Friday, March 13, 2015

IAIN DRUMMOND JOINS OIM

Osborne Interim Management is pleased to welcome IainDrummond to the organization as a Principal.

Iain is a highly experienced IT executive with an extensive background as CEO of both public and private companies. He is well-versed in all aspects of management, including running international operations for a large multinational computer manufacturer. As a result of his extensive earlier experience as a systems analyst and troubleshooter, Iain is used to creating high-value solutions to challenging business problems. He has a strong focus on sales, marketing, product development, budgeting and financial controls, and is a top-level presenter with strong verbal and written communication skills. He is a skilled motivator and people person, and is used to dealing at C-level with both government and private sector organizations.
Posted by Osborne Interim Management at 11:52 AM

Tuesday, March 3, 2015

RISK MANAGEMENT - BLOG POST BY IVAN McCLELLAND

3 Types of Insurance you should consider for your small business.

 Insurance is essential component of your risk management toolkit, particularly in respect of mitigating the financial consequences of certain loss exposures. Business owners must continually balance their need to manage risks with the cost of obtaining peace of mind through insurance. In the past few years some types of policies have increased in popularity and consequently these policies may be more affordable that they were before. Here are three policies that every Small business owner should consider;

1.     Cyber Insurance. We all use technology to some degree and many business are highly reliant upon IT to sustain their operations. The financial impact and associated liability can be mitigated through cyber risk insurance. Although this type of insurance has been available in Canada since the mid 1990’s, its popularity has increased considerably in recent years. There are numerous insurers in Canada who offer cyber risk insurance and policies can be customised in respect of retention amounts and potential losses covered. 

2.     Key – Person Insurance. Does your business include someone whose contribution is vital to the survival of your company? If yes, then key person insurance should be a part of your business continuity and succession plan - especially if you're a small business owner. Numerous insurers offer this type of coverage and many group benefits providers will include this coverage if requested. 

3.     Overland Flood. Traditionally this type of insurance has not been readily available in Canada, and the few insurers who offered it charged excessive premiums. But that is changing!  A number of large insurance companies have started to offer overland flood insurance, and as these policies become more popular the premiums should start to come down to levels were it may be a viable risk management option. 


You should talk with your insurance broker or consider reviewing your enterprise approach to risk management, to assess if your insurance is aligned with your risk management objectives. The risk management team at Osborne are available to help with all your risk management needs.

Ivan McClelland (click to read Ivan's profile)
Principal



Posted by Osborne Interim Management at 1:58 PM

CYBER SECURITY RISKS - ARE YOU PROTECTED?


Cyber security risks are present in almost all organizations, irrespective of size, as we all become increasing dependant on information technology to manage operations, HR, financial and customer information. These operational risks should be considered by all organizations as part of their risk management program.

 While Small to Midsized Enterprises (SME) don't have the luxury of dedicated information security teams and resources that large enterprises can afford, they still face many of the same threats. According to the Government of Canada, over 31% of cyber-attacks intentionally targeted small to medium sized businesses in 2012 and that number has increased in the past two years. They also report that the average financial impact to such businesses is in excess of $15,000 per attack, although this number is conservative when compared to other studies.

 Customers and employees naturally expect personal and financial data to be kept secure, and a data breach can be a painful and expensive ordeal. But it can be daunting for a small business that may have a small IT department, to think about how to tackle IT security.

 The response of many SME’s is the “security through obscurity” approach. In other words, we’re too small to be on anyone’s radar and the cyber-criminals are only going after the big guys. It is true that many of the well-publicized stories of data breaches have involved very large enterprises like Home Depot, TJ Maxx and JP Morgan. But these cases only represent a very small faction of the actual number of cyber security incidents that happen every day, which are increasingly focused on SMEs.

 The reason why SME’s are increasingly becoming the victims of cyber criminals is the same reason why criminals target the vulnerable members of a society. Smaller companies are simply easy pickings and they don’t fight back like bigger companies. They represent a low risk of apprehension as SME’s would typically lack the monitoring, forensics, logs, audits, reviews, penetration testing, and other security defenses and warning systems that would alert them to a breach.

 That being said, the most pressing IT security problem facing Canadian entrepreneurs is not computer hackers. The majority of security breaches actually come from a company’s own employees. They’re usually not doing it on purpose as most breaches are accidents, such as; an employee mistakenly emailing confidential client information outside the company, a cashier leaving a customer’s credit card information on a publicly viewable computer, or a manager inadvertently deleting important files. So where do you start?

 IT Security has grown in complexity as IT systems and the methods used to compromise them have grown. There are however some first steps that can be taken to mitigate the risk. The following 6 steps are a starting point that a small business can use to evaluate its current cyber security risk and how to manage it:
1. Strategy and Human Resources Policies

  • Does your company have a clear IT security policy that’s known to staff?
  • Do you provide security awareness training to your staff, or promote a culture of security and protection within your organization?
  • Do you have a policy on acceptable IT use, password guidelines and security practices?
  • Do you have confidentiality agreements for contractors and vendors?
  • Does your company have a privacy policy? Remember privacy law applies equally to how you protect employee information as well as customer information.

2. Data Backup

  • For critical data (this is anything needed in day-to-day operations, including customer information), do you centralize it on a server and back it up nightly to a remote location?
  • For important data (anything important to the business but that doesn’t get updated frequently), do you centralize it on a server and back it up semi-regularly off-site?

3. Desktop Security

  • Do all computers have working anti-virus software?
  • Do you have a security policy for downloading and installing new software?
  • Do you have passwords with a minimum of eight alphanumeric characters that are changed every 90 days?
  • Are all computers updated with the latest system updates and security patches?

4. Internet and Network Security

  • Do you have a firewall and intrusion detection on all web connections?
  • Do you use a virtual private network for remote access?
  • Are all modem and wireless access connections known and secured?

5. Privacy and Sensitive Information

  • Have you restricted access to applications and information to those who need it? Do you periodically review access levels?
  • Is customer financial information encrypted and accessible only to those who need it?
  • Are paper files kept in locked filing cabinets with controlled access?

6. Audit

  • Do you do a periodic audit (every six months at least) of your IT security checklist?

These steps do not represent a comprehensive approach to IT security, but they will start you on the road to having a more secure and reliable network. Remember, technology is evolving very quickly and the methods used to compromise networks are evolving just as quickly, so managing your cyber risk must be a dynamic and iterative process.

 The Government of Canada has published a useful guide for small businesses which can provide more information on how to protect your operations, systems and information. It is a very useful resource and it is available here.

 Ivan McClelland (click to see Ivan’s profile)
Principal

Other Article Written by Ivan McClelland:
"No Risk, No Reward" - Identifying and Managing Risk Tolerance for Your Business
Posted by Osborne Interim Management at 10:18 AM
Subscribe to: Posts (Atom)