Disaster Due Diligence February 5, 2009
Campus Security
HEADLINE: No Tech follow-up on Cho incidents
SUMMARY: The Virginia Tech shootings records -- many of which will be opened to the public this month under the state's legal settlement with families and victims -- show the extent to which Seung-Hui Cho and his problems were known on campus, a Richmond Times-Dispatch review of the documents has found.
STORY LINK: http://www.timesdispatch.com/rtd/news/state_regional/article/TECH02_20090201-222813/195587/
ANALYSIS: Virginia Tech has shared the background on the shooter. What is apparent is that like most disasters, there were warning signs. Virginia Tech did a good job of managing events on the day of the shooting. The key is acting prior to the incident.
Firestorm follows a Predict. Plan. Perform. process. Unfortunately, this incident reinforces the value of acting in advance to identify risks, make a plan and take action.
In many cases, Firestorm’s PPP process can mitigate or eliminate the ultimate impacts. Workplace violence is identified by OSHA as a hazard. What is your organization doing to identify and eliminate risk?
-- Jim Satterfield, Firestorm President/COO
Data Security
HEADLINE: Data Breaches Are More Costly Than Ever
SUMMARY: Organizations that experienced a data breach in 2008 paid an average of $6.6 million to rebuild their brand image and retain customers, according to a new study. Ponemon Institute, a Tucson-based research firm, looked at 43 organizations that reported a data breach last year and found that roughly $202 was spent on each consumer record compromised. The average number of consumer records exposed in each breach was about 33,000. The survey also sought to measure more intangible costs of a breach, such as the loss of business from increased customer turnover and decreases in consumer trust. Last month, when Heartland Payment Systems -- the nation's sixth-largest credit and debit card processor -- disclosed a breach that could affect millions of customers, the company's stock lost 42 percent of its value.
STORY LINK: http://www.washingtonpost.com/wp-dyn/content/article/2009/02/02/AR2009020203064.html?wprss=rss_technology
ANALYSIS: As everyone knows, decision-makers and bean counters love solid facts and figures. If you happen to be one of the persons in your organization who is constantly trying to justify higher levels of spending on IT security, this is the news you wanted to hear. The facts and figures make it abundantly clear that someone’s department budget is going to get drained when the bill for a security breach comes due.
If you want to make this fact "hit home," try this approach: Sit down with your HR Department for a couple of hours and come up with set of charge-off time codes that are specific to mitigating a security breach. Include major "time spent" items like: (a) Briefing senior management; (b) Finding the person responsible for server X; (c) Rebuilding desktops and laptops; as well as little things like: (d) Figuring out where people working 24/7 on the security response are going to sleep and shower when there's no time to go home; (e) PR efforts at controlling the rumor mill; and (f) Getting legal to agree on what you can and cannot tell law enforcement.
If you explore all the possible tangents and detail every possible task that will consume your time and everyone else's, HR will finally get the message that "this is a big deal." With any luck HR will run to the CFO and complain that this just can't be allowed to happen because it’s way too expensive and draining on the organization’s resources. At this point you may reach nirvana, as it’s no longer just you crying wolf.
Business Continuity
HEADLINE: Preparing for disaster: How would your practice cope?
SUMMARY: About 70 percent of medical offices lack emergency preparedness plans that would improve patient safety and business continuity, despite the fact that 87 percent of managers surveyed said their practices have a moderate or high chance of being hit by a disaster. Two reasons given for this lapse of planning are lack of time and compensation for the cost of running emergency drills.
STORY LINK: http://www.ama-assn.org/amednews/2008/12/15/bisa1215.htm
ANALYSIS: We take medical care for granted. This is not realistic. A recent report showed that of the more than 6,000 counties in America, only 158 county health departments were identified as “disaster ready.’’
Most healthcare facilities are developing plans to handle medical surges of only 3-5 times normal capacity. Unfortunately, in a communicable disease outbreak or pandemic, the medical surge will be well more than 100 times normal capacity.
This article shows the trend continues into private practice. It also quantifies the level of disaster denial. About 70 percent say they are not prepared, even though 87 percent have already identified risks.
-- Jim Satterfield, Firestorm President/COO
Communicable Illness
HEADLINE: Hong Kong expert warns of "terrible" bird-flu outbreak in China
SUMMARY: Experts were carrying out tests this week on dead birds washed up on Hong Kong beaches amid fears of a huge unreported avian flu outbreak in neighboring mainland China. Eight people in China were reported to have died of bird flu in January but, speaking on the government-run radio station RTHK, infectious diseases expert Lo Wing-Lok warned the outbreak in China could be far bigger than officials admit.
STORY LINK:
http://www.monstersandcritics.com/news/health/news/article_1457242.php/Hong_Kong_expert_warns_of_"terrible"_bird-flu_outbreak_in_China_
ANALYSIS: Seems like there is a major bird epidemic going on in southern China. These are periodic and they are due for one. With all the prosperity in China over the past 10 years (since the 1997 Hong Kong outbreak) the number of chickens and ducks must have increased at least 10-fold. Epidemics are only possible in dense populations. Human outbreak scourges had to wait until cities were formed.
How much information the provincial health or party officials are hiding is the $64,000 question. With the economy on the skids and the importance of lunar New Year (praise be the Ox), some fudging has been going on. Now that the New Year is past, some of the information restraints will be lifted. Monitoring the price of chicken may help later when the effect of the New Year’s feasting is no longer felt. However, with the economy sinking, the middle class will probably cut back on their consumption so prices may be less important than in the time of riches.
If this epidemic is really big it should start showing up in northern Vietnam or even northern Thailand, where the Chinese have built roads down into Laos. That smuggling route has gone big time with the new road.
Natural Disasters
HEADLINE: U.N. urges governments to implement disaster risk reduction methods
SUMMARY: The United Nations said the number of fatalities in the Indian Ocean tsunami could have been considerably reduced if disaster prevention practices had been implemented. Internationally, the number of weather-related disasters has increased five-fold between 1975 and 2005 because of climate change, and this number is expected to continue to climb. Yet many local governments have been slow to respond to the call for increased disaster preparedness.
STORY LINK: http://www.channelnewsasia.com/stories/southeastasia/view/398615/1/.html
ANALYSIS: Whether in government or the private sector, having plans improves outcomes. The United Nations quantifies the value of preparing as a 700 percent return on investment: For every dollar invested in preparedness, $7 of losses are prevented or reduced.
Firestorm finds that most vulnerabilities or risks are known to someone within an organization, but not acted on. The article identifies known risks and confirms that no action has been taken. Do you know your vulnerabilities? How are they monitored? What are the triggers for your plan?
-- Jim Satterfield, Firestorm President/COO
|
•
del.icio.us
digg
facebook
