Wednesday, February 25, 2015

Building Safety and Security

If you own your building, there are many concerns and regulations to consider. If you rent your space, many of the same issues are also important. As the quote implies, it's about the people first. So, while you want to protect the building and assure its longevity, you first need to have plans in place to get everyone safely out of the building and to keep them safe indoors if required. The concerns addressed in this issue -- civil unrest, for example -- might be good scenarios to test your plan against.

From bad building designs to management that ignores badge rules, here are the top building security mistakes. (Item #1)   An expert explains why smart buildings bring a new range of potential vulnerabilities that need management and mitigation. (Item #2)   Here are some actions that property owning organizations can take to better protect facilities, tenants and employees from civil unrest. (Item #3)

Managers in all settings can benefit from these tips on contingency plans for terrorist attacks. (Item #4)   Occupants can fill key roles in the process of clearing a building. (Item #5)   Making fire extinguishers available is not enough; people have to know how to use them; share this video with everyone. (Item #6)

Subscribe or read past issues of the NewsBriefs at

Wednesday, February 18, 2015

Exercising the Business Continuity Plan

If you're not buried under some of the historic inches/feet of snow that have fallen in various locations of the US, you likely feel sorry for the folks getting all that weather but you're also glad it's not you. But what if you pretend it is you? Wouldn't this winter weather (not to mention flooding and fires on the west coast) be a good scenario for testing your business continuity plan? What would you do if it was your business under all that snow or  in that flooding this week? Dust off your BC plan, take a look at this week's articles, and do a table-top simulation of how you would survive Mother Nature's wrath!

Exercises are used to testing emergency plans but they are also useful events to run when actually writing plans and procedures because they help generate discussions and stimulate thinking on what the contents of the plan could be. (Item #1)   A program of training, exercises, and tests moves plans beyond the concept stage, provides training opportunities for employees, and helps identify needed corrections in procedures and plans.  (Item #2)   Testing business recovery plans is an important step to validate and check its content and approaches, ensuring that plans are actionable before a possible real disruption.  (Item #3)

A TTX is a facilitated scenario-based discussion that tests a plan in a protected environment. (Item #4)   How can business continuity professionals conduct more effective exercises? (Item #5)   Download this free business continuity test template and guide to learn how to conduct a successful test.  (Item #6)

Past issues of the NewsBriefs are available at

Thursday, February 12, 2015

Cyber Security

Just when we thought we'd seen it all, SONY was hacked and forced to withdraw a movie from distribution. This week, Anthem announced its data had been compromised, affecting thousands. What would the impact on your business be if you were the victim of some sort of cyber crime? All organizations, no matter how small, are potential targets for cyber criminals and the results can be devastating to your reputation and your bottom line. As you scan the articles below, consider whether you have done everything possible to protect your organization and what you may still have left to do in this area.

What's on the cyber security front this year? (Item #1)   Cyber security incidents can have business continuity implications and impacts that extend far beyond IT. (Item #2)   Cyber Law arises because there's always the potential for legal problems, and lawmakers struggle to keep up with the fast and furious pace of today's technology. (Item #3)

Small businesses generally have fewer resources available to monitor and combat cyber threats, making them easy targets for expert criminals. (Item #4)   Data security is crucial for all small businesses; this FCC guide can help. (Item #5)   This article is mainly about cybercrime deterrence, not cybercrime prevention. (Item #6)

Past issues of the NewsBriefs are available at

Wednesday, February 4, 2015


Any organization that collects data on its customers, members, users, etc., has to be prepared to protect that data; failure to do so can be costly, in terms of operations, reputation, and the bottom line. Employers also must meet the challenge of balancing their right to secure their data and proprietary information with their need to protect an employee's right to privacy. In both cases, it's important to communicate what your privacy policy is and to make it easily accessible. Has your organization developed a privacy policy that clearly explains how data collected will be safeguarded and used? Do your employees and managers/supervisors understand your monitoring policies? If not, these activities should be part of your business continuity discussions as soon as possible. And, as we have pointed out in the past, if you have done so already, are you sure everything is up to date?

The potential cost of privacy issues should be a concern for most organizations. (Item #1)   Whether your organization has implemented a BYOD policy or is still struggling with the intermingling of personal and work-related communications on employer-issued devices, some best practices are starting to emerge. (Item #2)   Employer monitoring of its communication systems generally is considered to be a responsible business practice. (Item #3)

The privacy issue isn't going away any time soon, though the commercial social media sites have deftly surfed the edges of the wave. (Item #4)   Here are some steps toward balancing employer security with employee privacy. (Item #5)   An employer should establish and communicate clear written policies for employee monitoring and educate supervisors when monitoring is permissible. (Item #6)

Past issues of the NewsBriefs are available at