2017 is done – what do we do differently in 2018?

By No Comments

With 2017 behind us and a new year just begun, we consider which business practices we want to continue and perhaps which need to be done differently.   As ghoulish as it may seem, part of my planning includes learning more about how many disasters happened during the past year, problem trends, and how well businesses are prepared for recovery.

In a report from FEMA, I found the number of major disasters declared over the past five years:

Year # % change from previous year
2017 135 +32%
2016 102 +29%
2015 79 -5%
2014 84 -12%
2013 95

These numbers account for such things as weather disasters, floods, terrorist attacks, and those caused by human actions.  Digging a little deeper, I wondered how many cyber/data breaches happened during 2017, or at least those deemed big enough to be reported.  Here’s the list I found:

E-Sports Entertainment Association, Xbox 360 ISO and PSP ISO, InterContinental Hotels Group, Arby’s, River City Media, Verifone, Dun & Bradstreet, Saks Fifth Avenue, UNC Health Care, America’s JobLink, FAFSA: IRS Data Retrieval Tool, Chipotle, Sabre Hospitality Solutions, Gmail, Bronx Lebanon Hospital Center, Brooks Brother, DocuSign, OneLogin, Kmart, University of Oklahoma, Washington State University,  Deep Root Analytics, Blue Cross Blue Shield/Anthem, California Association of Realtors, Verizon, Online Spambot, TalentPen and TigerSwan, Equifax, US Securities and Exchange Commission, SVR Tracking, Deloitte, Sonic, Whole Foods Market, Disqus, Hyatt Hotels, Forever 21, Maine Foster Care, Uber, Imgur, TIO Networks, eBay, Alteryx

That’s more than 40 companies – not a good trend.   It also leads to the questions, “Is my business vulnerable?” and  “What can I do about this?”

Here are some quick tips that I gleaned from a recent article from EverBridge:

Question your approach
Justification for the effort to define a recovery strategy on what is arguably a rare occurrence is a difficult task.  Rather, look at the need from a value-based perspective for being able to recover, such as:

1.      Regulatory compliance
2.      Competitive advantage
3.      Brand and reputation recognition
4.      Knowledge capture
5.      Increased robustness

Find out what others in your industry are doing and from there address the question, “What is right for us?”  Not all companies need sub-second recovery… Some companies really can convert their entire work force to remote workers…   Your solution needs to be tailored to your needs.

Work Out
Simply, plans are worthless if you don’t exercise them on a regular basis.  Leading standards on continuity planning refer to having regular exercises that increase in scope and complexity over time.  Of course, “How often?”  is a key question.  Two exercises a year is thought to be a good benchmark for exercises, with one being a tabletop exercise and the other a more in-depth simulation.

Some food for thought:  As you continue through your planning process, include your business recoverability and resilience as part of the discussion.  Being prepared for “what if” scenarios is critical for long-term success.

Huber Advisors is here to help with that planning.  We can advise on how to start the process yourself, as well as engaging with your organization to facilitate the creation of strategy and recovery plans.  Call us at 651-429-9991 or e-mail at information@huberadvisors.com  and we can help you Be Ready for Anything!

Rolling Out GDPR – Are you ready for May 25th?

By No Comments
First question… What is GDPR?

It stands for General Data Protection Regulation, and it’s a new standard for the way in which companies manage and maintain their customers’ data within the European Union.  It goes into effect on May 25th.  Second question, as a U.S. based company, do you really care?

You probably should.   As a starting point, I’d suggest reading the following article:


A quick summary of the article is that any U.S. based company that has a web presence and sells products as the result of web contacts needs to review their data practices and how the GDPR might impact them.

In a recent webinar hosted by BrightTalk, entitled “Getting Ahead of the Compliance Curve”, the presenters stressed that full implementation requires a combination of technical and organizational measures to protect your data.   Part of that could be encryption, but operational processes are also required to ensure complete compliance.  As part of that, two key implementation points are the “right to be forgotten” feature, and the requirement that all data breaches must be reported within 72 hours.

Once in place, the GDPR is positioned to impose significant fines for non-compliance.  One report indicates that fines can be up to 4% of your annual global revenue.  Another example is that if a company is breached and credit card information is accessed, the fine could be in the neighborhood of $3/card breach.  Simple arithmetic shows how quickly the fine can go up based on the size of your breach.

Confused? Concerned?  It all starts with understanding current practices within your environment, assessing them against the requirements of GDPR, and determining what needs to happen next.    When in doubt, ask for help – call Huber Advisors at 651-429-9991 to see about getting an assessment of the impact and how to address any shortcomings within your business.

Some things simply stay the same.

By No Comments

I came across a report that highlighted four key areas on which to focus your recovery strategies:

  • Virtualization
  • Cloud Computing
  • Mobile Devices in the Workforce
  • Social Networks

Looking at today’s business climate, these are certainly four areas that can still impact your environment.

What’s interesting is that the list is from a CIO poll from April, 2012.  A lot of the basic elements of your recovery strategy really haven’t changed in the last five years (if not longer).  Nonetheless, important areas for your planning.

 As you work on your recovery strategies, here are some key points you to consider:

 Size does not matter.

Continue reading

Technology – Love it, Hate it, Accept it, Deal with it…

By No Comments

Regardless of the size of your organization, you have certain reliance on technology in order to be productive and to an extent successful.  No one seems to leave their home or office without their phone.  We all use e-mail for communicating to the rest of the world.  But that’s just the starting point.  Suppose your company gets a bit of success and you start growing, which means adding employees.  Next up is adding office space for you and your employees, which means creating an office network.  Now you’re faced with more questions, wired or wireless? Should you get everyone a desktop, a laptop, or a tablet? Do I really need a firewall and anti-virus? 

Managing technology to meet your business’ needs doesn’t need to be overly complicated, but how do you pick where to spend your technology dollars?  How do you ensure you’re focusing on what’s important and what’s (perhaps) frivolous?   Then once selected and in use, there’s more to it than just making sure power stays on. 

Every business owner must decide where to allocate funds, and it can be difficult to reconcile spending a huge amount on technology without seeing immediate returns. But technology is an integral part of your organization, and can offer widespread and lasting benefits. Technology should be viewed as both a cost of doing business, and an opportunity to do more.

Plus, don’t forget about cyber security, hackers, and data breaches. 

The next SBAB luncheon will provide some insights on these points and even more.  Our panel (Al BeVier with Helix Business Service and Tim Elemes with Huber Advisors) will provide some insight on technology, and provide some key points to take away that will help guide you through your technology planning.