There’s been a lot said and written in recent times about digital espionage and digital theft. The discussion has focused on firewalls, anti-virus and malware programs, alert IT security people and the risk of loading private programs or commercial apps on devices that store business critical information. What is your IP worth?Let’s start from a more basic and more critical point – the real value in your business. What is your information worth? Yes, we are talking about the business critical information of your company. So, we include here the client list, your charging rates for services or goods, your… more

There has been a lot in the media recently about cyber warfare and the risk to intellectual property when travelling to certain parts of the world. Various cyber operators have engaged in malicious activity against public and private sector organisations, despite the fact that 88% of executives in a recent Deloitte survey didn’t perceive their company was vulnerable to attack . The apparent objective of this activity has been the theft of intellectual property, trade secrets and business sensitive information. Their aim is to establish a foothold and then move laterally through the target networks. That is a critical reason… more

The current ICAC inquiry into potential corruption by a former Minister and member of the former NSW Government has moved into its most intriguing phase. The conundrum and despair of the majority of citizens is why the aggrandisement of the few should always be at the expense of the many? It is a familiar story throughout history, isn’t it? No wonder Lord Acton coined his famous aphorism that ‘all power tends to corrupt and absolute power corrupts absolutely’. With a nice sense of timing, the KPMG report of its biennial survey of fraud, bribery and corruption in Australia and New… more

In case you missed it…Late in the winter of 2012, the Director-General of Security made a rare public address to a significant private sector audience. The transcript is posted on ASIO’s website . Missed that one did you? Well, not everyone is an ‘intelligence groupie’, so chances are it was missed by most. The first issue of the Weekend Financial Review for 2013 carried front page headlines and four pages of reporting of the Director-General and others on the same subject . Even though many were away on holidays, some would have read it with a cold one in the… more

It is generally agreed that businesses (and schools, sporting teams, political parties, etc) need to have a clear social media policy and ensure the policy is understood by everyone. That is no small task as we constantly witness examples of people behaving badly in the mainstream media. Social media is such a rapidly expanding domain that the policy needs constantly to be revised to ensure it remains current and relevant. That is a good thing to put down on your check-list for year’s end or year’s start. The risk in this area is, however, much broader. The new tools/toysSmartphones and… more

BackgroundWarren Buffett, a man who knows something about value, observed that it takes 20 years to build a reputation and five minutes to ruin it . That thought runs through a recent significant survey. Eisner Amper is one of the largest consulting and accounting firms in the United States . For the past few years it has conducted an annual board of directors’ survey of concerns about the risks confronting boards and companies . The size and background of the survey population mean its conclusions merit close consideration. Reputation or compliance?Last year reputational risk overtook regulatory compliance risk as the… more

What should you ask?What questions should executive management or non-executive directors ask of the risk manager? How do you create an opening? They are presented with the risk framework for the company and given all the reasons why they should adopt it – so they normally do. They set the risk appetite of the company, but that’s a process largely based on experience, the past, things which are known. They are presented with a risk register that categorises the various risk sources and as far as they are able to ask questions and turn over stones, they agree with its… more

When a company or institution suffers a major hit – market shock, a serious fraud case, an assault on a person, significant stock loss, vandalism, etc – it frequently launches or revives its security program. Initially, there is ownership, so time and effort are devoted to it. Everywhere you look you can see the differences. Access control immediately improves as credentials are inspected; visitors are required to undergo proper procedure; background checking of prospective employees is undertaken; there is a rise in the reporting of security incidents (or, perhaps, starts!) and a sense of well-being and security prevails. Move on… more