2022 Security Risk Budget Outlook

Moving on up

At the onset of the pandemic, Security Risk budgets decreased as organizations shuttered their doors and employees left the office, and organizations under duress looked for places to cut costs. Many found their savings in the Security budget. But now, the potential to double or triple budgets in 2022 maybe a reality.

Our research shows approximately two-thirds of security budgets increased in 2021 from 2020, but still have yet to reach or return to 2019 levels. 2022 has the potential to change that.

As organizations are set to come back to life in 2022 security risk events have not gone away. In fact, the COVID-19 pandemic created new security challenges. The new challenges have yet to be solved, and as schools and businesses reopen / remain open during potential future surges, the security risks of the past return as well. In order to protect themselves from past, current, and future threats, organizations need to reinvest in physical security.

Really watch

Real camera surveillance and real-time monitoring integrated with a uniformed security guard force that is properly trained may be for some organizations the order of the day. High-caliber uniforms security guards and training necessary to protect against threats to an organization cost more than $15-20 an hour. Challenges will emerge to protect your organization, your information, your IP, your personnel. All of this may lead to an explosion of security requirements, and the budget.

Another factor contributing to budget increases in 2022 is executive protection. According to the Ontic 2021 Mid-Year Outlook: State of Protective Intelligence Report, 58% of CEOs and senior leaders who expressed a stance on political issues received physical threats. Senior Public Officials and local health department leadership who encouraged health measures like vaccination or mask-wearing have also become targets of physical threats. Against the backdrop of this increased threat landscape, executive protection has grown in importance among physical security professionals.

An inner look

These aforementioned types of threats could also come from inside an organization. Leadership will either take a stand, or not take a stand. The personnel of an organization expect their leaders to take a stand, whatever that might be, for or against a particular issue or concern. Unfortunately, pent up frustration surrounding decisions may not even be pandemic related, and at times still result in leaders being threatened. In many areas of the country, threats against “leadership” is foreign territory for many organizations.

Integration

The threat landscape has always been uncertain and rapidly changing. With many advancements in approach, strategy, and technology, organizations can protect themselves with integrated security risk strategies.

As both physical and cyber threats compound, organizations are tasked with protecting themselves on all sides. With increased and realized threats there is one unfortunate downside. Higher security costs as risks to supply chains, cyber and physical security risks increase. During this pandemic many organizations have unfortunately learned that their security profile may not be or has been at a level they had hoped it to be. New gaps have been found, existing weaknesses have become even weaker and due to other impacts of the pandemic, organizations may have struggled to get the necessary supplies, purchases and even personnel in a manner to which they were once accustomed.

Plug it

Identify your shortfalls, your gaps and plug the holes. A comprehensive risk assessment will assist in that process. If organizations fail to plug those holes, and as they begin to re-open even more, they unfortunately will remain or fall back into a vulnerable position.

Proactive hard work

Technology enhancements, uniformed security, executive protection, education, and plain old attentiveness and proactive behaviour towards security risks to quickly address existing and newfound challenges brought forth because of the pandemic will require increases in security budgets in 2022.

Now more than ever we need to move beyond reactive, and proactively secure our organizations.

It all simply starts with a plan.

We can Help.

Plan the Work. Work the Plan.

 

Should your Municipality need assistance, contact Michael White Group International today, and we will be happy to answer your questions. Visit michaelwhitegroup.com/contact/

 

Share

Tips to Run a Successful In-Person Meeting

Over the last two years, many of us had to learn how to connect differently than we were used to. Instead of putting on our best suit, we’re still in our jammies from the waist down. Instead of shaking hands we’re pushing unmute.

Slowly but surely, the world is beginning to open back up. Where it’s safe to do so, many meetings are returning to an in-person format. Since we’ve all become accustomed to doing things virtually, it may take a little time and effort to get back into the swing of the face-to-face meetings. Here are a few tips to help make your meetings run as smoothly as possible.

Set the Agenda:

Municipalities know this, but meetings always run more efficiently when there is an agenda to follow. Having a clear agenda helps set the expectations. If the conversation starts going off track, you can always point back to the agenda items to steer things in the right direction. Setting out estimated times each agenda item should take for discussion, will also help provide direction and keep folks on track.

Start on Time. End on Time.

