The past three years have seen a number of man-made and natural disasters bring risk management demands to the forefront of executives and board directors. Fat-tail risks that have a low probability, but a very high impact to the organization, such as the Japanese tsunami, the Gulf of Mexico oil spill or the euro-zone liquidity crisis, have been front and center, creating a renewed interest in enterprise risk management (ERM) practices.

John Brown, Director, Risk Management, Supply Chain & Technical at Coca-Cola answered a series of questions written by marcus evans before the forthcoming 6th Annual Enterprise Risk Management Conference, March 19-20, 2013 in Chicago, IL. All responses represent the view of Mr. Brown and not necessarily those of Coca-Cola  

When it comes to quantifying risks within the supply chain, are there sure-fire approaches or methods to apply? Why or why not.

John Brown: The sure fire approach is to map your supply (value) chains, delineating the flow of value contribution from each node (value-adding operation) and through each link. As is normally the case, however, the sure-fire approach is not easy to implement, especially since the “map” must extent to tier 2, 3 and beyond suppliers, and downstream through customers to end consumers.  The effort and resources it takes to complete this mapping is insurmountable for most companies.  Some excellent work is taking place to visualize value chains by mining data in enterprise applications, such as SAP. But there are challenges even in this approach, which at best captures tier 1 suppliers. I am hopeful that elegant (and affordable) solutions will be developed in the next few years. 

What are some of the vital steps an organization must take to mitigate risks in the supply chain associated with fat-tail risks like Hurricane Sandy?

JB: Interesting question, and no easy answer. Risk management is essentially prevention, and few company reward structures are geared to prevention activities (as compared to reaction, such as crisis management).  Part of the difficulty is that it is next to impossible to demonstrate that risk management activities prevented an uncertain event from occurring.  The steps most companies can take today include understanding where they have critical dependencies, such as single-sourced materials or services, suppliers who are susceptible to external events, or vulnerable transportation/logistics links. And then establish arrangements to avoid a major disruption in the value creation chain. The challenge with this approach is that it ultimately increases your cost-of-goods, relative to a steady-state environment.  Where it pays off is if you experience a disruption and are able to flex with it.  A more fundamental approach is to design products and services with a view of minimizing exposure to disruptions. 

When it comes to risk buckets, how is The Coca Cola Company currently managing risks within the supply chain?

JB: You would think that the beverage industry is relatively simple. Yet it is an amazingly complex system, especially for a globally diverse company. Our approach has been to develop a common methodology and tools to identify, analyze and mitigate risks at every locally relevant business entity. We then use technology to create an aggregated view of risks at successively higher organizational levels. This approach ensures that risks are identified and managed at the local level, which in itself is true risk management across the enterprise. The sweet spot is where we can identify systemic risks across multiple entities and then apply higher level resources to solve these risks once, instead of multiple times, and with sometimes different approaches. Likewise, some risks that are seen at higher organization levels (which tend to be more strategic in nature) can be communicated to local entities as a watch-out. The strategies and processes we developed in the supply chain and technical areas have been adopted by the ERM team, so we have a single, unified approach to risk management across the company. 

What are some of the types of risks that are overlooked when it comes to the supply chain?

JB: Supply chain organizations tend to be focused on sourcing, making, moving and selling--and as such sometimes have a blind spot relative to external events that can significantly impact value chains.  Some of these risks exist in the political and social arenas, human resources, public perceptions, large-scale economic changes, and sometimes in the critical linkages in global value chains. The Fukushima earthquake (and the ensuing tsunami and  nuclear power impacts), the Thailand floods, the Eyjafjalla volcanic eruption, and the Middle East unrest all exposed weaknesses that crept into value chains as we continued to find ways to increase productivity and reduce costs.  It will always be a challenge to employ risk prevention in the face of constant pressures to reduce costs.

As a speaker for the 6^th Annual Enterprise Risk Management Conference, what do you look forward to most about attending this event?

JB: Learning about the strategies, tools and techniques companies are using to implement risk management programs, with a focus on effectiveness and efficiency. Risk management is an evolving discipline, with many approaches and espoused best practices. Over the last few years I’ve seen a gradual move towards a common set of guiding principles, with a focus on identifying and preventing risk events. This is a critical step in my view, and ISO 31000 has provided a foundation.  Too many risk management programs focus on compliance or reaction. So, the move towards a focus on prevention is welcomed.

