Risk Roundup for July and August 2019
This month’s Risk Roundup is about data privacy and federal agencies woefully prepared for cybersecurity. Then we descend on Southern California for the biggest California earthquake in 20 years. On the flight home, we contemplate the business impact of the US-China trade war.
Facebook reaches $5 billion settlement for data privacy violations
US regulators approved a $5 billion fine of Facebook on July 13 for mishandling users’ personal data and ordered Facebook to add oversight to its data practices. The settlement officially ends FTC’s investigation of Facebook improperly sharing user data with Cambridge Analytica. As more data privacy regulations take effect like the California Consumer Privacy Act (CCPA), organizations should investigate compliance implications. Take steps like adding controls and updating policies to prepare for any new privacy law requirements.
GAO report finds 16 federal agencies unprepared for cyber risk
The United State Government Accountability Office (GAO) delivered a scathing report in July citing federal agencies unpreparedness for cyber risk. The report found 16 federal agencies exhibited deficiencies in all NIST Cybersecurity Framework core security functions: identify, protect, detect, respond, and recover. All government entities, as well as any business, can access the cybersecurity framework that outlines the functions and essential steps. Follow NIST to be in lockstep with digital risk management.
The biggest earthquake in 20 years rocks Southern California
July 4 brought fireworks of a different kind. A powerful earthquake with a 6.4 magnitude hit a remote area 150 miles northeast of Los Angeles. An aftershock of 7.1 magnitude hit a day later. Thankfully, destruction was minimal. The scenario that has researchers worried is a 7.8 magnitude quake rupturing a 200-mile stretch along the southern part of San Andreas fault. That hasn’t happened yet, but it’s a serious risk. For organizations with a California presence or connection, a business impact analysis from a major earthquake and disaster recovery procedures should be part of the business continuity plan.
US-China trade war—troubling tariffs
August came and with it an escalation in the US-China trade war. Both countries have engaged in a tit for tat, slapping tariffs on each other’s consumer goods and manufactured products. Our farm belt has been impacted too and is receiving a bailout. Overall, it’s geopolitical risk with far-reaching consequences. Tariffs upset companies’ supply chains, make it harder to sell to markets, and damage US and world economies. In 2019-2020, all organizations need to factor geopolitical risk into their risk management programs.
This month’s edition of Risk Roundup reflects a growing emphasis on IT risk, especially privacy and cyber. However, events happen, whether it’s this summer’s escalating trade war or a natural disaster like an earthquake that suddenly takes center stage. It’s why we find risk management so fascinating. Each day brings promise and peril that calls for proactive management. We’ll be back in November with a roundup of top risks from September and October.
UK banks must now comply with the Senior Managers and Certification Regime, known as SMCR. Learn SMCR’s major requirements, top challenges, and best practices for compliance.
In this post, we share the importance of BYOD policies, alert you to compliance challenges, as well as the risks posed by personal devices tethered to IT infrastructure.
First in our monthly blog series, Risk Management: Back to Basics, where we feature a core pillar of risk management and share practical tips you can implement right away. Today’s topic: policy management.