While it may seem polite to wait for some late arrivals to join, there’s a bigger downside to holding off until everyone is in the room. First and foremost, this sets a bad precedent. Accommodating the latecomers shows the others that arrival times are lax. This can spiral out of control quickly. Secondly, the attendees who’ve prioritized arriving on time are now feeling frustrated that their time isn’t being seen as valuable.

Set Ground Rules:

Having a few basic ground rules around meeting etiquette can help provide great flow in your meeting. Some solid rules, or expectations, can be something simple like; participate, get focus, maintain momentum, and reach closure. If you list these rules at the top of your agenda, both new and returning attendees will understand the direction of the meeting.

End with an Action Plan:

We’ve all been in meetings where the conversation seems to go around in circles without resolving anything. It’s important to establish a plan of action for the agenda items that need follow-up. Assigning certain people to particular tasks and plotting out a course of accountability will ensure that your meetings have purpose and value to all of those involved. We’ve conducted meetings by video teleconference for so long, (and honestly, we’ve become pretty good at them), it will be an adjustment for everyone to start attending again in person. But a well-organized meeting, and Chairperson with good leadership skills, will get us all back
in the swing of things soon.

Oh, and one more thing – dig out that suit again. Things may have changed over the last couple of years, but it’s still not considered socially acceptable to wear pajama bottoms to an in-person meeting.

Share

How COVID-19 Permanently Digitized Site Selection

Have you ever had a meal, gone on a date, or enjoyed a vacation so good it made you never want to repeat the lower quality experiences you’ve had in the past? Why would you want to eat bad food, date a loser, or suffer scratchy hotel sheets when you knew there was a better way for you to live and you could keep living that way? That ah-ha moment is the same realization that happened with corporate site selection during COVID, and why professionals will not go back to the old way of doing business.

The global pandemic was a disaster for business expansions and relocations, including foreign direct investment (FDI). The data is clear that these projects declined significantly as a result of the COVID pandemic, just like the overall economy. It was natural that businesses were unsettled by the economic upheaval, so they were uncomfortable making multi-million-dollar corporate location decisions without physically and personally “kicking the dirt” as part of their due diligence.

Economic developers couldn’t physically travel to meet with businesses considering a prospective location expansion into their community, especially internationally, due to legal restrictions. Likewise, corporations weren’t travelling to meet with real estate developers or EDOs. The risk was too great; death from a virus or becoming quarantined outside of a home country made even aggressive businesspeople reconsider traditional operating procedures.

When traditional business practices fail, new strategies get implemented to overcome the obstacles; no companies want to be stuck being unable to take action to move their company forward, even in an unprecedented pandemic. And that’s exactly what happened with corporate expansions and site selection projects.

The only way to do site selection analysis leading to corporate location expansions in a non-physical world was to go digital. As a result, business, corporate real estate, and economic development engaged in a test of purely digital site selection out of necessity. But the result of the experiment was that it worked. The outcome of this positive result is that many businesses are discovering there is an alternative and better way to do site selection.

Of course, the transition toward online site selection has been a gradual trend that has been growing for decades. The difference is that COVID was a stress test to see if corporate site selection could be accomplished 100% digitally. Like other industries, this trial-by-fire accelerated trends and is normalizing new practices into standard operating procedures.

Digitization was not an experiment and trial run that was unique to economic development:

 Like these other digital experiments, digital site selection has revealed new advantages and proven theories. Digital site selection:

  • Enables companies to consider more communities faster
  • Communities can be more easily compared with objective and consistent benchmark data
  • Assumptions about the need for in-person were proven incorrect and that they were replaced with web meetings
  • Taking multiple web meetings gets more accomplished and is faster than flying and driving to numerous in-person meetings
  • Economic development GIS site selection software met the challenge to deliver relevant location information and site selection analysis in real-time

Two key reasons that companies will not go back to the old way of doing site selection are 1) they have discovered digital is an acceptable/preferable alternative and 2) their success story is being amplified in awareness to CRE peers and CEOs in other companies through mainstream media.

What does this new digital reality look like for the process of site selection? How are site selectors themselves doing things differently? Join us tomorrow for Part II of How COVID-19 Permanently Digitized Site Selection.

Share

New! Drive time data for cars, trucks, walk time on ZoomProspector

We’re thrilled to introduce yet another new feature on ZoomProspector: adjustable drive time analysis for cars, trucks and walking. This is a game-changer for prospective investors who need to assess transportation logistics, commute times and travel distances for target clients travelling in different ways, on different days and at different times. In keeping with GIS Planning’s ongoing commitment to excellence in the user interface, we’ve designed this feature to be intuitive, visual and easy for your website visitors to find.

