The Post Office Scandal – Why Now?
In this week’s bulletin, Charlie discusses the Post Office scandal and why, only now, has the scandal become headline news. You can’t avoid the post office scandal in the news this week, so I thought I should write about it. What I find interesting about this scandal is why it is now mainstream news, with
Ten Business Continuity Trends to Watch in 2024
The first bulletin of the year highlights some trends that Charlie thinks will show up this year, and he gives some advice to organisations on how to be prepared for these. Happy New Year to all readers! I hope you were able to have a good break. This is the time of year to look
The ‘Great A9 Disaster’ of 8th December 2023
This week, Charlie talks about his experiences with dealing with an incident on the road and discusses what he learnt from the situation. As I have mentioned a few times on this bulletin, I spend a lot of my time telling people how to respond to incidents rather than being part of the response myself.
Ransomware- Considerations for whether you should pay or not pay a ransom
In this week’s bulletin, Charlie discusses the pros and cons of paying a ransom and provides us with some advice about how we can be more resilient when faced with a ransomware threat. This week, I conducted a cyber exercise with a Housing Association, and I have another upcoming exercise with a senior management team.
Clarion Housing Association Cyber Incident, June 2022 – A Case Study
In this week’s bulletin, Charlie looks at the recent cyber incident from Clarion and explains how organisations can recover from a cyber incident. Next week, I am conducting a cyber exercise for a housing association, and in preparation, I decided to explore the specific impact of a cyber incident on housing associations. When discussing cyber-attacks,
Vishing – What Is It and Should You Be Worried?
This week, Charlie discusses vishing and how it can affect your organisation, and looks at the importance of sufficient cyber training in the workplace. This week, I was going to write about the MGM Resorts hack in September 2023 and, as part of my research on the hack and its effects on the casino, I
My 10 Favourite Learning Podcasts
This week, Charlie gives an insight into some of his podcast recommendations and discusses what topics are covered and where you can listen to them yourself. I thought for the bulletin this week, I would share a few of my favourite learning podcasts. Podcasts are always great for long car journeys or commutes. You make
Some Reflections on BCI World Hybrid 2023
We’ve been to BCI World Hybrid 2023! In this week’s bulletin, Charlie discusses his experience of the conference and highlights his favourite moments. This week, I attended BCI World Hybrid, and I’ve always considered this conference a barometer of the state of the business continuity profession and its current discussions. So, here are some thoughts:
What is MITRE ATT&CK and Why Might You Be Interested in It?
In this week’s bulletin, Charlie explains what MITRE ATT&CK is and the importance of familiarising yourself with its framework. First, this question may not apply to you if you’re a “techie” involved in preparing your organisation for a cyberattack. You should already be familiar with the framework and use it as a part of developing
An Old Threat Returns – Terrorist Attacks in Europe?
This week, Charlie discusses the importance of having updated response plans in case of an emergency and looks at why organisations should keep in contact with staff during an incident. This week’s bulletin was inspired by several recent events that have converged, reminding us of a threat that seemed to have waned for a while.
Why Flowcharts Aren’t Appropriate in Business Continuity Plans
In this week’s bulletin, Charlie discusses his reasons why flowcharts aren’t useful in most business continuity plans, and looks into how we could improve our plans. Over the last couple of days, I have been rewriting a client’s business continuity plan. One of the features of their plan has been to have a number of
Closing and Reopening Offices, Restaurants, and Retail Outlets, after an Incident
In this week’s bulletin, Charlie discusses his recent exercises around reassuring customers after an incident and talks about how we should approach reopening. This may not sound like the most scintillating subject, but it’s a critical consideration for a crisis team following a major incident that necessitates the closure of offices, restaurants, or retail outlets.
Pickups for Peace – A Visit to Ukraine
Charlie and Kim have just come back from a visit to Ukraine, where they teamed up with a Scottish charity, ‘Pickups for Peace’, to help deliver numerous pickup trucks to the Ukrainian military. The bulletin this week gives us an insight into what they experienced! Last week, we were in Ukraine delivering a pickup to
The RAAC Crisis – What Can We Learn?
