselves do not hold social security numbers or dates of birth, MasterCard said. This information could be used for credit card fraud but not to steal identities.

    A spokeswoman for credit card company Discover said the company is aware of the security breach and is working with law enforcement to investigate it. She noted that Discover Card holders would not be liable for any fraudulent transactions, should they occur.
    Visa issued a statement saying it knows of the data security breach and is working with authorities and banks to monitor and prevent fraud. As with MasterCard and Discover, Visa noted that card users are not responsible for fraudulent transactions.

    American Express could not immediately be reached for comment.

    The credit card theft possibly occurred late last month, according to CardSystems. In a statement issued late on Friday, the company said that it identified a "potential security incident" on Sunday, 22 May and called in the FBI the next day. Visa and MasterCard were notified as well, CardSystems said.

    Since the breach, CardSystems has undergone a security audit and is changing its security procedures as a result, it said.

    The breach follows several high-profile data loss incidents that potentially exposed US consumers to identity theft. Last week, CitiFinancial said tapes containing unencrypted information on 3.9 million customers were lost by the United Parcel Service while in transit to a credit bureau. CitiFinancial is the consumer finance subsidiary of Citigroup.

    In past months, data leaks have been reported by Bank of America and Wachovia, data brokers ChoicePoint and LexisNexis, and the University of California at Berkeley and Stanford University.

    END
    __________________

    If you have any comments on this article or would like to find out more about the work of the Continuity Forum please contact Sara McKenna, John Sharp or Russell at the Continuity Forum directly on 020 8993 1599 or info@continuityforum.org

    Rail passengers in overheating ordeal

    Friday June 24, 2005

    Rail services on the East Coast Mainline have returned to normal after hundreds of passengers were trapped in overheated carriages for hours after a power failure.
    Many endured great distress and were forced to break windows to escape as dozens fainted in the heat.

    Yesterday, the 3.55pm GNER train from Newcastle to Kings Cross ground to a halt just outside Peterborough at 5.25pm due an overhead power failure.

    Kevin Groves, spokesman for Network Rail, said the power failure meant no trains had been able to leave Kings Cross on the main route north since 5pm yesterday.

    He said: "We have engineers working to fix the problem and they will work throughout the night in a bid to have trains running again by 6am."

    A Cambridgeshire Fire and Rescue spokesman said eight passengers had been taken to hospital suffering from heat-related injuries.

    Passengers were advised to check with National Rail on 0845 748 4950 before travelling today.

    END
    __________________

    If you have any comments on this article or would like to find out more about the work of the Continuity Forum please contact Sara McKenna, John Sharp or Russell at the Continuity Forum directly on 020 8993 1599 or info@continuityforum.org

    Severe Weather warning for the UK as Heatwave ends with a bang

    Britain's sizzling heatwave is set to come to an end with warnings of thunderstorms and even tornados.The erratic conditions could bring mayhem to parts of the UK as tennis fans flock to Wimbledon and thousands make the annual pilgrimage to the Glastonbury music festival.Storms moved into south Wales and some southern parts of England overnight, with prolonged outbreaks of rain expected throughout Wales and north-western England which could lead to local flash flooding.

    PA WeatherCentre assistant manager Paul Knightly said the storms were likely to bring lightning and hailstones up to the size of golf balls.

    "Winds in the upper atmosphere will be fairly strong, and this will promote the development of some severe thunderstorms.

    "These may bring hailstones up to the size of golf balls, wind gusts up to 65 mph, extremely heavy rainfall leading to local flash flooding, and possibly isolated tornadoes.
    "People should remember that with any thunderstorm, the main threat is cloud to ground lightning, and tomorrow's storms are likely to be very electrically active.

    "If a storm approaches, try to get indoors quickly, and do not stand under trees."
    The Tornado and Storm Research Organisation (TORRO), which is a privately funded group researching extreme weather phenomenon, predicted possible tornados.

    The group was founded in 1974 and has been making severe weather forecasts for the last five years.
    Britain experiences an average of 35 small scale tornados each year, mostly concentrated in the south and east of England

    END
    __________________

    If you have any comments on this article or would like to find out more about the work of the Continuity Forum please contact Sara McKenna, John Sharp or Russell at the Continuity Forum directly on 020 8993 1599 or info@continuityforum.org

    Payment Cancellation

    We are sorry that you have cancelled your transaction with us.

    If you have experienced any difficulty, or are disatisfied in any way please do let us know directly +44 (0) 208 993 1599.

    We take service very seriously indeed and if are in anyway unhappy with our response please mail Russell.price@continuityforum.org and he will get back to you as soon as possible.

    Continuity Forum announces Continuity 'Think Tank'


    The Continuity Forum is launching a series of of 6 bimonthly breakfast sessions aimed at bringing together the thought leaders from our sector. The Continuity Forum is heavily engaged with national and regional governent at the heart of the developing

    Our sector is evolving rapidly across a broad range of topics and interests and in order to ensure that the the

    Security by the numbers ...

    The issue of security continues to be a major industry topic and understandably, especially as this is is one area of BCM that tends to have the highest profile . Many of the issues are closely linked to the increasing complexity and interoperability requirements of applications across a wide variety of Platforms. These problems are also compounded by the generally poor practices of many IT departments and internal users who continue to be a very weak link in the security chain.

    Below we have assembled research to provide an at glance reminder that there is still a long way to go to 'secure' an organisations IT.

