The question is, how prepared are you? ARE you, REALLY?
Have you done a complete Business Risk Assessment to fully identify and evaluate all the risks aimed at your business? Do you have a Disaster Recovery Plan, and a Business Continuity Plan in place? Insurance companies may offer reduced premiums to businesses who implement a full, ongoing, iterative effort to mitigate risks, so this information may not only save you some outgoing capital, but it can also downright save your business.
This week, I am going to pull the shades back a little bit so you can take a peek into my world, what I come up against daily in the fight against threats of all kinds. Certainly, protecting your data and IT systems from hackers is a necessity, but there are more threats than just that.
All right, so you are sitting in your office, or your front counter, depending on your type of business, and everything seems to be humming along smoothly. Great. I want to keep things like this for you, but in order to do so, we need to anticipate certain risks, and consider how to minimize them. I am going to give you an extremely condensed crash course of some things you should consider, and have a serious discussion with your partners to make sure some of the following points are taken into consideration. While I will just briefly touch on a few items, I think this will be quite valuable for you.
First, let’s identify your business assets: Inventory, buildings and property, cash, information and data, hardware, software, documents, personnel, brand recognition, the reputation and goodwill of your business or organization.
Next, we look at threats, risks, and vulnerabilities that can come in a variety of ways:
Outside threats include natural disasters, man made disasters, terrorism, errors, malicious damage or attacks, fraud, theft, equipment or software failure, these are just a few.
Then we need to consider internal vulnerabilities, such as Management or Administrative, Technical, Operations or Physical. This means things like unprotected facilities, computer systems, data, insufficient procedures and controls, and insufficient or unqualified personnel.
It doesn’t stop there. IF you are a business that depends on suppliers for raw materials, do you have an alternate backup supplier lined up in the instance your main supplier is unable to deliver to you?
All of the factors above can seriously impact your business. Simply put, an impact is the loss created when a threat exploits a vulnerability.
Threats impact tangibles, such as direct loss of money, endangered staff or customers, loss of business opportunity, reduction in operational efficiency or performance, and interruption of business activity. These also affect intangibles, for example, breach of legislation or regulatory requirements, loss of reputation or goodwill, and breach of confidence.
Now that we talked about some threats and things to consider, let’s talk about implementing a good Business Continuity Plan. There are four levels of operation for your business:
Critical: Your business can not function without these functions for more than 24 hours.
Necessary: Required for normal operation, but your business can function for up to 30 days without these functions.
Desirable: Not necessary for normal operation, but enhances operations.
Optional: Nice to have, but does not affect normal operations.
Let’s consider what your business NEEDS in order to perform and function, then ask yourself the following questions:
WHO is responsible for the operation of this function? WHAT do these individuals need to perform their function? WHEN should this function be accomplished relative to other functions? WHERE will this function be performed? How is this function performed? Why is this function so critical to the operation of your business?
Now you see how important it is to have controls, counter measures, and safeguards in place. Simply skimming the surface has revealed some critical points for you to consider.
Hopefully this will give you a good starting foundation with which you can build on, and prepare for any event that may happen in the future.