The new drive time analysis is easy to find – it’s an enhancement of the radius/ drive time buttons at the top of every single property and pinpoint report. Now when you click “Minutes,” you’ll see icons that let you select car, truck or walk, with an additional option to click on and adjust the date, time and destination – from or to the selected location. We’ve made it even easier by also adding these options directly on the map for those website visitors who prefer to make adjustments over there.

Miami Dade ZoomProsepctor walk drive truck timeIt’s easier than ever for economic developers to inform site selectors and businesses making location decisions as they research long and shortlists of suitable communities and properties. You can read more about our new adjustable drive time analysis here. You can also click here to learn more about the other map tools that make ZoomProspector the most innovative and user-friendly online GIS data tool for site selection?

Would you like to learn more about how ZoomProspector can help drive investment to your community? Click here to schedule an online meeting and demo.

Share

How ZoomProspector makes you look like an economic development rockstar

GIS Planning’s clients range from small towns with a single economic development person (who often also handles duties at the chamber, the city manager’s office etc.) to large cities or regional and statewide economic development agencies with large staffs.

But no matter the size of the EDO is, they always have more projects and incoming requests than people or time.

Fortunately, GIS Planning clients can rely on the equivalent of an extra staff member with ZoomProspector working for their region.

Closeup portrait happy excited young economic developer celebrating successZoomProspector is available to answer questions 24/7 from anyone who comes to your website, whether they’re a potential investor, site selector or local entrepreneur. The industry’s leading GIS web tool for economic development can always be relied upon to offer accurate, up-to-date information in clear, visually compelling ways. And while it can’t crack a clever joke in meetings, celebrate birthdays or join co-workers for drinks after work, it will also never take a vacation, steal your lunch from the fridge or leave the coffee pot empty.

Reliable, smart and unflappable, ZoomProspector is the staff member every economic developer wants on their team. It makes everyone around them look good by helping them succeed. It makes you look like a rock star by facilitating quick, reliable research and helping generate beautiful, branded reports and polished proposals.

We have clients who speak with businesses only after that business has (in effect) qualified themselves by gathering information and answering questions, using the powerful analytical tools and extensive datasets provided by ZoomProspector.

In a fast-paced digital world where people want that information before they take time to pick up the phone and connect in person, ZoomProspector offers a critical competitive advantage. In many cases, simple questions about a community’s demographics, labor force, businesses, wages, etc. can be answered on the public ZoomProspector site using a few clicks of a mouse button.

As the most intuitive and user-friendly GIS site selection data tool on the market (by a long shot), they don’t need training or guidance to do so. You can rest confident that you aren’t losing leads before you even know they exist.

When more extensive data requests or RFP’s come in, GIS Planning clients have the ability to pull down and compose sophisticated reports on their community, with custom mile or drive time analyses around specific available sites or buildings, or around a pinpoint on a map. They can easily build and export reports from ZoomProspector in a few minutes. When our economic development clients receive incoming requests from elected officials, members of their community, academics or journalists, they too can be handled easily and quickly. Thus such request is transformed from a time-consuming nuisance to an easily handled opportunity to network, engage and build or bolster relationships with stakeholders.

Our drag and drop proposal generator now enables our clients to begin a response to an RFP, or begin crafting a proposal, with one click, and from there it’s easy to include available sites and buildings with relevant data reports, even include video and photos.

Best of all, anyone can perform the same high-level, detailed analyses on ZoomProspector at any time of day or night. GIS Planning created ZoomProspector to be a public-facing, easy-to-use source open access data portal. Economic developers can simply point to their own public website to answer basic questions, direct marketing campaigns to the website as a “call to action”, and make their website an integral part of their information toolkit.

With our ZoomTour platform, our clients can go even further and offer an online immersive experience, using media ranging from still photos to video to drone footage, and (of course) GIS Planning data tools, to provide a guided tour of a community (or a part of the community like the downtown area, or specific business clusters etc.), available 24/7, 365 days per year.

Learn how GIS Planning’s innovative GIS data tools for economic development can serve your community. Book a demo today!

Share

Municipal Work Opportunities for Our Professional Members!