John J. Brown, a registered professional engineer, Associate in Risk Management-ERM (ARM-E) and Certified Protection Professional (CPP), has worked directly in the risk management field for well over a decade, and indirectly most of his career. Since joining The Coca-Cola Company in April 2008, John has developed a risk management strategy and processes for the Company's global value chain, and is currently implementing that strategy.

For more information please contact Michele Westergaard, Senior Marketing Manager, Media & PR, marcus evans at 312-540-3000 ext. 6625 or This email address is being protected from spambots. You need JavaScript enabled to view it.. 

A week’s worth of news reports shows law enforcement all over the country are battling identity thieves who are stealing our personal information and opening various accounts under our names or taking over existing accounts. From every corner of the U.S. from Ft Lauderdale to Anchorage and San Diego to Queens, busts are happening but more work needs to be done.

Queens NY, CBS New York reports: A South Ozone Park man who portrayed himself as a Harvard graduate with plans to open a medical facility has pleaded guilty to identity theft, the Queens District Attorney’s office announced.

San Diego CA, Imperial Beach Patch reports: Authorities said the defendants ran the ID theft and mail theft ring out of their home. Most of the personal information is believed to have come from stolen real estate files. Investigators found numerous items involved in the ID theft ring at the defendants’ home, including computers, printers, dozens of stolen credit cards and lists describing how to make counterfeit IDs.

Ft Lauderdale FL, Sun Sentential reports: The scheme unraveled after Erskine met with a confidential informant in March to discuss filing for fraudulent income tax refunds. She said Johnson could get a person’s Social Security number, date of birth, and driver’s license information for $150, according to court documents.

Anchorage AK, KTUU.com reports: An Anchorage man is facing 36 federal charges, including aggravated identity theft, in a case involving more than $150,000 in losses to individuals and businesses he allegedly defrauded. Rogers allegedly created fake documents for nearly two years, from late 2007 until mid-2009, which federal authorities say he then used to make fraudulent purchases.

Consumers must:

• Protect themselves from account takeover by monitoring their accounts closely, protect their passwords, and refute unauthorized charges.
• Protect themselves from new account fraud by locking down their credit with a credit freeze or identity theft prevention services.
• Protect their devices with antivirus, antispyware, antiphishing and a firewall.

Identity theft will continue to plague citizens until smart systems are put in place to mitigate new account fraud and account takeover. Businesses are engaging an emerging device identification technology by Oregon-based iovation Inc. that spots cybercriminals by analyzing the reputation of computers and mobile devices used to connect to online businesses. They proactively investigate for suspicious activity and check for characteristics consistent with fraudulent users.

In one major case, iovation helped bust a fraud ring that victimized over 15 people where tens of thousands of fraudulent charges were racked up. The case started when a report of $5,000 in fraudulent credit card charges at a large electronics store and two department stores was reported. It just so happens that the credit issuer was using iovation to flag fraudulent credit card applications and tracking that back to the specific computers and mobile devices used. This information, combined with surveillance photos and other offline detective work, provided the perfect blend of digital and physical data that law enforcement needed to bust the crime ring.

There’s a ton of new devices flooding the market and it has been predicted by the North Pole there have been many good boys and girls this year who will be receiving them. Out of Santa’s sack will come computers, tablets, smartphones, and gaming consoles. But if you happen to get one of these new devices, you should know that the first step in enjoying it is protecting it.

Smartphone or tablet:

Mobile malware is on the rise, and Android is still the most targeted platform.

1. Threats aimed at mobile phones are growing.

o Malicious applications are a main threat area, so be careful of the third-party applications you install— they could end up infecting your phone or sharing your personal information. Only download applications from a reputable app store, and read other users’ reviews. Also, make sure you are aware of what kind of information the app wants to access before you download it.

o Consider mobile malware threat protection to safeguard your device against viruses.

o Apply system or application updates which almost always include security patches and make your devices easier to use.

o Turn off antennas you don’t need. If you’re not using any one of the four typical wireless connections (cellular, Wi-Fi, Bluetooth, and GPS) on your smartphone or tablets then turn them off. It will help keep you safe and give you the best battery life.

o Don’t store personal information, such as passwords and account numbers, on your phone.

o For more information on McAfee® Mobile Security solutions, please visit:  www.mcafee.com/mobilesecurity.

