Categories
Uncovering Hidden Risks

Ep 13 – Unveil Data Security Paradoxes

Herain Oberoi, General Manager of Data Security, Privacy, and Compliance for Microsoft, joins Erica Toelle and guest host Tina Ying, Senior Product Marketing Manager at Microsoft, on this week’s episode of Uncovering Hidden Risks. Microsoft has recently released a new report called the Data Security Index. Erica, Tina, and Herain explain what drove the team to complete this research, release the report, and share valuable insights that can empower organizations to optimize their data security programs.

In This Episode You Will Learn:

  • Why do more tools bring less security, but organizations still adopt them?
  • When organizations should allocate resources to optimize data security
  • How security leaders can lead their teams with the goal of enhancing all-up security posture

Some Questions We Ask:

  • How can organizations enhance their data security posture?
  • Should organizations purchase best-of-suite or best-of-breed solutions?
  • What advice do you give organizations facing the challenge of using isolated solutions?

Resources:

View Herain Oberoi on LinkedIn

View Tina Ying on LinkedIn

View Erica Toelle on LinkedIn

Related Microsoft Podcasts:

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Connect with the Compliance Podcast Network at:

LinkedIn: https://www.linkedin.com/company/compliance-podcast-network/
Facebook: https://www.facebook.com/compliancepodcastnetwork/
YouTube: https://www.youtube.com/@CompliancePodcastNetwork
Twitter: https://twitter.com/tfoxlaw
Instagram: https://www.instagram.com/voiceofcompliance/
Website: https://compliancepodcastnetwork.net/

Categories
Uncovering Hidden Risks

Ep 12 – Cloud Security Posture Management: Top Risks and Best Practice Solutions

Drew Nicholas, Microsoft Principal Security Global Black Belt, joins Erica Toelle and guest host Daniela Villarreal, Sr. Product Marketing Manager for Microsoft Defender for Cloud, on this week’s episode of Uncovering Hidden Risks. Drew has spent eight-plus years at Microsoft in different roles. These roles include working for Microsoft’s consulting services, Microsoft’s customer-facing Incident Response team, and his current position. Drew, Erica, and Daniela provide insight into hidden risks in cloud-native apps to help customers gain visibility and control of their cloud security posture and take a risk-based approach to proactive cloud security.

In This Episode You Will Learn:

  • How cloud security posture fits into the big picture of security
  • Qualities organizations should look for in a cloud security posture management tool
  • How different platforms can help strengthen cloud security posture

Some Questions We Ask:

  • Regarding cloud-native application development, what security trends have you seen?
  • Why is cloud security posture so important?
  • What risks can a unified security posture management approach help address?

Resources:

View Drew Nicholas on LinkedIn

View Daniela Villarreal on LinkedIn

View Erica Toelle on LinkedIn

Related Microsoft Podcasts:          

Listen to: Afternoon Cyber Tea with Ann Johnson 

Listen to: Security Unlocked

Listen to: Security Unlocked: CISO Series with Bret Arsenault

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Connect with the Compliance Podcast Network at:

LinkedIn: https://www.linkedin.com/company/compliance-podcast-network/
Facebook: https://www.facebook.com/compliancepodcastnetwork/
YouTube: https://www.youtube.com/@CompliancePodcastNetwork
Twitter: https://twitter.com/tfoxlaw
Instagram: https://www.instagram.com/voiceofcompliance/
Website: https://compliancepodcastnetwork.net/

Categories
Uncovering Hidden Risks

Ep 11 – Cybersecurity 101: What are the Three Pillars of a Robust Strategy

Cybersecurity is not just a defensive strategy; it can be a powerful driver of an organization’s success. In this episode, host Erica Toelle talks to Nashid Shaker, AVP, Information and Cyber Security Strategy at Canadian Western Bank Financial Group, and Antonio Maio, Managing Director at Protiviti, about how to tactically create a cybersecurity strategy that aligns with business goals, fosters trust, and enables innovation. Nash is an experienced and innovative cybersecurity leader passionate about orchestrating secure digital transformations that fuel growth, leveraging a multidisciplinary background in strategic planning and cybersecurity.

In This Episode, You Will Learn:

  • When it’s time to re-evaluate your cybersecurity strategy
  • What cybersecurity leaders should think about today to prepare for a future that will use AI.
  • Predictions for cybersecurity in the next 2–4 years.

Some Questions We Ask:

  • What is the top risk that organizations tend to overlook?
  • What are some tips for how cybersecurity leaders should engage with the C-suite?
  • Can cybersecurity contribute to an organization’s bottom line or mission?

Resources:

View Nash Shaker on LinkedIn

View Antonio Maio on LinkedIn

View Erica Toelle on LinkedIn

Related Microsoft Podcasts:               

Listen to: Afternoon Cyber Tea with Ann Johnson 

Listen to: Security Unlocked

Listen to: Security Unlocked: CISO Series with Bret Arsenault

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Connect with the Compliance Podcast Network at:

LinkedIn: https://www.linkedin.com/company/compliance-podcast-network/
Facebook: https://www.facebook.com/compliancepodcastnetwork/
YouTube: https://www.youtube.com/@CompliancePodcastNetwork
Twitter: https://twitter.com/tfoxlaw
Instagram: https://www.instagram.com/voiceofcompliance/
Website: https://compliancepodcastnetwork.net/

Categories
Daily Compliance News

Daily Compliance News: January 11, 2024 – The SAP Again Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

In today’s edition of Daily Compliance News:

  • FINRA says AI is emerging.  (WSJ)
  • SAP has yet another FCPA enforcement action.  (FCPA Blog)
  • Microsoft OpenAI investment faces EU scrutiny. (Reuters)
  • The SEC approves a new type of Bitcoin fund.  (NYT)
Categories
Daily Compliance News

Daily Compliance News: July 18, 2023 – The Polite to Exit Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories covered in today’s edition:

  • Head of DOJ Criminal Division, Kenneth Polite, to step down. (WSJ)
  • What is risk? (NYT)
  • Microsoft to face EU probe over bundling. (FT)
  • Tesla Directors settle comp suit. (Reuters)
Categories
Uncovering Hidden Risks

Ep 10 – How eDiscovery Can Help You Reduce Data and Risks in Three Steps

Description:

As data volumes continue to balloon, it’s becoming clear that the quickest path to victory does not involve the fewest steps. This month’s episode of Uncovering Hudden Risks explores ways to defensibly move data minimization decisions upstream to collaboratively expedite the eDiscovery process. EJ Bastien, Director of Discovery Programs at Microsoft, joins Erica Toelle and guest host Caitlin Fitzgerald for the discussion. EJ leads the eDiscovery and Litigation Support team at Microsoft. EJ shares his experience using technology to address the challenges of eDiscovery in the modern cloud world and shares some strategies and best practices to help mitigate risk.

In This Episode You Will Learn:

  • Advice for organizations trying to handle the growing amount of new data types
  • Best practices for implementing an effective eDiscovery strategy
  • Why you should be excited about the future of eDiscovery

Some Questions We Ask:

  • What trends are you seeing that are affecting the eDiscovery space?
  • How you are approaching some of the new technology innovations?
  • What benefits are there to using Purview eDiscovery Premium internally at Microsoft?

Resources:

View EJ Bastien on LinkedIn

View Caitlin Fitzgerald on LinkedIn

View Erica Toelle on LinkedIn

Related Microsoft Podcasts:          

Listen to: Afternoon Cyber Tea with Ann Johnson

Listen to: Security Unlocked

Listen to: Security Unlocked: CISO Series with Bret Arsenault

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Categories
Uncovering Hidden Risks

Ep 9 – Don’t Get Caught Unprepared: Three Steps to Manage the Risks of Multicloud

This month’s episode of Uncovering Hidden Risks discusses the risks of running a multicloud strategy and how customers can think about this as they accelerate their digital transformation.

Ashish Kumar, Principal PM Manager at Microsoft, joins Erica Toelle and guest host Daniel Hidalgo on this week’s episode of Uncovering Hidden Risks. Ashish has over 25 years of experience in Engineering, Consulting, and Technology sales, helping businesses build products, increase revenue and market share, enhance branding, and lower operational costs. Ashish discusses the intersection between security and compliance, why knowing your posture is essential, and how we can have a safer digital world. You can also check out Ashish’s book, “Managing Risks in digital transformation.”

In This Episode You Will Learn:

  • The risks involved when you operate a multi-cloud environment
  • The importance of having real-time view of your cloud configuration and associated threats

Some Questions We Ask:

  • What is multi-cloud, and why is it important?
  • Can you share some takeaways for listeners looking to implement a multi-cloud strategy?
  • What is the main difference between hybrid and multi-cloud?

Resources:

View Ashish Kumar on LinkedIn

View Daniel Hidalgo on LinkedIn

View Erica Toelle on LinkedIn

Categories
Uncovering Hidden Risks

Ep 8 – Three Steps to Master Information Governance in Your Organization

Randolph Kahn, a globally recognized leader in information governance and President of Khan Consulting, joins Erica and guest host Natalie Noonan on this week’s episode of Uncovering Hidden Risks. Randolph has been an expert witness in significant court cases and is a trusted advisor to corporations and governmental agencies. He is also an accomplished author, speaker, and adjunct professor of Law and Policy of Electronic Information and The Politics of Information. Randolph and Erica discuss Information Governance and the industry trends they are currently seeing in this space.

In This Episode You Will Learn:

  • How the increase in regulations affects current data management trends
  • Why organizations are suffering information mismanagement failures
  •  If current technology capabilities and functionality are sufficient

Some Questions We Ask:

  • What requirements are important for information governance?
  • Why should organizations take advantage of newer technologies?
  • What’s next after an organization has clearly identified its new requirements?