Ontario Supports Modernization of Small and Rural Municipalities

The Ontario government is providing up to $24 million to support the modernization of 224 small and rural municipalities across the province. This investment will help improve the delivery of critical programs and services that people rely on every day, while saving taxpayers’ dollars.

A total of 254 projects have been approved for funding under Intake 2 of Ontario’s Municipal Modernization Program. Municipalities will use the funding to find efficiencies and implement a wide range of initiatives to digitize, streamline and/or integrate programs and services with neighbouring communities.

The funding will help municipalities administer the cost savings measures in time for the 2022 municipal budget cycle.

Here’s the List of Municipalities who received funding for various Municipal Service Delivery & Efficiency Projects.

If you offer any of the services these municipalities are looking for, select the municipality you would like to work with and watch their websites for RFPs for any Third-Party Review or Implementation opportunities.  You might also want to watch muniSERV’s Find RFP’s section and/or bidsandtenders listings.

For more information on the Municipal Modernization Program and the June 30th announcement, click here.

Share

Being aware – situationally aware

Our world has always been in a state of perpetual change. Now more than ever, it is perceived to be doing that at an ever-rapid pace.

Positive changes such as economic growth, and technology advancements to note a couple. Unfortunately, with the positive, comes the negative. A continuous cycle of persons who wish to do harm.

Safety and Security experts inform us that violent events will continue to happen. The violent extremist motivated and driven by an ideology, to the targeting of individuals, place of business, worship, acts of violence that permeate into every vertical, sector of business and government.

Active safety and security programs are continuous reviewed, modified to face existing and the new challenges of tomorrow.

To make your safety and security programs more effective, the program needs ambassadors, staff.

Ambassadors need to be aware. Situationally aware.

Situational awareness training provides your staff with valuable intelligence & time when facing safety and security situations of potential harm or danger.

Being situation aware is truly a change in mindset.

It is a way of thinking that will focus a person’s behaviour, their outlook, and their mental attitude. People that are aware are no longer vulnerable but capable.

Capable individuals are always prepared. Capable individuals are not complacent, they use technology to enhance their preparedness and response and their planning always includes a contingency plan.

Situationally aware staff improve the effectiveness of your safety and security program.

Situationally aware individuals enhance the workplace and enhance their personal safety and security.

We can Help.

Plan the Work. Work the Plan.

Should your Municipality need assistance in Situation Awareness training, contact Michael White Group International today, and we will be happy to answer your questions.

Michael White Group International is Arcuri Group LLC approved Situation Awareness Specialist Certification Training provider.

 

Share

How to Find the Budget for a Municipal Project

Have you ever received an RFP that doesn’t have any budget listed?  It makes it hard to truly understand the scope of the work requested, doesn’t it?

Municipalities have their hearts in the right place, but often they throw more “wants” into an RFP than they have the budget for. When the bids come in way over their budget, they have to start the whole RFP process all over again – wasting everyone’s time.  

Worst yet, those who bid the first time may not bother to submit a bid the second time around and the municipality may receive fewer bids and ultimately higher pricing.

In defense of municipalities, however, I’ve been on both sides of the argument on whether or not to include the budget for a project in an RFP.

As a CAO, I didn’t want to put the budget number in the RFP either, because I was afraid bidders would simply submit bids right up to the budget number. This is still a common misconception.

But now, experience has taught me, when bidders know the budget number, the reality is they more often submit bids lower than the budget, to try to win the work.

From the Bidders’ perspective though, it’s incredibly frustrating not knowing the budget number because you can’t accurately price the work without understanding the municipality’s expectations.

So, to connect the dots, here’s a tip for Bidders to find the budget for a municipal project.

 

In most cases you can, through good sleuthing, find the budget a municipality has set aside for a specific project.

  • Provincial Announcements

Often when Provinces announce funding for municipalities, they will have a press release and a link to find out which municipality received what amount for specific project(s). That’s the easiest way to find the budget for a project.  

  • Agendas & Minutes

If the municipality received funding for the project, Council will most likely have recently passed a resolution to approve the project.  By searching the municipality’s Agendas/ Minutes section of their website, you can usually find the resolution about a month or so before the RFP was issued.

Personally, I start by looking at the Agendas and searching keywords, related to whatever the RFP has been issued for.  (i.e. Service Delivery Review, Parks & Rec Roof Repairs, etc.).  The Agenda will help you narrow down the minutes that contain the resolution Council passed – and the resolution will normally have the dollar amount approved for the project.  