    ----------------------------

    15% - The average increase in IT security spending in 2005, according to a survey of 1,300 CIOs by IT market research firm Gartner. At the same time, the respondents reported that their overall IT budgets would rise only 2.5 percent. Source: Secure Enterprise Magazine

    56% - The share of security solution providers who say that it will take over six months for organizations that have deployed identity management products to see a return on the investment, according to a recent survey by IT business publication CRN. Additionally, 52 percent of those polled reported that only six percent or less of their business customers have adopted ID management solutions as part of their overall security strategy. Source: SecurityPipeline.com

    10%- The maximum share of overall IT spending that's related to security patch management at an overwhelming majority -- 97 percent -- of companies polled by research firm InsightExpress. The survey, conducted on behalf of SupportSoft Inc., which develops update management software, found that patching takes a week or more to complete at about 25 percent of companies. Source: SecurityPipeline.com

    54 - The average number of software vulnerabilities that security vendor Symantec detected per week in the second half of 2004. The company reported in its semi-annual Internet Security Threat Report that it documented 1,403 new vulnerabilities between July 1 and Dec. 31, 2004, and said that 48 percent of those were found in Web applications. Source: IDG News Service

    35 - The number of IRS employees, out of 100 called by inspectors pretending to be internal help desk staffers, who gave up their network log-in names and changed their passwords to one suggested by the caller when told that it was necessary due to a network problem. On a positive note, the results of the anti-hacking test were better than in 2001, when 71 percent of the workers called agreed to change their passwords. Source: TechWeb

    50% - The rate at which IM and P2P exploits are increasing monthly, according to the IMlogic Threat Center, an organization formed by IMlogic, McAfee, Symantec and Sybari Software to monitor instant messaging hacks. Source: SmallBizPipeline.com

    224 - The average number of directory harvest attacks per day in February on enterprise email systems by spammers seeking valid addresses, according to email security services vendor Postini. Each attack brought an average of 166 invalid message delivery attempts, resulting in a total of 37,184 invalid delivery attempts per day. Source: SecurityPipeline.com

    180% - The share of mobile phone users worldwide that have received spam, according to a survey of 1,659 mobile users and 154 wireless operators by the University of St. Gallen in Switzerland and emergency communications services vendor Intrado. Source: MobilePipeline.com

    47.9%% - The share of email users who believe their employers have been effective at stopping spam, according to a January survey of 241 Internet users. Source: Osterman Research

    25% - The expected spyware infection level on corporate PCs within the next 12 months, according to a new report entitled "Spyware Adoption in 2005" from Forrester Research. Source: Networking Pipeline

    750 - The number of confirmed cases of identity theft directly linked to the network security breach at credit card data company ChoicePoint, which has acknowledged that hackers culled private data on at least 145,000 people. Source: CNET News.com

    69% - The share of 163 companies surveyed by the Ponemon Institute that reported their data security breaches came at the hands of company insiders -- the result of either malicious employee activities or innocent employee mistakes. Source: NetworkingPipeline.com

    17,000,000 - The number of American adults that have been spimmed -- sent unsolicited commercial instant messages, or the equivalent of spam in the IM realm, according to a survey conducted January 13 to February 9 by the Pew Internet & American Life Project. Source: InternetNews.com

    2560 - The number of unique phishing Web sites reported in January, a 47 percent increase over the number of sites reported in December. Source: Anti-Phishing Working Group

    36% - The share of consumers surveyed by Forrester Research who said they had curbed online purchases because of the rise in security breaches at credit card companies, banks and other businesses. Source: CNET News.com

    60,442,655 - The total number of Web sites as of March, representing a gain of 1.34 million sites over the previous month, the biggest monthly increase since April 2004. The number of sites has grown each month for 25 consecutive months. Source: Netcraft

    Ends

    _________________________________

    If you have any comments on this article or would like to find out more about the work of the Continuity Forum please contact Sara McKenna, John Sharp or Russell at the Continuity Forum directly on 020 8993 1599 or info@continuityforum.org

    Police chief battered by cyber attack

    Thousands of threatening emails sent to cripple police computers...

    A UK police chief has been bombarded with thousands of threatening emails in a denial of service attack aimed at crippling his force's computer systems.

    At one point just before the bank holiday weekend, 2,000 emails an hour were being sent to Greater Manchester Police (GMP) chief constable Michael Todd.

    The attacker spoofed some of the email addresses to show US president George Bush as the sender, while other emails warned that the attacker knew where Todd and his family lived.

    GMP said the attack was an attempt to crash the force's computer systems through the volume of emails being sent. It has launched an investigation.

    A statement issued said: "GMP has been subject to a cyber attack using emails in an attempt to disrupt GMP's service to the public. However, safeguards in place were effective and prevented any disruption to the force."

    Cambridgeshire Police were subject to a similar denial of service attack almost two years ago when thousands of spam emails told recipients their credit cards were about to be charged for an iPod they had just bought unless they phoned a customer service number.
    The customer service number turned out to be the switchboard at Cambridgeshire police, which was deluged by thousands of people who had received the hoax email, although the culprit was eventually tracked down and arrested.

    Continuity Forum Note

    It is important to stress that under the Civil Contingencies Act Category One Organisations such as the police and other emergency services must verify that sufficient measures are in place to ensure Continuity of Operations.

    Whilst the attack on the GMP was managed though a variety of measures, attacks of this type are rising and it is prudent to point out that 'denial of service' attacks such as this one are a serious matter affecting the ability of the organisation to communicate. Whilst not strictly speaking covered by the detailed requirements of the CCA, this instance is a timely reminder of the diligence that is required.

    Source Silicon.com

    End

    _________________________________

    If you have any comments on this article or would like to find out more about the work of the Continuity Forum please contact Sara McKenna, John Sharp or Russell at the Continuity Forum directly on 020 8993 1599 or info@continuityforum.org

    Syndicate content

    Business Continuity Forum creating Resilince and security

    Creating Continuity... Building Resilience...