When Crypto Keys Go to the Grave: A Case in Risk Management

By Lowers & Associates,


This is one of those things that seems so obvious that you would have prepared for it. If you are the only one who has the encryption keys to a big stash of cryptocurrency, wouldn’t you take precautions to mitigate the possibility of your death?

In what must be one of the worst nightmares of cryptocurrency investors, news sources report that Canadian firm QuadrigaCX exchange CEO, Gerald Cotton, died in India on December 9, 2018 of complications of Crohn’s disease. He was reportedly the sole possessor of encryption keys to currency worth somewhere between $135 and $150 million. If these keys cannot be recovered, the company and the investors who trusted in it may simply have lost the digital money.

There have been very large losses from cryptocurrency exchanges before, but they have been due to hacker attacks that succeeded. Coindesk, a large American crypto exchange, reports that 2018 saw by far the largest losses of crypto due to hackers breaking into exchanges. They warned against keeping ‘hot’ wallets (coin storage) on the exchanges because the hackers were winning the technology race at the moment. The article argues that using hardware wallets (offline devices to store currency) “gives you the highest protection level.”

It is not clear in reports on this widely-circulating story whether Cotton kept the currency on hardware devices, or if he was just in sole possession of the encryption keys. Regardless where the digital coin is kept, you must have the keys to access it. The keys themselves must be stored in a secure fashion, with a method for retrieving them. Cotton’s wife claims that she has searched diligently for the keys to no avail—highly skilled coders are seeking ways to regain control of millions of dollars, with no success to date.

There has to be a plan.

Further, hardware keys in themselves are not the final security solution. Once encryption keys and/or currency are transferred to any offline medium, you have created an item that in itself is both valuable and vulnerable. Like jewelry or cash, offline stashes of cryptocurrency or the keys to access it become easily transported, high value assets.

Like jewelry or cash, offline crypto storage raises issues of transportation, hand-offs in the chain of custody, and storage security. All of these steps are exposed to significant risks of loss.

Some may look at the QuadrigaCX episode and conclude that cryptocurrency may be too risky for legitimate investors, and not ready for prime time. In the early years, crypto was often used in dark web transactions for drugs and money laundering, and there is a case to be made that it cannot function in a normal economic environment.

However, a greater certainty is that the crypto dream of creating a purely “free” means of exchange beyond the reach of any government is not without significant problems. Standard fiat currencies exist within structured sets of rules that track and evaluate transactions that provide some security. Money transport and storage businesses operate within these systems using carefully crafted risk management protocols to mitigate known threats.

Crypto may need to develop similar rules and work within fiat systems and/or adopt physical security similar to cash—to get the same level of security. To realize the potential advantages of cryptocurrencies for ordinary economic transactions, there needs to be a much higher level of control.


  Category: Risk Management
  Comments: Comments Off on When Crypto Keys Go to the Grave: A Case in Risk Management

[Slideshow] CIT Carriers: Emerging ITM Program Risks

By Lowers & Associates,

Interactive Teller Machines (ITMs) present a win-win for customers and banks alike. These machines offer new levels of automation, allowing banks to efficiently deliver a wide range of banking services. ITMs free up teller lines for higher level services, allowing customers to take care of basic needs on their own. ITMs bring new levels of convenience for customers who are increasingly comfortable with digital banking services.

ITMs also open up new opportunities for CIT carriers who are able to step up to the demands of servicing a more complex machine. That said, the details of ITM servicing cause concern and complexity. Consider the placement of the ITMs. While convenient for customers, their placements often put carriers at increased risk of attack. Not to mention the time it takes to service an ITM, which is significantly longer than a traditional ATM. These longer service windows also add to a carrier’s risk.

Our latest slideshow resource sheds light on emerging risks CIT carriers face as they look to expand their banking relationships to handle ITM servicing.

Flip through the presentation here:

  Category: Cash In Transit
  Comments: Comments Off on [Slideshow] CIT Carriers: Emerging ITM Program Risks

The Making of a High Reliability Organization [Infographic]

By Lowers & Associates,

The High Reliability Organization (HRO) is an irresistible topic. How can any organization (like an aircraft carrier) or organized system (like American commercial aviation) operate in a totally threat-filled environment without frequent catastrophic failure? How can any organization realistically seek perfect reliability under conditions where the unexpected is routine?

Organization design experts have been working out the answers to these questions over the past 20 years. What has emerged from this research is a growing understanding about how an organization in a complex environment can become a resilient, adaptable HRO.

People working in HROs continuously seek ways to improve processes, and use every failure as an opportunity to install beneficial changes. They do not assume that just because something has worked well in the past that it will always continue to do so. The people and the system they are part of are open to change.

Early research focused on “heroic” organizations like the U.S. commercial aviation system. In 2015, there were about 24,000 commercial flights every day, operating through a network of 476 control towers and 14,000 controllers. Yet there were zero fatalities due to operations in commercial aviation that year.

Vivid outcomes like this helped to highlight how HROs operate to manage the unexpected. These same principles can be used in more ordinary organizations and systems to improve performance. A prime example is how healthcare organizations of different types are working diligently to adopt HRO principles.