Apple iPad, iPhone or iPod touch: Apple computers and devices has led to escalated threats. Mac malware has risen throughout 2012, and according to McAfee Labs, this trend looks to continue.

2. Transfer your PC best practices to your new Apple computer or device.

o As a proactive measure, consider installing security software that’s been developed for the Mac since more threats are being aimed at this platform.

o Don’t leave your device unattended, allowing a thief to grab it and your sensitive information.

PC or netbook:

3. Make sure your computer has comprehensive security software.

o Your security software should include at a minimum: anti-virus with cloud computing, a two-way firewall, anti-spyware, anti-phishing and safe search capabilities.

o Additional levels of protection include anti-spam, parental controls, wireless network protection, and anti-theft protection that encrypts sensitive financial documents.

o Don’t just use anti-virus software—this alone is not enough.

4. Keep in mind that free software can leave you unprotected.

o Free security software typically provides only basic protection, and is often offered to get you to buy more comprehensive software. Look for security software that provides up-to-date protection using cloud computing which can help protect against emerging threats.

o Don’t forget to check whether the security software installed on your new PC is only a trial version. If it is, remember to buy a subscription so that you have continuous protection against newly discovered threats.

5. Have data protection in addition to comprehensive security.

o In a recent global survey, home Internet users estimated that their digital assets, such as photos, contacts, and entertainment, were worth approximately $37,000, yet more than a third lacked protection across their devices.Consider a product that offers data backup and restore features as well as advanced security in case of a loss.

o Don’t take a chance on losing important personal photos, creative works in progress, or financial information.

6. Search and shop safely.

o You should know that McAfee Labs counted 43.4 million suspect websites during the third quarter of 2012, up 20% over the previous quarter, and these pose a threat to your computer and your devices.

o To help you weed through malicious sites, be sure to use a website safety advisor that can tell you which sites are safe and which are risky. McAfee SiteAdvisor™ is included in all of the McAfee consumer security suites.

o When shopping, look for theMcAfee SECURE™ trustmark, which indicates that the site has passed rigorous daily testing for 10,000 known hacker vulnerabilities.

7. Be aware of “scareware” and “ransomware”

o Scareware tricks users into believing that the computer may be infected to get them to “buy” fake antivirus software and hand over their personal and financial details, usually via pop-ups.

o Ransomware also appears through pop-ups, and typically accuses Web surfers of visiting illegal webpages. These pop-ups claim to be from the police and threaten to lock up the user’s computer system until they pay a fine.

o Ransomware grew by 43% in the third quarter of this year, while scareware continues to thrive, and is estimated to victimize 1 million people a day.

o Don’t buy antivirus software through pop-up ads. Always purchase your security software from a reputable vendor, and keep it up-to-date to avoid ransomware scams.

8. Educate your family and pay attention to your children’s online activities.

o Keep your computer in a common area and discuss which information is appropriate to share online and which is not, such as addresses, phone numbers, and other private information.

o If you have kids or tweens, limit their online access and the content they can view. Use aWeb filtering tool that protects kids from accessing inappropriate content such as pornography, nudity, online hate groups, school cheating sites, and profanity.

o Don’t assume your child doesn’t know how to turn off parental controls.

oFor more information on keeping your kids safe, visit McAfee’s Family Internet Safety Center at www.mcafee.com/family and check out the 10-Step

Internet Safety Plan For Your Family.

Gaming or entertainment device, such as a Nintendo Wii or 3DS, PlayStation 3, and Xbox 360:

9. Keep in mind that these gaming and entertainment devices are now Internet-connected and vulnerable to many of the same threats as PCs.

o Make reliable backup copies of games to protect your investment.

o Take advantage of built-in parental controls that can help shield kids from violent games or limit when the device can be used.

o Some multiplayer games allow kids to play with strangers over the Internet, so if you are a parent consider activity-monitoring tools.

o Only connect your device to a secure Wi-Fi network.

o Don’t store personal information on yourdevice.

Removable storage device, such as a flash drive or portable hard drive:

10. Use technologies that will help protect your information.

o Consider using a secure, encrypted USB stick, to scramble your information so it is unreadable if your device is lost or stolen.

o Buy security software to protect your portable hard drive, and set a password.

o Don’t leave your removable storage device unattended since they are small and easily stolen.

