TSA Launches Review – Implementing Lessons Learned
The Transportation Security Administration said it is launching a “full review” of an incident in which the agency posted on the internet a sensitive manual outlining security procedures for law enforcement officers, diplomats, prisoners, federal air marshals and others.
Yet another Lesson Learned in 2009. We all need to use Lessons Learned from others so they become Lessons Implemented to ensure better safety and better results in TSA…and most every other organization.
2009 has provided hundreds of lessons learned and the majority of them reveal a widening gap involving a lack of awareness, a lack of accountability and a lack of oversight.
Blaming the administration or calling it an honest mistake or brain fade are not solutions. What organizations really need are better solutions and better tools to keep up with mounting risks, escalating regulations, constant changes and updates to situational awareness and a growing need to securely share information.
Organizational leaders need better management and oversight tools to “connect the dots” and implement lessons learned so we can eliminate gaps and weak links and achieve better results.
AITP, HRAM, ARMA and more…Connecting the Dots Across Nebraska
Awareity’s CEO/President, Rick Shaw, is planning to share his knowledge and expertise at several upcoming events in the Lincoln/Omaha area.
October 13 – HRAM Omaha
October 15 – AITP Omaha
November 19 – AITP Lincoln
March 17 – ARMA Lincoln
Previous blog posts and every day headlines reveal organizations are struggling to keep up with escalating complexities. So how can lessons learned help organizations keep up more effectively and efficiently?
Rick will discuss real world examples and case studies to share proven steps organizational leaders can use to implement lessons learned and improve management efforts across all appropriate personnel – no matter how many departments, locations and third-party entities.
To attend any of these upcoming sessions or if you have any additional questions about how your organization can begin implementing lessons learned, please contact info@awareity.com.
Weekly Update: Implementing Lessons Learned
Please take a moment to consider how these Lessons Learned could be implemented by managers within your organization to avoid expensive and embarrassing situations…
FBI Investigating Mystery Laptops Sent to Governors
The FBI is investigating five laptop computers sent anonymously to West Virginia Governor Joe Mahchin a few weeks ago, as well as laptops mysteriously ordered for officials in 10 other states. Officials are worried the laptops may contain malicious software that would be a large risk if connected to government networks.
Would your employees plug in a new laptop to your organization’s networks?
Bernanke Falls Victim to Identity Theft
Fed Chairman Ben Bernanke was a victim of identity theft when his wife’s purse was stolen, containing personal checks, four credit cards and personal identification. A few days later, George Lee Reid allegedly walked into a Bank of America branch and deposited a $900 check under the names of Mr. and Mrs. Bernanke into a third party account and then withdrew $9,000 from the account, using other stolen identities.
Do you understand how to prevent identity theft?
Employees Fired After Reporting Security Breach
Two Lake Worth Utilities employees noticed an unauthorized computer plugged into the power system’s mainframe on two separate occasions and took their concerns to management, the city commission, and even the FBI and Department of Homeland Security. Last week, they were fired.
Does your organization have clear incident reporting procedures?
Higher Education Institutions Distribute Emergency Plans by Paper
The National Campus Safety and Security Project survey investigated campus preparedness for all types of threats, including natural disasters, acts of violence, and cyber disruptions. One of the major findings of this survey was that most respondents (87 percent) distribute information about their emergency preparation plans by paper (such as posting on campus buildings, in publications, etc.).
How are you distributing your emergency plans? How can you ensure anyone is actually reading your plans?
Lessons Learned are extremely valuable and must be implemented on an ongoing basis to ensure ongoing success and ongoing CYA! For more information on implementing lessons learned click here.
Disconnect Between Legal Team and Corporate Culture
The headline of a story caught my eye last week – Marriott Disowns One Hotel’s Defense in Rape Case.
It seems Marriott International is seeking to distance itself from a Marriott franchise hotel’s legal defense tactic and released this statement:
“This incident is not reflective of our corporate culture or ethical standards, and we apologize to all of our guests and customers who were so deeply offended by the words used in the legal pleading.”
The court case stems from a situation where a woman was raped at gunpoint in front of her children in a hotel parking garage, which was obviously a horrible experience for her and her children.
The story goes on to explain that the insurance company attorneys for the Stamford Marriott Hotel & Spa filed court papers saying the woman “failed to exercise due care for her own safety and the safety of her children and proper use of her senses and facilities.”
The legal team filed this response to a lawsuit the woman filed which said the hotel failed to adequately police the parking lot or train security employees at the time of the attack.
