Joanna Makomaski

Joanna Makomaski is a specialist in innovative enterprise risk management methods and implementation techniques. She can be reached at riskletters@lrp.com.

Column: Risk Management

Google the Spy

By: | April 8, 2015 • 3 min read
Joanna Makomaski is a specialist in innovative enterprise risk management methods and implementation techniques. She can be reached at riskletters@lrp.com.

I’ve known for a while that giants like Google tracked me — information on my location, my web activity, my music choices. I’ve known they troll my emails looking for keywords for targeting advertisements and services. Quite frankly, trolling goes beyond Google. Every store I shop at seems to send me emails luring me to a purchase. Nowadays, right or wrong, this type of tracking has become par for the course.

As creepy as it all is, data mining is supposed to be done under the guise of “innocent” consumer profiling that ultimately provides us with customized support.

Advertisement




On the whole, I love my Google-driven Android smartphone and the support features it offers — truly brilliant in many ways. The premise of using my information to “help” me didn’t use to bother me at all.

In fact, the thought of someone trying to design an algorithm that reflects my ever-changing consumption habits and interests actually made me chuckle.

So it all seemed acceptable because I thought my smartphone was only being used to spy on me. I was the only one involved. I was the one taking the risk.

Over the years, I have amassed a lot of business contacts. I have diligently kept their contact information via Microsoft Outlook. Recently, I uploaded that contact list to my smartphone using the Google Contacts app. I now have access to all of my contacts’ information when I am mobile.

But what happened next floored me. After a few days, likely after Google got a chance to chew on all this new delicious information, my phone started to regurgitate things back at me.

Spying on me is one thing, spying on my business colleagues and friends is another. The thought that I may have inadvertently put my colleagues at risk sickens me.

I received stock-ticker feeds of companies where my contacts work, and for companies with similar names to those where my contacts work. I also got travel suggestions based on my contacts’ addresses and news articles that referenced contact names, or those similar to my contacts. And I got solicitation emails from persons using names from my contact list.

I no longer feel as neutral about Google’s mining activities. Spying on me is one thing, spying on my business colleagues and friends is another. The thought that I may have inadvertently put my colleagues at risk sickens me.

Exploiting my business community without their express consent is just wrong, especially today where cyber security risks run rampant, where organizations spend billions protecting their networks and information, and where we are tirelessly putting in place safeguards around managing risks associated with remote access or unauthorized activity with client information. It is irresponsible.

Our collective goal should be to protect all of our clients, and keep their information safe and away from the risk of exploitation and misuse. The convenience of using applications like Google Contacts is to serve my clients better, not to breach their values. Google saw opportunity but handed me risk.

Advertisement




Since then, I have searched the bowels of Google’s account settings, looking for that elusive check box to disallow this silliness. After a few days’ search, there it was: “Use my Google contact information to suggest accounts from other sites.” Uncheck.

I have since written to Google regarding this experience and the irony in their auto-reply was almost amusing: “We value every piece of feedback we receive … we will use your comments as we strive to improve your Google experience.”

Share this article:

Column: Risk Management

Survival 101

By: | March 2, 2015 • 3 min read
Joanna Makomaski is a specialist in innovative enterprise risk management methods and implementation techniques. She can be reached at riskletters@lrp.com.

I recently saw a riveting presentation by Michael Sjøberg. He is a hostage survival expert with the Human Advisor Group in Copenhagen, Denmark. Michael afforded me a glimpse into the world of kidnap and ransom that is sadly plaguing our reality today.

Advertisement




My jaw dropped when I learned some statistics. Around 15,000 to 20,000 kidnapping, extortion and illegal detention incidents occur every year globally. That translates to 40 to 55 a day. In approximately 67 percent of kidnapping cases, ransom is paid with an average payment of $2 million. An estimated $1.5 billion is being paid to kidnappers annually. These numbers are staggering.

My exposure to the horrors of a kidnap and ransom situation have been limited, thankfully, to what I see on the news which seems to occur too often lately. As a risk manager, I have also explored and purchased kidnap and ransom (K&R) insurance policies for firms for whom I have worked. The policy mitigates financial risk where the insured is assured reimbursement of ransom under the policy.

Sjøberg’s talk was an eye-opener for me. His focus was on the kidnap victim, not the ransom. One of his specialties is helping people survive a kidnap and ransom event. When a person is kidnapped, it is a psychologically traumatic event. In seconds, a victim’s life transforms from ordinary to absolute terror. People instinctively react in variable ways. Some freeze, while others resist.