Of course, many of us have multiple devices. To make protecting them easier, consider using a product such as McAfee All Access, which provides the first complete security protection for PCs, Macs and mobile devices in one cost-effective, single solution. To learn more, go to www.mcafee.com/allaccess.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! 

We’ve all been there. You search your pockets, your belt clip, jacket pockets, every draw, cabinet, bag, couch, and floor, every crevice of your car and dog house.  You wonder if you left it in the bar last night or over your friend’s house. You’d text all your buddies to see if they have it but, well, you can’t.

It’s that horrible feeling that comes over you as you realize you no longer have your mobile phone. In the past you might have first thought of the cost of having to buy a new phone and re-enter all your contacts. But now with the advent of smartphones, there’s much more to lose than the device itself.

Because our mobile devices can hold personal and work contacts, account logins, photos, and messages, losing your device means exposing your private world to strangers and identity thieves. They can browse your apps and activities, extract your addresses, download files and pictures, send all your Facebook friends fake or embarrassing content, or gain access to your bank accounts and drain them. And recreating and restoring all the content we have on our smartphones can take hours, if it is even possible.

I’ve lost count of how many phones I’ve found in bars or parks, at the beach or when running along the trails. And the most amazing part is I’ve been able to return all but a very few. And how do I do this? Because most people don’t lock their phones!!! This means I can pick up the phone and got through their contact lists and look for “Mom.” In other cases I just wait for someone to call it and say “Hello I found this phone how can I help you?”

There are some things you can do so you don’t have that freak-out moment.

Password protect your device—This is the simplest thing you can do to protect the information stored on your device. Not only does it keep strangers from accessing your data, but it may also discourage thieves from taking the device in the first place.

Regularly backup your data—Don’t be part of the 32% that only does backups once a year! Back up your data at least once a week, so you have electronic copies of all of your valuable information. This way, even if you lose your device, you won’t lose all of your data.

Don’t store your logins—Rather than having your apps and mobile browser remember your login information, type in your login credentials each time (especially for banking). This way, if a stranger accesses your device they cannot log into your accounts as you. Or better yet, don’t store sensitive data on your phone.

“Mark” your device—To mark your device, take a screenshot of your emergency contact numbers and use it as your phone’s lock screen. If someone finds your device, it will be easy for him or her to return it to you.

Write down the serial number—Record your phone’s serial number and store it somewhere other than on your device. If you lose your phone and it eventually turns up, you will be able to identify it.

Install mobile security—Software like McAfee^® Mobile Security, which includes antivirus protection, app protection, backup and restore functions, and remote wipe and tracking in the case of loss or theft

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! 

Natural disaster scam: Sadly, scammers seem to come out of the woodwork during a natural disaster such as Hurricane Sandy to catch consumers when they’re in a panic, looking for answers, and when they’re most vulnerable.

People should not click on links or respond to phishing e-mails for relief donations that ask for credit card numbers or other personal information.  In addition, be wary of tiny URLs on social media services and posts on social networking sites.

Follow these guidelines to ensure that donations to victim relief efforts are sent through legitimate sites:

• Verify that the organization is actually a registered charity by going to http://www.charitynavigator.org/
• Recognize that solicitations that arrive by unsolicited email, especially those sounding overly urgent or desperate, are very likely to be scams.
• Be aware that donation requests made via advertising banners can also be scams.

Black money scam: Scammers send thousands of phish emails regarding an unknown inheritance. Ok right there should be a red flag. But, for many who think their ship has come in, it’s opportunity to get paid. Once engaged, the victim is told of the mass amounts of money needing to be snuck in/out of the country and told the money is dyed black to avoid detection by custom officials.

Once a meeting is arranged the victim is shown a trunk full of dyed black money, then to whet the appetite of the victims, a few of the bills are pulled out, and a magic solution cleans off a few nice crisp $100.00 bills.

The ruse is to get the victim to buy thousands of dollars of this magic cleaning solution for the promise of making hundreds of thousands of dollars.

Grandparents scam: One of the easiest and most vile scams on the block is the “Grandparent Scam”.

The phone rings and an elderly person answers the phone. The caller says either “Grammy, Granny, Grandma, Nana, Nonna, Papa, Baba or Grandpa?”  The elderly person says ‘Yes” and the caller states “It’s your grandson!” When the elderly person responds and rattles off a name of a grandchild and says “Robby is that you”, the scammer responds “YES!” and knows he’s got a fish on the hook.