Are there any lessons learned in this story? Yes, there are multiple lessons learned for the hotel management, the legal team, the parent corporation, the victim and other organizations too.
Are you and your staff prepared to prevent this type of incident from happening on your property?
Are your organization and your legal team (internal or external) operating on the same page of music?
Do you have a reputation management strategy? Does anyone else know what the strategy is?
Implementing processes and procedures and strategies can be far less costly than dealing with headlines and lawsuits and reputation damage.
Weekly Update: Implementing Lessons Learned
Please take a moment to consider how these Lessons Learned could be implemented by managers within your organization to avoid expensive and embarrassing situations…
U.S. Government Advises Businesses on Swine Flu.
Government officials are calling on U.S. businesses to help manage the H1N1 flu this fall by developing customized plans for managing both the seasonal and swine flu, getting vaccines to vulnerable workers and encouraging employees with symptoms to stay home.
Court indicts Hackers in Largest Data Breaches in US History
A federal grand jury in New Jersey indicted Albert “Segvec” Gonzalez in the largest hacking and identity theft case ever prosecuted. Gonzalez was involved in allegedly stealing more than 130 million credit and debit card numbers by hacking into Heartland Payment Systems, as well as Hannaford Brothers, 7-Eleven and other unnamed national retailers. Gonzalez was also indicted on accusations of stealing 41 million credit and debit card numbers from major retailers, including TJ Maxx.
Campaign Monitor, an Australian email marketing application, was a victim of a hacking attack when unauthorized users broke into the Campaign Monitor servers and accessed customer accounts. The compromised accounts were used to send spam, using lists already in the account and lists imported by the hackers.
Massachusetts Data Protection Law Deadline Extended to March 1
The deadline for compliance with the Massachusetts data protection law, 201 CMR 17.00, has been extended to March 1, 2010. 201 CMR 17.00 requires all companies, large or small, that conduct business within Massachusetts to protect the personal information of Massachusetts residents.
Lessons Learned are extremely valuable and must be implemented on an ongoing basis to ensure ongoing success and ongoing CYA! For more information on implementing lessons learned click here.
HHS Has Busy Week and HIPAA Strikes Again!
Health and Human Services (HHS) issued new regulations this week requiring healthcare providers, health plans and other entities covered by HIPAA (Health Insurance Portability and Accountability Act) to notify patients if their electronic health information has been breached.
The regulations were developed by HHS Office of Civil Rights (OCR) and require healthcare providers and other HIPAA covered entities to promptly notify people, the HHS and the media in breaches that affect more than 500 people.
Earlier this week, HHS announced that they delegated the authority for the administration and enforcement of the HIPAA Security Rule to the Office for Civil Rights (OCR).
Any lessons learned from the announcements this week?
Absolutely! If you are a manager working in a “HIPAA covered entity” – which includes doctors, clinics, psychologists, dentists, chiropractors, nursing homes, hospitals, insurance companies, HMOs, company health plans, government programs that pay for healthcare and healthcare clearinghouses – then your lesson learned is pretty obvious…make sure you fully implement your privacy and security programs as soon as possible.
Why should you take action as soon as possible?
Because OCR now has authority for:
- the HIPAA Security Rule
- the HIPAA Privacy Rule
- the Breach Notification requirements
And because the Health Information Technology for Economic and Clinical Health (HITECH) Act and American Recovery and Reinvestment Act of 2009 (ARRA) mandate these requirements.
Healthcare managers beware…
Weekly Update: Implementing Lessons Learned
Lessons Learned Review…Keeping You Out of the Headlines and out of this blog…
Please take a moment to consider how these Lessons Learned could be implemented by managers within your organization to avoid expensive and embarrassing situations…
A recent survey revealed that although most small retailers feel somewhat familiar with PCI-DSS and also understand the importance of security, most small retailers express frustration with understanding, implementing and paying for compliance.
Has your organization met compliance requirements? Is your data secure?
Schools are Given New Flu Guidelines
The federal government released new guidelines as schools across the U.S. prepare for the new school year and brace for the H1N1 virus.
Is your organization prepared?
The homepages of several members of the House of Representatives were hacked and defaced with digital graffiti earlier this month. The breaches were the result of passwords assigned by the vendor to member offices that were never changed.
Are you using default passwords?
Lessons Learned are extremely valuable and must be implemented on an ongoing basis to ensure ongoing success and ongoing CYA! For more information on implementing lessons learned click here.