This week, Charlie discusses the ongoing RAAC (Reinforced Autoclaved Aerated Concrete) crisis and advises us on what we can take away from the crisis. Once again, we have a business continuity incident dominating the headlines. When business continuity was first conceived in the 1990s, it focused on what we should do if the buildings our
An Old Threat Returns…Computer Outage
Charlie discusses the recent IT failure of NATS which caused numerous flight delays and gives an insight into why we should plan for a potential IT failure in our organisations. The failure of the NATS[1] (National Air Traffic Services) computer was one of the big stories of the week, with the import of one flight plan
When to Use Silence as a Crisis Media Strategy
In this week’s bulletin, Charlie discusses the positives and potential drawbacks of keeping silent after an incident, and looks at when we could consider silence as an effective response strategy. There are many instances when saying ‘no comment’ and not engaging with stakeholders can be seen as crassness. It can imply that you have something
Data Breaches: Does Anyone Care?
Charlie talks about the recent cyber attacks on the University of the West of Scotland (UWS) and the Police Service of Northern Ireland (PSNI) and discusses the impacts of these attacks. In this bulletin, I emphasise that, while data breaches impact all those whose data has been compromised, until organisations face financial and reputational consequences,
Arrogance: The Undoing of Many Senior Managers – NatWest Thoughts
In this week’s bulletin, Charlie shares his thoughts on the recent NatWest scandal and discusses how senior managers should handle a crisis. I have been closely following the Coutts, NatWest, and Dame Alison Rose crisis over the last few days, contemplating the lessons we can learn from it. Crisis professionals can teach senior managers how
Use of Cyber Threat Intelligence to Guide Crisis Response: A Checklist for Crisis Teams
In this week’s bulletin, Charlie discusses the questions that organisations should be considering when carrying out a potential response to a cyber-attack, including how the attacker got into the system and what their potential motives could be. When organisations are the subject of a cyber-attack, many plans I have seen do not include some
Business Continuity Professionals – Is AI Going to Make You Redundant
Charlie discusses the emerging use of Artificial Intelligence (AI) and looks at what changes it can make within your organisation and the positives and possible downsides of using AI. I came across an article on AI and business continuity a couple of days ago. The article had a number of links in it, and in
Mind the Resilience Podcast – From Vision to Success: The Story of a Resilience Entrepreneur
This week Charlie was a special guest on Episode 22 of the Mind the Resilience podcast, discussing his passion for business continuity, the challenges faced by organisations during crises and his thoughts on emerging trends. Here is a sneak preview of the episode: Introduction to Charlie: Discover the story behind his journey in establishing
The Covid Inquiry: Some Thoughts
In this bulletin, Charlie shares his thoughts and opinions on the current controversy revolving around the Scottish Government. He dissects how some actions during the COVID pandemic might have affected the country, comparing it to other recent disasters faced by the UK. This week, we saw a sight that, if you are from Scotland, we
What is the Difference Between Cyber Incident Management and Cyber Incident Response?
Charlie looks at the difference between cyber incident management and cyber incident response and the different set of issues they have to deal with in the different teams. This week, I thought I would write a short technical bulletin. Many people use the terms cyber incident management and cyber incident response interchangeably, but they each
Coordinating Emergency Response and Business Continuity in Manufacturing
Charlie discusses the different emergency response and business continuity issues to consider after an incident, and how both teams can communicate efficiently. This week, I have been working with two manufacturing companies that both supply products to the construction industry. I have worked for several manufacturing organisations and have always had to work hard
MOVEit and Capita- Why Your Organisation Needs To Carry Out A Data Risk Assessment
Charlie re-investigates Capita’s hack and discusses how performing a data risk assessment on your organisation may be beneficial in the event of a cyber incident, and looks at what should be included within the assessment. A couple of weeks ago, I wrote about how poor I thought Capita’s response to their hack on the