A kidnap victim’s sole focus should be not on escaping, but on survival — physical and psychological survival.

The first 30 minutes of a kidnapping event are known to be the most dangerous. This is when the kidnappers are most on edge and susceptible to violence. Sjøberg stressed that it is critical that the victim gain control over their emotions and react in ways that are calculated to increase their chance of survival.

A kidnap victim’s sole focus should be not on escaping, but on survival — physical and psychological survival.

Sjøberg shared an abduction story of a family of four with two small children. With training, the parents knew the psychological importance of maintaining the semblance of a daily routine while in captivity. Even though they had no toothbrushes, the children improvised brushing their teeth, maintained a routine sleep schedule and did schoolwork every day.

They also tried to establish a rapport with their abductors — engaging with them on universal subjects like family and sports. Their goal was to get the hostage-takers to see them as real people, a real family, rather than objects.

They also knew not to try to negotiate their own release. Much like trying to perform your own surgery, it is better to leave such skilled work to highly trained professionals.

Many “at-risk” organizations know little about kidnapping and what actually happens before, during and after a kidnapping takes place. This to me was the most alarming. Thousands of employees travel internationally to high-risk regions every day where kidnap and ransom is a genuine threat.

Advertisement




Would your employees know what to do if they were kidnapped? Do your employees know what type of action the company will take to secure their release? Does your organization understand how they would respond? Does your organization work with trained security professionals to handle the situation? Is this discussed in your safe travel and risk management program?

Sjøberg strongly recommended employers put expatriate employees through a rigorous training program. Employees should be taught what to do and what not to do in the event they are kidnapped. It can mean the real difference to their survival.

Share this article:

Column: Risk Management

Drawing the Line

By: | February 19, 2015 • 3 min read
Joanna Makomaski is a specialist in innovative enterprise risk management methods and implementation techniques. She can be reached at riskletters@lrp.com.

Very early in my career I had the privilege to lunch with H. Felix Kloman. Kloman is known to many of us in the risk management community as a long-time student and commentator of the risk management discipline. He was for 33 years the editor and publisher of Risk Management Reports.

Advertisement




Over lunch, we exchanged new ideas on Enterprise Risk Management (ERM), its inherent challenges and novel methods. One thing is true about Kloman’s communication: he says it how it is. I have a lot of respect for him for that. It takes a lot of courage scribing your ideas — some popular, some not — for all to read and judge.

That day, he said something to me that was very powerful: “nothing becomes true until you write it down.” He then encouraged me to write throughout my career.
Often I think of what he said. I have come to hold in the highest regard the power of the written word.

I guess the challenge here is the risk identification and assessment of words that could incite harmful actions. It can be a complex equation with often sensitive cultural dynamics and paradigms.

Daily I am reminded of that power. As I write this column I am very conscious of the message I want to relate. I consider if my message will be deemed as educational or condescending.

Will my message be read as a rant? Will my message try to corroborate issues felt by others in my profession? Will my message provoke a debate with my readers? And most importantly to me, I consider if my message may offend unnecessarily?

The risk of writing became very real to me as I watched coverage of the horrific murders at the Charlie Hebdo offices in Paris. The event made me seriously reflect on the real risks inherent with freedom of speech.

The First Amendment of the Constitution protects the right to freedom of expression from government interference. Anyone who has an opinion has a right to voice it. People risk their lives and die for that right.

I consider the late Stéphane Charbonnier from Charlie Hebdo who said: “I prefer to die standing than living on my knees.”

Writing is risky. Ask any and all editors. Editorial decisions are made word by word, nuance by nuance, delicately assessing if a piece is a fair and honest commentary based on fact and not malice. Is the piece possibly defamatory or infringing? When it comes to matters of public interest, is the communication responsible?

Is being responsible with our words considered an infringement on our freedom of speech? Are we creating unnecessary risk by at times speaking irresponsibly?
In many ways as a society, we have already drawn the line when it comes to “free” speech. We’ve agreed to exceptions and bounds on our freedom of speech.

Advertisement




Namely, we don’t have the right to say things that could “incite action to harm others or an immediate breach of the peace” — such as yelling “fire” in a crowded theater.

I guess the challenge here is the risk identification and assessment of words that could incite harmful actions. It can be a complex equation with often sensitive cultural dynamics and paradigms.

Here’s the question I struggle with: if we know that certain words have incited harm to others, do we or do we not draw a line? As they say, “the pen is mightier than the sword,” and “with such power comes responsibility.”

Share this article: