Risk Management - The Experts View

Friday, April 10, 2009

Ask the panel of experts…

Keith Tilley, managing director UK and executive vice president Europe for SunGard Availability Services

Why should risk management and business continuity remain a priority issue in today’s global economy, while companies are having to deal with recession?

Most businesses do not stop during a recession: they suffer, but they don’t stop. And serious interruptions such as severe weather or power cuts are recession-proof; they go on. We deal with an average of six interruptions every month, which could lead to a lack of confidence if the business breaks down for any length of time. That means that access to information is more important than ever, as companies need a greater flexibility to react to the market.

Good risk and business continuity management should be part of a company’s PR activities, and can give return on investment, for the companies with good plans are putting good processes into their business. The reverse is also true. For example, if the financial institutions which precipitated the current problems had had a robust risk policy in place, we wouldn’t be in the mess we’re in now. Would they really have thought it was such a good idea to provide high levels of credit to people who were unemployed and on benefits? Possibly not.

The most important reason, however is to maintain confidence in what you’re doing and that matters as much as it has ever done. Forecasters are now saying that GDP may contract by up to 2.5 during 2009, with companies predicting a drop in business, but a five per cent drop still means 95 per cent businesses still to be run, 10 percent drop means 90 per cent to be run and even if they’re not where they would like to be, business continuity remains important. In fact the current environment confidence is essential and good risk management practice helps to maintain it.
Graham Chick, Chief Executive of GemaTech

What do you consider to be the most critical part of a company’s telecommunications infrastructure?

The UK PSTN (Public Switched Telephony Network) is one of the most reliable infrastructures of the world, having “five 9s availability” – that is 99.999 per cent availability. However, the same cannot be said for connectivity – the telephone circuits installed by the carious carriers, such as BT, COLT, CaW, NTL:Telewest and so on – between their local exchanges on the periphery of the PSTN and their customer’s premises, an area known as “The Last Mile.” The cables are only 15cm below the pavement and can be susceptible to everything from a terrorist attack to being cut by a JCB digger to frequent power cuts damaging the server and many more. And if there has been damage, it is not always possible to access The Last Mile for any number of reasons, such as the time police had to cordon off the Haymarket when they discovered a Mercedes fully laden in petrol.

There are various ways to provide The Last Mile with greater resilience. These include “dual parenting.” Which means providing duplicate circuits from a second local exchange – but both are expensive solutions. The best, and most economical, way is to install technology within the respective carriers’ exchanges, which can not only instantaneously and seamlessly re-route all inbound calls directed to individual DDIs (Direct Dial In) to any number of alternative locations but also provide secure recordings of all inbound and outbound calls, as the provision of voice recording is seen as a great advantage in the aftermath of an incident, when it is necessary to prove who said what to whom!

Robert Guice, Senior VP EMEA Shred-it

What are the main areas of operations where companies are most at risk of identity fraud and what do they need to do about it?

“Companies and government are at risk of identity fraud in pretty much every department that processes confidential information. You have the obvious departments like finance and HR, but customer relations, administration and payroll are all critical areas where data is often held. Very often it’s a less public department which holds the most sensitive information, but nobody realizes it.

“Any organisation that doesn’t have a company-wide policy to monitor the destruction of confidential documents is at risk and work but the Information Commissioner’s Office shows it’s a growing problem in both private and public sectors.”

There’s a perception that identity fraud is all about electronic data. But a lot of identity fraud is related to the theft of paper documents rather than just laptops for example. Laptop theft tends to get reported, but often the reality is the more mundane loss or theft of routine documents that contain confidential information.

Companies need to have a consistent policy across all departments in the organisation, and this policy must be communicated and consistently implemented throughout the organisation. The safest option is for documents to be destroyed on-site; once they get outside your organisation you lose control.

Data theft tends not to get very high up the priority list. Very often confidential material is just seen as waste and disposing of it as a cost, not a risk, and not really as an executive issue. The advent of computer technology has allowed us to have vast quantities of data in one place.

According to identitytheft.org identity fraud is costing the UK economy around £1.2b a year. Companies spend millions protecting their IT infrastructure but often will have no policy for what is done with printed documents. Businesses have never had much data; but now they need to learn how to look after it.”