Ignoring Risk won’t make it go away
Cyber crime is one of the most insidious threats facing businesses. As reported here, more than 50% of businesses have suffered cyber attacks–70% of them being small to medium-sized businesses with as many as 60% going out of business following such an attack. Yet, one study found that 70% of organizations were unprepared to address cyber crime.
Nevertheless, cyber crime is not the only threat facing businesses. For instance, as civil unrest has unfolded, small to medium-sized businesses across the country have faced the possibility of substantial property damage due to vandalism and arson.
Given the reality of threats to our nation’s enterprises, how can business leaders plan for the unforeseen?
Luckily, there are a series of steps business leaders can take to secure the future of their organization. In what follows, we’ll guide you through the first step in this process, namely, conducting a threat assessment.
What is the purpose of threat assessments?
According to Kim Meador, Executive Vice President and COO at Chesley Brown International, a threat assessment is a formal evaluation conducted “to determine what risks and threats (internal or external) are likely and foreseeable and what the responsible actions are that a business can and should take to mitigate those risks.”
Thus, a threat assessment, when done correctly, determines the most probable threats to a business. But how do executives identify the most pressing threats to their organization?
Let’s find out.
Consider the structure of your business
Is your business primarily web-based or situated in brick and mortar properties?
Consider your business structure when evaluating risks–certain classes of threats are more likely to impact operations. When developing a threat assessment optimize time, energy, and money allocation by identifying the most serious threats.
This is an important consideration your business must address. As alluded to previously, cyber crimes are a monumental problem for businesses of all stripes. Yet, as a web-based startup, the entirety of your business infrastructure resides in the digital domain, and can be severely compromised following a cyber attack. Threats in the cyber domain include software update attacks, phishing attacks and ransomware attacks. Additionally, sensitive customer information is vulnerable to theft.
Many brick and mortar companies rely on web-based platforms for their day-to-day operations. But they must also consider the possibility of physical threats. Such threats include property destruction, physical harm to customers and employees, and theft.
It makes sense then that a web-based B2B marketing startup allocates a substantial portion of their time and resources to preventing a cyber attack. They may hire a dedicated professional, for example. This person monitors threats in real-time and optimizes the company’s digital footprint to protect against cyber crime.
An appliance store with multiple locations faces other threats. These threats include property damage and theft. Thus, the owner will need to balance a focus on protecting his employees, customers and property with protecting his or her digital assets—employing both security professionals on the ground and a team to manage web-based systems.
Once you’ve identified the class of threats most likely to impact your business, it’s time to get specific.
Specify: Develop a list of possible threat scenarios
You’ve identified the class of threats most likely to disrupt your organization, now what? It’s time to develop a list of specific situations that could disrupt operations.
- Consider the statistics – What is the likelihood of a given threat based on the data? Look at the crime statistics for the area where your organization is situated. Based on these data, does it make sense to anticipate physical threats? If so, what are the most common threats?
- Learn from business peers – Human beings are social creatures and when it comes to planning for threats, we should leverage our sociability. Reach out to peer executives to learn from their experiences. What threats have other companies addressed? What did they do right? What would they have done differently?
- Identify the largest threats – Not all threats are created equal, and it’s important to weigh risks and allocate resources to the threats with the most potential to disrupt operations. First, whittle down your list of threats to those that will have a tangible impact on your organization. Rank those items and determine where you should allocate the most time and resources.
Once you’ve identified a list of possible threats, it’s time to consider the most viable strategies to put in place.
Be creative and practical about threat management
What are some proactive and inexpensive ways you can prevent damage to your business based on your list of possible threats? Identify the aspects of your business that are most vital to its success and consider how you can bolster them against threats.
For instance, imagine that you own a digital marketing firm with a reputation built on customer trust. Consulting with a business associate, you learn that a public relations blunder cost her thousands of dollars. After doing some research, you discover that PR crises are common for online companies. Based on this information you develop a new strategy focusing on employee communication. The strategy describes best practices for employee communication–focusing on public and private exchanges..
Anticipating threats to your company is a vital first step in ensuring a prosperous future for your company. Part of a broader strategy for protecting your company, threat assessments help your company plan for the unforeseen.
After all, “if 2020 has taught us anything, it is that times can and do change. As a business owner, we have to prepare for everything that can disrupt our business. We have to have a plan. We have to review that plan. Test that plan. Adjust that plan. And then repeat” – Chesley Brown Vice President and COO, Kim Meador.
We understand that planning for the unforeseen can be an overwhelming process. That’s why we’ve built a framework that enables businesses to anticipate and navigate risk before it becomes a crisis. We are here to manage risk so you don’t have to.
For industry-leading guides and analysis sign up for our blog below.
Fighting Terrorism with Strong Private Sector Relationships
Fighting Terrorism with Strong Private Sector Relationships From Chesley Brown International Risk Management “Threat mitigation is a team effort; it’s this relationship and collaboration which is critical to the counterterrorism fight.” We face the same…Read More
Facial Recognition: the First Catch
Facial Recognition Makes its Grand Entry The new technology, deployed in airports across the country, makes its first catch. From Chesley Brown International Risk Management On its third day of testing, facial recognition technology caught…Read More
Are Employees an Unintentional Security Risk for Cyber Attacks?
Are Your Employees an Unintentional Security Risk for Cyber Attacks? In these times when malware is prevalent and easily disguised as email attachments or seemingly innocent software updates, one of the questions that arises is:…Read More
DHS and Canada Team up for First Responders
DHS and Canada Team Up to Develop Resources for First Responders From Chesley Brown International Risk Management Artificial Intelligence Meets Boots on the Ground to Improve Patient Outcomes The United States and Canada have joined…Read More
Supreme Court Decision Regarding the Privacy of Digital Data
Supreme Court Decision Personal Rights and the Expectation of Privacy in the Digital Age From Chesley Brown International Risk Management In Major Privacy Case, Court Rules Law Enforcement Must Obtain Warrant To Track Cellphone Data.…Read More