The scammer begins to hem and haw that they’ve been arrested or are stranded or car broke down or lost their wallet and need the grandparent to wire some money to them. Once the grandparent agrees they instruct the victim to go the address of the local check cashing place that wires money and the scammer siphons as much as possible out of their victim.

If there is someone in your life that could possibly, even remotely fall for this scam you need to educate them on what to look for. Put systems in place to make it difficult for them to make financial withdrawals without a cosigner.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked!. 

There are two kinds of identity theft you must protect yourself from:

New account fraud: Refers to financial identity theft in which the victim’s personal identifying information and good credit standing are used to create new accounts, which are then used to obtain products and services. Stolen Social Security numbers are often used to commit new account fraud.

Account takeover fraud: Using another person’s account numbers, such as a credit card number, to obtain products and services using that person’s existing accounts or extracting funds from a person’s bank account.

3 ways to protect yourself:

#1. Prevent new account fraud: When a security freeze is in place at all three major credit bureaus, an identity thief cannot open new accounts because creditors can’t check your credit. If you want to apply for credit then simply unlock or unfreeze your credit.

#2. Prevent account takeover: Run Windows Update, also known as “Microsoft Update.” It scans your computer on a regularly scheduled basis for any necessary software or hardware updates. You can access Windows Update from your control panel. Make sure it is set to download and update critical security patches automatically. Use comprehensive security software and keep it up to date to avoid keystroke log­gers and other malware.

#3. Effective passwords: There is no such thing as a truly secure pass­word. There are only more secure or less secure passwords. Don’t reuse passwords across multiple sites, use different passwords for each of your accounts, use at least eight characters of upper and lowercase letters, numbers, and, if possi­ble, symbols.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . 

Malicious software (malware) is, in many ways, very well understood. Security experts know how it works and why. Cybercriminals’ motivations are pretty straightforward—making money from malware and related attacks.

In the latest McAfee Threats Report: Q3 2012 , malware is still growing and while it’s not growing quite as fast as it was in previous quarters, the amount of malware still topped 100 million samples.

Besides the large growth in mobile malware , there has also been an increase in the tactics that cybercriminals are using to attack you. Some of these techniques include:

Autorun Malware
AutoRun (also known as AutoPlay) is a feature in Windows systems that dictates what action the system should take when a device is connected to your PC. So when you connect your USB drive or insert a DVD into your drive, AutoRun is what will automatically open or in some cases play what is on these devices. Cybercriminals use this feature to automatically install malicious software when an infected USB or other removable device is plugged into your PC. What makes AutoRun scary is it requires no effort on your part to click any links. This is a “plug and play” malware and can even come on products shipped right from the factory such as external hard drives, USB drives and LCD picture frames.

Mac malware
With over 350 new samples in Mac malware in Q3 2012, the growing popularity of Apple products has inspired cybercriminals to create malware that will harm Macs. McAfee Labs is seeing fake antivirus programs targeted at Mac users. In other words, there are an increased number of programs known as “scareware,” which claim to protect users from viruses and malware but users who attempt to install the supposed antivirus software are actually downloading malicious software. This malware can damage your Mac or compromise your personal information.

Ransomware
Ransomware malware typically accuses you of visiting illegal websites, locks your computer then demands a payment to unlock the device. And even if you pay, you are not guaranteed to get access to your files and now the criminal has your financial information.You can get “infected” with ransomware in a myriad of ways, including links in emails, instant messaging, texts and social networking sites, or by simply visiting a website that can download the malicious software on your computer. With a 43% growth this past quarter, ransomware is definitely something to watch out for.

The past quarter’s threats report has shown cybercrime exhibits few signs of slowing down, and cybercriminals using more tricks to steal your money. To help protect yourself you should:

Keep your operating systems updated on all your devices

Be selective about websites you visit and use a safe search tool like McAfee SiteAdvisor^® to warn you about risky sites before you click

Avoid clicking links in emails, text messages or instant messages, especially from people you don’t know

Stay educated on the latest tricks, cons and scams designed to fool you

Use comprehensive security software like McAfee All Access that provides cross-device protection for all your PCs, Macs, smartphones and tablets

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)