Joanna Makomaski

Joanna Makomaski is a specialist in innovative enterprise risk management methods and implementation techniques. She can be reached at riskletters@lrp.com.

Column: Risk Management

A Betrayal of Trust

By: | May 6, 2015 • 3 min read
Joanna Makomaski is a specialist in innovative enterprise risk management methods and implementation techniques. She can be reached at riskletters@lrp.com.

As part of my business management training, I took executive leadership courses. I lean on information from one course in particular every day. The course was entitled: Trust.

As a class, we debated the idea of trust and the importance of building trust with staff and within our organizations.

A question was posed: How does one build trust with another person specifically? Answers flew around the class: One needs to show integrity, be likeable, be good, to care, to listen, to acknowledge others. All the answers didn’t seem quite right.

Advertisement




The instructor interjected: “Trust is built when one demonstrates painfully consistent behavior.”

You don’t have to like someone to trust them. Take Mr. Grumpy-Pants who sits next to you in the office, who is gloomy and unpleasant every day. He may drag you down, but you probably can count on him. As opposed to Ms. Two-Face, who is sweet one day while the next she is stabbing you in the back. Hard to feel steady and trust her next move.

Trust problems cannot be solved by applying more technology. Trust issues are solved by actively building trust — starting with trust between pilots and their airlines.

Think of people you have difficulty trusting. Likely, it is because of their unsteady, unexpected or inconsistent behavior. Their surprising volatility impedes your ability to trust them.

This idea of trust has been front-of-mind for me lately. I write this column six days following the incomprehensible loss of 150 people on Germanwings flight 4U9525.

I watched hours of news footage that attempted to reveal what may have transpired that tragic day. Initially, the hours of analyses resulted in suggestions of increased safety measures to remove the risk of such an event ever occurring again. New technical measures were recommended including pilotless planes, remote aviation ability and flight-deck video surveillance.

Then, panel experts debated “failures” in aviation processes and safety systems including the flight deck door — a door system that was purposely redesigned post-911 to protect at all costs the most important people on the plane, the pilots.

It was suggested that the flight deck door safety system failed because the co-pilot was able to take advantage of the known impenetrability of the door to help perpetrate his plan. This insinuation bothered me on many levels.

Safety systems have goals. The design of a safety system starts with the question: What are we trying to protect? The flight deck door was designed to protect the pilots from unwanted intruders so they can do what we trusted them to do. Safely fly the plane.

The door system on the Germanwings flight did not fail. It behaved as it was designed. A redesign of the flight deck door will not reduce the risk of another pilot murder-suicide. The aviation regulator’s new requirement that at least two crew members remain in the flight deck at all times may add a new barrier but gives no guarantee.

Advertisement




The failure here was that of the co-pilot. He was in the position of utmost, blind trust for passengers. He deeply betrayed that privilege, a privilege bestowed on him by so many people. He failed; the safety systems did not.

Our interdependence with others forces our need for continued trust. Trust problems cannot be solved by applying more technology. Trust issues are solved by actively building trust — starting with trust between pilots and their airlines. If we are to revisit anything to improve risk and safety, let’s ensure there is trust — painfully consistent organizational behaviors that make flight crews truly feel safe to self-declare problems if need be. In that I trust.

Share this article:

Column: Risk Management

Google the Spy

By: | April 8, 2015 • 3 min read
Joanna Makomaski is a specialist in innovative enterprise risk management methods and implementation techniques. She can be reached at riskletters@lrp.com.

I’ve known for a while that giants like Google tracked me — information on my location, my web activity, my music choices. I’ve known they troll my emails looking for keywords for targeting advertisements and services. Quite frankly, trolling goes beyond Google. Every store I shop at seems to send me emails luring me to a purchase. Nowadays, right or wrong, this type of tracking has become par for the course.

As creepy as it all is, data mining is supposed to be done under the guise of “innocent” consumer profiling that ultimately provides us with customized support.

Advertisement




On the whole, I love my Google-driven Android smartphone and the support features it offers — truly brilliant in many ways. The premise of using my information to “help” me didn’t use to bother me at all.

In fact, the thought of someone trying to design an algorithm that reflects my ever-changing consumption habits and interests actually made me chuckle.

So it all seemed acceptable because I thought my smartphone was only being used to spy on me. I was the only one involved. I was the one taking the risk.

Over the years, I have amassed a lot of business contacts. I have diligently kept their contact information via Microsoft Outlook. Recently, I uploaded that contact list to my smartphone using the Google Contacts app. I now have access to all of my contacts’ information when I am mobile.

But what happened next floored me. After a few days, likely after Google got a chance to chew on all this new delicious information, my phone started to regurgitate things back at me.

Spying on me is one thing, spying on my business colleagues and friends is another. The thought that I may have inadvertently put my colleagues at risk sickens me.

I received stock-ticker feeds of companies where my contacts work, and for companies with similar names to those where my contacts work. I also got travel suggestions based on my contacts’ addresses and news articles that referenced contact names, or those similar to my contacts. And I got solicitation emails from persons using names from my contact list.

I no longer feel as neutral about Google’s mining activities. Spying on me is one thing, spying on my business colleagues and friends is another. The thought that I may have inadvertently put my colleagues at risk sickens me.

Exploiting my business community without their express consent is just wrong, especially today where cyber security risks run rampant, where organizations spend billions protecting their networks and information, and where we are tirelessly putting in place safeguards around managing risks associated with remote access or unauthorized activity with client information. It is irresponsible.

Our collective goal should be to protect all of our clients, and keep their information safe and away from the risk of exploitation and misuse. The convenience of using applications like Google Contacts is to serve my clients better, not to breach their values. Google saw opportunity but handed me risk.

Advertisement




Since then, I have searched the bowels of Google’s account settings, looking for that elusive check box to disallow this silliness. After a few days’ search, there it was: “Use my Google contact information to suggest accounts from other sites.” Uncheck.

I have since written to Google regarding this experience and the irony in their auto-reply was almost amusing: “We value every piece of feedback we receive … we will use your comments as we strive to improve your Google experience.”

Share this article:

Column: Risk Management

Survival 101

By: | March 2, 2015 • 3 min read
Joanna Makomaski is a specialist in innovative enterprise risk management methods and implementation techniques. She can be reached at riskletters@lrp.com.

I recently saw a riveting presentation by Michael Sjøberg. He is a hostage survival expert with the Human Advisor Group in Copenhagen, Denmark. Michael afforded me a glimpse into the world of kidnap and ransom that is sadly plaguing our reality today.

Advertisement




My jaw dropped when I learned some statistics. Around 15,000 to 20,000 kidnapping, extortion and illegal detention incidents occur every year globally. That translates to 40 to 55 a day. In approximately 67 percent of kidnapping cases, ransom is paid with an average payment of $2 million. An estimated $1.5 billion is being paid to kidnappers annually. These numbers are staggering.

My exposure to the horrors of a kidnap and ransom situation have been limited, thankfully, to what I see on the news which seems to occur too often lately. As a risk manager, I have also explored and purchased kidnap and ransom (K&R) insurance policies for firms for whom I have worked. The policy mitigates financial risk where the insured is assured reimbursement of ransom under the policy.

Sjøberg’s talk was an eye-opener for me. His focus was on the kidnap victim, not the ransom. One of his specialties is helping people survive a kidnap and ransom event. When a person is kidnapped, it is a psychologically traumatic event. In seconds, a victim’s life transforms from ordinary to absolute terror. People instinctively react in variable ways. Some freeze, while others resist.

A kidnap victim’s sole focus should be not on escaping, but on survival — physical and psychological survival.

The first 30 minutes of a kidnapping event are known to be the most dangerous. This is when the kidnappers are most on edge and susceptible to violence. Sjøberg stressed that it is critical that the victim gain control over their emotions and react in ways that are calculated to increase their chance of survival.

A kidnap victim’s sole focus should be not on escaping, but on survival — physical and psychological survival.

Sjøberg shared an abduction story of a family of four with two small children. With training, the parents knew the psychological importance of maintaining the semblance of a daily routine while in captivity. Even though they had no toothbrushes, the children improvised brushing their teeth, maintained a routine sleep schedule and did schoolwork every day.

They also tried to establish a rapport with their abductors — engaging with them on universal subjects like family and sports. Their goal was to get the hostage-takers to see them as real people, a real family, rather than objects.

They also knew not to try to negotiate their own release. Much like trying to perform your own surgery, it is better to leave such skilled work to highly trained professionals.

Many “at-risk” organizations know little about kidnapping and what actually happens before, during and after a kidnapping takes place. This to me was the most alarming. Thousands of employees travel internationally to high-risk regions every day where kidnap and ransom is a genuine threat.

Advertisement




Would your employees know what to do if they were kidnapped? Do your employees know what type of action the company will take to secure their release? Does your organization understand how they would respond? Does your organization work with trained security professionals to handle the situation? Is this discussed in your safe travel and risk management program?

Sjøberg strongly recommended employers put expatriate employees through a rigorous training program. Employees should be taught what to do and what not to do in the event they are kidnapped. It can mean the real difference to their survival.

Share this article: