A business wants to always guarantee safety and security for every visitor, staff person, and contractor. We all know that safety and security can be measured through risk factors, and we know that the risk factors for every business whether storefront or digital is more than 0% always.

In todays world, we are beyond the brick and mortar regarding needs for safety and security. We have to consider both hardware and software alongside the balance between a businesses needs/duties and the potential financial crippling state of the art processes and procedures can inflict on a businesses bottom line.

Technology is not cheap. Good technology is exorbitant and typically not reasonable for the common consumer. At the pace of technological evolution comes also the safety and security risks that pair into the common person’s desire to make things more simple, seemingly more comfortable, and always in pursuit of being or becoming more efficient.

Here are some notes in consultation with a DoD representative through the International Facilities Management Association within the Atlanta Chapter.

Security and Cybersecurity Awareness

If, F=function,

Then, Risk= f (vulnerability, threat, asset value, mitigations)…

1. Have a computer on its own system and server if possible for all banking utilizing a two key system for accountability.

2. Do not bank if having multiple emails, multiple apps, or use browsers. Isolate all banking to an isolated system/internet/server.

Notes on General Risk Management:

⁃ Centralize and monitor admin controls. Always consider risk when sharing data outside of network.

⁃ All Risk factors are never 0. The goal should always be risk mitigation.

⁃ ROI is impossible to calculate with accuracy regarding IT, General Security, and General Cyber Security.

⁃ 10-15% is US average cost for IT cybersecurity related expenses. These numbers are assumed to increase over time as the world gets trained beyond average coding capabilities and AI assisted malware development.

Insurance takes clients based on a bet they won’t need it.

Hacking and Financial Risks:

• locking up data for ransom

• Manipulating or destroying data for Political/philosophical/personal attack

• Intelligence collection or payouts

• Create Two Key Systems for approval

• Financial Hacking is a Global Business

• 2023 DoD noted 8 trillion lost in cyber hacking

• Opening unfamiliar emails can be a portal to an entire system

• AI, Automation, and Deep Faking is immensely cost effective and the attacker can be anywhere in the world

• Criminals are lazy. Pay attention to lazy workers seeking unethical ROI

…Tool Makers, Tool Users, and Enablers…

Modern Hacking- the Cyber Kill Chain

1. Reconnaissance- Seeking victims

2. Weaponization- Malware Formation

3. Delivery- point of disruption at PDF/Email Link/Text Message Link/App Downloads

4. Exploitation- Access Granted.

5. Installation- Malware automatically installs itself and hides within a system

6. Command and Control- Data is duplicated and fully compromised

7. Actions on Objectives- Ransom

Information Technology (IT) vs. Operational Technology (OT)

Facility Managers are required and should be trained to operate in both worlds.

Life Safety Systems include all IT, Burglar Alarm Systems, Surveillance Systems, Fire Systems, and all associated hardware.

ICS/SCADA is Gear for Mass Ops.

FYI… Backup Data Frequently and Automatically to Avoid Catastrophe…

1. Schedule Test Security Functions Frequently

2. Imbed Systems for Recurring Ops to interact with systems

3. Protect Family Security and Financial Security with Intentional layers of protection.

4. Frequently remove Toxic Data and set as Recurring Ops (Data Hygiene) either monthly, quarterly, or annually depending on organizations needs.

5. Passwords are obsolete against Passkeys regarding Authentication.

Prompting Operational Directors to Analyze their current Digital Ecosystems for potential hazards and safety risks. Where does Google stand in International Safety, Security, and Corporate Usage for Singularity and Development?

Potential Hazards in Data Manipulation regarding donations. One protection method is flat rate donations as opposed to set percentages. Clean numbers are easier to scan for flags for quick scanning pattern recognition.

(MSSP’s)- Managed Security Service Providers

⁃ Consider Firewalls

⁃ Consider Intrusion Detection Services

⁃ Consider Life Safety and Fire Safety Systems

⁃ Explore Cyber Insurance depending on organizations needs

As Always, God Bless,

James Arthur Ferguson