Resources:

View Randolph Kahn on LinkedIn

View Natalie Noonan on LinkedIn

View Erica Toelle on LinkedIn

Categories
GalloCast

GalloCast – Episode 9, Live at ECI

Welcome to the GalloCast. You have heard of the Manningcast in football. Now we have the GalloCast in compliance. The two top brothers in compliance, Nick and Gio Gallo, come together for a free-form exploration of compliance topics. It is a great insight into compliance brought to you by the co-CEOs of Ethico. Fun, witty, and insightful with a dash of the two brothers throughout. It’s like listening to the Brothers Gallo talk compliance at the Sunday dinner table. Hosted by Tom Fox, the Voice of Compliance.

In this episode of the GalloCast, the trio discusses some of the most challenging issues companies face regarding ethics and compliance. They start by diving into the recent $767 million fine slapped on British American Tobacco for colluding to sell cigarettes into North Korea, violating sanctions. They debate who should be held accountable for changing a company’s culture, how deep-rooted biases can affect decision-making, and the effectiveness of regulatory enforcement. The discussion covers the intricacies of ethics in different business models, including distributor and commissioned sales agent models. They also discuss the risks and benefits of a conservative approach and the adaptability of ethics and compliance programs.  The episode concludes by discussing cultural fit in mergers or acquisitions and how finding common ground and preserving distinctness can be accomplished. Don’t miss out on the wealth of insights and practical advice on navigating these challenging issues in the corporate world. Tune in to GalloCast now!

Key Highlights:

  • BAT’s illegal sales to North Korea
  • Determining Right and Wrong in Corporate Decisions
  • Balancing Values and Profit in Business
  • Balancing Compliance and Ethics Programs
  • Adapting Ethics & Compliance Programs
  • Ethics and Compliance Teams in Companies
  • Dangers of Groupthink in Decision-Making
  • Culture’s Role in Business Mergers and Acquisitions
  • Cultural Integration in Mergers & Acquisitions

Resources

Nick Gallo on LinkedIn

Gio Gallo on LinkedIn

Ethico

Tom Fox 

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

Categories
Corruption, Crime and Compliance

Microsoft Pays OFAC and BIS Over $3.3 Million to Settle OFAC Sanctions Violations

Microsoft recently paid over $3 million for multiple sanctions violations involving illegal exports of services and software to sanctioned jurisdictions. The violations spanned seven years and involved prohibited Russian entities or persons located in the Crimea region of Ukraine. However, what makes this case particularly intriguing is the remedial actions taken by Microsoft, which offer best practices and insights into what can be done when resources are available. In this week’s episode of Corruption, Crime, and Compliance, Michael Volkov takes a deep dive into the Microsoft OFAC enforcement action.

He discusses these ideas:

  • Microsoft committed 1339 transactions in violation of multiple sanctions programs over seven years, totaling over $12 million worth of sales and services.
  • Violations included the sale of software licenses and the provision of related services from servers and systems located in the US and Ireland to SDNs, blocked persons, and other end users located in Cuba, Iran, Syria, Russia, and the Crimea region of Ukraine.
  • The violations were due to Microsoft’s failure to obtain complete or accurate information on the identities of end customers and shortcomings in its restricted party screening. At times, Microsoft Russia employees intentionally circumvented Microsoft screening controls to prevent other Microsoft affiliates from knowing the identity of the ultimate end customers.
  • Microsoft’s significant remedial measures included enhancing its trade compliance program, improving its governance structure and screening resources, adopting a new three lines of defense model, and conducting a holistic risk assessment to identify and remediate instances of prohibited engagements.
  • Microsoft deployed a multidisciplinary internal investigation team proficient in 16 foreign languages, modified its procedures to respond to matches, and expanded the scope and volume of data screened.
  • “Companies with sophisticated technology operations and a global customer base should ensure that their sanctions compliance controls remain commensurate with risk.” 
  • Companies should consider conducting a holistic risk assessment to identify and remediate prohibited engagements and ensure that employees adhere to the sanctions compliance program.
  • OFAC emphasized that companies conducting business through foreign-based subsidiaries, distributors, and resellers should have sufficient visibility into their end-users, including through the provision of services after an initial sale.

 

KEY QUOTES:

“Now, when Microsoft supported these third party sales to prohibited parties, they provided prohibited software and services to SDNs and end customers in sanctioned jurisdictions and the violations occurred. The root cause really was because Microsoft did not have complete or accurate information on the identities of the end customers for Microsoft’s products.” – Michael Volkov

 

“Companies with sophisticated technology operations and a global customer base should ensure that their sanctions compliance controls remain commensurate with that risk and leverage in appropriate technological compliance solutions.” – Michael Volkov

 

“Testing or auditing, whether conducted on a specific element of a compliance program or enterprise wide level, are important tools to ensure that the program is working as designed and weaknesses are promptly remediated.” – Michael Volkov

 

Resources:

Michael Volkov on LinkedIn | Twitter

The Volkov Law Group