Weekly Update: Lessons Learned…Lessons Implemented?
Keeping You Out of the Headlines and out of this blog…
Please take a moment to consider how these Lessons Learned could be implemented by managers within your organization to avoid expensive and embarrassing situations…
Secret Service Information Revealed in P2P Data Leak
On July 29th, it was revealed that files including information about a Secret Service safe house for the President’s family, details regarding the Pentagon’s network infrastructure, and specific details about every nuclear facility in the US were found on the LimWire file-sharing network.
As a result, a bill has been introduced that would ban P2P sharing on all government computers and networks.
Network Solutions – Compliant, Not Secure
Web hosting firm Network Solutions discovered unauthorized code on its servers that may have been used by cybercriminals to capture transaction data (customer names, addresses, credit card numbers, etc.) and transfer it to servers outside of the company. Although Network Solutions was certified as PCI compliant, the breach has potentially compromised information for 573,929 individuals.
Compliance does not equal Security.
Horizon Group Management filed a lawsuit against a recent Twitter User, alleging that the statement posted on Twitter damaged the company’s business reputation. Horizon claims that the User “maliciously and wrongfully published the false and defamatory Tweet on Twitter, thereby allowing the Tweet to be distributed throughout the world.”
2009 School and Campus Safety Training Forum
The 2009 Campus Safety Training Forum held in Hampton, VA revealed that Implementing Plans and Ongoing Assessment Results has become the most difficult step in emergency planning and preparedness.
Awareity’s Rick Shaw’s comments on lessons learned at campus safety forum.
Lessons Learned are extremely valuable and must be implemented on an ongoing basis to ensure ongoing success and ongoing CYA! For more information on implementing lessons learned click here.
Curiosity Killed…Your Organization’s IT Security?
According to a recent survey released by the Messaging Anti-Abuse Working Group (MAAWG), about 1 in 6 consumers have at some point acted on a spam message. Those who admitted to opening a spam message said they “were interested in a product or service” or “wanted to see what would happen if they opened it.”
Wanted to see what would happen if they opened it!? These people are not 6-year olds wanting to see what would happen if they touched the hot stove or stuck their tongue to a flag pole during an ice storm!
Nearly 2/3 of the people surveyed felt they were very or somewhat knowledgeable in information security, however 80% felt their machines would never be infected with a bot or malicious software. This lack of awareness can only lead to one thing… expensive consequences!
Organizations need to ensure that Lessons Learned like this are being implemented down to the individual-level. Without ongoing education and awareness, many employees, customers, third-parties, etc. will not understand risks, threats, best practices, etc. By implementing an organization-wide awareness program with accountability and communicating organization-specific polices for passwords, anti-virus software, online safety, etc. your users will understand how to safely and securely navigate the online world.
I also recommend sharing internal lessons learned with your employees, such as a recent data breach or social engineering incident, so all appropriate personnel understand why they are being required to participate in an ongoing security awareness program. If employees understand that by opening a spam e-mail, they are responsible for their actions that may potentially cost your organization millions of dollars and loss of reputation because of a data breach, they may be more likely to actually read your acceptable usage policies regarding strong passwords, e-mail safety and social networking best practices.
How are you implementing your security program and ensuring your employees understand the risks and threats of spam and other online threats?
Lessons Learned…Lessons Implemented?
Keeping You Out of the Headlines and out of this blog…
Please take a moment to consider how these Lessons Learned could be implemented by managers within your organization to avoid expensive and embarrassing situations…
The New York Post reported that the New York City Police Department had signed a nearly $1 million contract with a vendor to purchase thousands of new manual and electric typewriters during the next three years. The NYPD’s typewriters are a shocking reminder of just how much more change needs to be implemented across government agencies and organizations to eliminate the status quo.
Kaiser Hospital Privacy Violation
Kaiser Permanente’s Bellflower Hospital received a second six-figure fine for failing to protect electronic medical record data from its own employees. The California Department of Public Health issued an administrative penalty of $187,500 against the facility after concluding that the hospital didn’t do enough to protect patient health information.
The Social Security numbers and other personal information of nearly 900 people were accidentally given to a resident who requested the information when an employee of the Hampton Redevelopment and Housing Authority printed a spreadsheet and mailed it, but forgot to exclude the personal information.
Lessons Learned are extremely valuable and must be implemented on an ongoing basis to ensure ongoing success and ongoing CYA! For more information on implementing lessons learned click here.