This infographic, The Making of a High Reliability Organization, gives a fast summary of the characteristics of an HRO. Managers of every organization should be familiar with HROs to evaluate how they might adopt operational and cultural factors that lead to very high reliability to their own environments.


5 Principles of High Reliability Organizations

By Lowers & Associates,

High Reliability Organizations (HROs) are anomalies. They exist in the kind of very complex, fast-evolving environments where you would expect chaos to prevail. But it doesn’t. HROs are able to cope successfully with unexpected conditions. That’s what makes these unusual organizations so attractive to researchers.

What can we learn from them?

Knowledge about HROs is rooted in what we call “heroic” organizations like aircraft carriers and air traffic control systems where a thousand things must go right every moment or someone dies. People like Karl Weick and Kathleen Sutcliffe, two of the most prominent scholars in the field, are beginning to stretch the concepts developed by evaluating HROs to apply to less heroic settings like banking, healthcare and manufacturing.

Weick and Sutcliffe use the phrase “mindful organizing,” which entails “sense-making, continuous organizing, and adaptive managing” to summarize the approach taken by HROs.[1] They identify 5 principles that make up the body of mindful organizing found in successful HROs, and in organizations that aspire to that continuously high reliability.

1. Preoccupation with Failure

Systems in modern organizations are complicated, and they experience failures. HROs focus like a laser on failure; they give “continuous attention to anomalies that could be symptoms of larger problems.” The basic insight here is that big problems don’t emerge fully formed in an instant. They are almost always preceded by smaller problems or anomalies, or evidence that would point to the big problem if it were given proper attention.

What HROs do NOT do is assume that if a control in place succeeds in containing a failure, everything is right. They look deeper into an incident to find underlying causes. They also do not lump a failure with common elements to another into a class that all are alike. Evidence is gathered and evaluated.

2. Reluctance to Simplify

Complexity means that organizations have numerous potential sources of failure, and HROs do not apply generalized terms to describe them. It is a common and convenient response to a problem to name a general kind of cause and consider it a solution, e.g., ‘the bank has a state of the art alarm system’ so the failure of the alarm can be fixed by replacing it. What if the alarm’s failure is caused by something deeper, what specifically was the cause? In HROs, the occurrence of a failure is taken as an opportunity to dig deeply into the details of the system involved to find a real cause-you differentiate the details within those broad, convenient generalizations.

3.  Sensitivity to Operations

Operations happen in real time, they include both discrete components and the system they compose. As such, operations generate outcomes that we can observe. The HRO continuously evaluates outcomes to determine if they are in fact serving the objectives of the organization. They do not assume that the continuous outcomes will be the same as planned, assumed, or hoped for.

Operations are what an organization does. In this sense, HROs treat them as hands-on experiences from which lessons about the organization can be taken to further improve function in real time.

4.  Commitment to Resiliency

“The signature of the high reliability organization is not that it is error-free, but that errors don’t disable it.” HROs are essentially adaptable, learning organizations. They can experience a failure but continue operating under degraded conditions while marshalling resources to restore capacity.

To operate like this, HROs can recognize emerging anomalies despite prior beliefs, experiences, or plans. In large part, this requires both open-minded observation and a willingness to react appropriately even under unanticipated conditions.

5.  Deference to Expertise

The fact that an HRO must be open-minded rather than judgmental leads to the idea that the culture of the HRO defers to expertise. The key point, however, is that the “expert” involved is the person with hands-on knowledge of the operation at the point of a failure, not the “expertise” conferred by hierarchical authority.

In the HRO, the expert has access to upward reporting, and there is no intimidation from authority to impede the communication. The openness required for the HRO to succeed depends on accurate information from every source.

Not every organization will adapt every HRO principle, at least in the short term. Many organizations can improve continuous operational reliability by adapting the pieces that fit. Over time, more and more of the organization can be improved this way, moving toward the “perfect reliability” objective of the HRO.

Learn more about making your organization an HRO in our new whitepaper, Building a High Reliability Organization.

[1] Weick, Karl and Kathleen Sutcliffe. Managing the Unexpected: Sustained Performance in a Complex World, 3rd Edition. Hoboken, NJ: John Wiley & Sons, 2015. p. 7, 21.

[Infographic] Your Hospital Security Program – A 3-Pronged Approach

By Lowers & Associates,

Violent crime is on the rise in healthcare institutions, up 40% over two years, according to a recent NY Times article. In fact, OSHA reports serious workplace violence is up to four times more likely in healthcare environments than in private industry.

Public institutions, hospitals, and medical facilities are subject to all of the same risks and threats as other public environments, and sometimes even more. People entering healthcare facilities are injured, sick, or otherwise compromised enough to require care. Loved ones accompanying them are also generally under stress or carrying concern. This combination of circumstances creates a perfect storm for irritability, tension, and even hostility, something that falls on the hospital security program to predict, prevent, monitor, and manage when something happens.

The weight is on hospital security systems to find and use effective best practices to reduce threats and resolve issues with minimal disruption or harm, preferably maximizing prevention.

In our latest infographic we examine three primary components of healthcare security’s best practices designed to meet today’s tough requirements: a strong presence, complete visibility, and a prompt, thorough response.

… Continue reading