  • Budget

If the municipality did not receive funding for the project, you may not find a resolution approving it. So, another way you can sometimes find the budget for a project is by finding the municipality’s annual budget on their website.  

This is a bit harder to do if you’re not familiar with how a municipal budget looks, but look at the proposed expenditures for the current year, in the appropriate department and you may see the project noted separately in the annual budget. 

For example, you would most likely find the budget for “Service Delivery Review” in the General Administration part of the budget, or “Roof Repairs” in the Parks & Recreation part of the budget, etc.  

You can also check out the Special Budget Meetings of Council (again in the Agendas/Minutes section of the municipality’s website), and you may see mention of the project and how much Council wants to budget for it. 

It takes time, and it’s not always easy, but in most cases, it is possible to find the budget the municipality has set aside for a project. 

Happy Sleuthing Sherlock! 

Got questions?

Contact Susan Shannon, Founder & Principal, muniSERV.ca

855.477.5095 or [email protected]

 

Share

What type of testing is right for your website – Understanding the difference in website testing

In the last few weeks there has been a rise in reported malware and malicious attacks on small municipalities. Testing of three small municipality websites in recent weeks by our team has resulted in failures on all sites basic security parameters. We often hear small organizations saying they don’t need to worry about attacks, they aren’t “big enough” but anyone can be a target.

Regular testing your website for known vulnerabilities and emerging threats should become a part of your Cyber Security Road Map. The first step is identifying the type of web testing that is right for your infrastructure. Here are a few key questions to consider;

1) Where is your website hosted – do you host it yourself? Is it hosted by a third-party?
2) Who is responsible for the security of the host system, the operating system?
3) Do you have a web application firewall such as CloudFlare in front of your website?
4) Is your website a static page with content?
5) Do you have a login and if so what type of data is behind the login? Customer, pricing, private personal?
6) Do you have any API interactions with other applications?

When you start down the road of testing your website you want to consider the host operating system and the application. There are two key types of testing available, fully automated scanning and manual testing. Fully automated scanning is used for both host operating systems and web applications. The host operating system scan will scan for all currently known vulnerabilities affecting that operation system. It will report back on the CVE, the risk and usually suggested remediation tips. The same is true for the web application scanning. The fully automated web application scanner will scan your website at a minimum for the OWASP top 10 vulnerabilities and report back on risks and remediation. https://owasp.org/www-project-top-ten/.

Manual testing means that you have an actual person who is using various methods to determine the security of a host or the application and If the rules of the engagement permit, they will attempt to exploit a vulnerability and gain access, modify content or download information. There are varying degrees of manual testing, the simplest is one tester and one day and the more extensive 2 testers and 5 days of testing.

The type of test that is required for your website really depends on two main factors –

 

1. Have the host and application ever been tested before?

2. What is the criticality of the data being processed or stored on this site?

 

For example, if you have a very static page of content that is hosted by a third party, chances are a good OWASP 10 scan of you site will be sufficient to let you know if you have any glaring misconfigurations that could lead to a website defacement or potential attack on your site. If your website has a login and you allow users to sign up for accounts and host dynamic content, you would want to make sure you consider a manual test at least for the first test. Once a thorough baseline has been established for the site, testing can become more routine and automated.

We recommend you develop a plan for testing and make sure to include the above considerations. There might be special notifications you have to give in writing to a third party before you test an application, you might have to have a testing IP whitelisted in a web application firewall, you may need special accounts set up in the application for testing.

If you are unsure what type of test is right for your website, reach out to us and we will be glad to discuss options with you.

http://www.mi613.ca

Share

Are you a Winner or a Learner?

It seems to me that most of us are happy to just be agreeable when it comes to our perspective about how the world works. As individuals we find some sense of mental peace knowing that we think like the rest of a group.  

But I’ve always looked at things differently.  Sometimes I’m right and sometimes I’m wrong.  And when I am wrong, I’m never afraid to admit it.  I forgive myself and accept it as a learning experience.

As Lionel Ritchie recently told a contestant on American Idol, “When you win, you win.  When you lose, you learn.” 

It’s one thing to allow yourself this flexibility, but as a Manager or Leader do you extend this same flexibility to your team’s innovative ideas?   And, perhaps more importantly, if an idea fails, do you offer the same “forgiveness” for your team as you would for yourself?

Continue reading

Share