Ignoring Risk won’t make it go away
Cyber crime is one of the most insidious threats facing businesses. As reported here, more than 50% of businesses have suffered cyber attacks–70% of them being small to medium-sized businesses with as many as 60% going out of business following such an attack. Yet, one study found that 70% of organizations were unprepared to address cyber crime.
Nevertheless, cyber crime is not the only threat facing businesses. For instance, as civil unrest has unfolded, small to medium-sized businesses across the country have faced the possibility of substantial property damage due to vandalism and arson.
Given the reality of threats to our nation’s enterprises, how can business leaders plan for the unforeseen?
Luckily, there are a series of steps business leaders can take to secure the future of their organization. In what follows, we’ll guide you through the first step in this process, namely, conducting a threat assessment.
What is the purpose of threat assessments?
According to Kim Meador, Executive Vice President and COO at Chesley Brown International, a threat assessment is a formal evaluation conducted “to determine what risks and threats (internal or external) are likely and foreseeable and what the responsible actions are that a business can and should take to mitigate those risks.”
Thus, a threat assessment, when done correctly, determines the most probable threats to a business. But how do executives identify the most pressing threats to their organization?
Let’s find out.
Consider the structure of your business
Is your business primarily web-based or situated in brick and mortar properties?
Consider your business structure when evaluating risks–certain classes of threats are more likely to impact operations. When developing a threat assessment optimize time, energy, and money allocation by identifying the most serious threats.
This is an important consideration your business must address. As alluded to previously, cyber crimes are a monumental problem for businesses of all stripes. Yet, as a web-based startup, the entirety of your business infrastructure resides in the digital domain, and can be severely compromised following a cyber attack. Threats in the cyber domain include software update attacks, phishing attacks and ransomware attacks. Additionally, sensitive customer information is vulnerable to theft.
Many brick and mortar companies rely on web-based platforms for their day-to-day operations. But they must also consider the possibility of physical threats. Such threats include property destruction, physical harm to customers and employees, and theft.
It makes sense then that a web-based B2B marketing startup allocates a substantial portion of their time and resources to preventing a cyber attack. They may hire a dedicated professional, for example. This person monitors threats in real-time and optimizes the company’s digital footprint to protect against cyber crime.
An appliance store with multiple locations faces other threats. These threats include property damage and theft. Thus, the owner will need to balance a focus on protecting his employees, customers and property with protecting his or her digital assets—employing both security professionals on the ground and a team to manage web-based systems.
Once you’ve identified the class of threats most likely to impact your business, it’s time to get specific.
Specify: Develop a list of possible threat scenarios
You’ve identified the class of threats most likely to disrupt your organization, now what? It’s time to develop a list of specific situations that could disrupt operations.
- Consider the statistics – What is the likelihood of a given threat based on the data? Look at the crime statistics for the area where your organization is situated. Based on these data, does it make sense to anticipate physical threats? If so, what are the most common threats?
- Learn from business peers – Human beings are social creatures and when it comes to planning for threats, we should leverage our sociability. Reach out to peer executives to learn from their experiences. What threats have other companies addressed? What did they do right? What would they have done differently?
- Identify the largest threats – Not all threats are created equal, and it’s important to weigh risks and allocate resources to the threats with the most potential to disrupt operations. First, whittle down your list of threats to those that will have a tangible impact on your organization. Rank those items and determine where you should allocate the most time and resources.
Once you’ve identified a list of possible threats, it’s time to consider the most viable strategies to put in place.
Be creative and practical about threat management
What are some proactive and inexpensive ways you can prevent damage to your business based on your list of possible threats? Identify the aspects of your business that are most vital to its success and consider how you can bolster them against threats.
For instance, imagine that you own a digital marketing firm with a reputation built on customer trust. Consulting with a business associate, you learn that a public relations blunder cost her thousands of dollars. After doing some research, you discover that PR crises are common for online companies. Based on this information you develop a new strategy focusing on employee communication. The strategy describes best practices for employee communication–focusing on public and private exchanges..
Conclusion
Anticipating threats to your company is a vital first step in ensuring a prosperous future for your company. Part of a broader strategy for protecting your company, threat assessments help your company plan for the unforeseen.
After all, “if 2020 has taught us anything, it is that times can and do change. As a business owner, we have to prepare for everything that can disrupt our business. We have to have a plan. We have to review that plan. Test that plan. Adjust that plan. And then repeat” – Chesley Brown Vice President and COO, Kim Meador.
We understand that planning for the unforeseen can be an overwhelming process. That’s why we’ve built a framework that enables businesses to anticipate and navigate risk before it becomes a crisis. We are here to manage risk so you don’t have to.
Sign up!
For industry-leading guides and analysis sign up for our blog below.
Latest News
How to Prepare for Economic Risk
Best Strategies for Building Resiliency How to position your business for uncertainty If there is one aspect of business that is certain, it’s uncertainty. It might also be the understatement of the year to say…
Read MorePodcast | Risk Takers Series #2 Terry Fisher — Electronic Countermeasures
Have you ever stopped to ask yourself what it is about your business that is truly valuable? When you really think about it, any business with a product or service has something a competitor or…
Read Morerisk-takers #2 Terry Fisher — Electronic Countermeasures
Have you ever stopped to ask yourself what it is about your business that is truly valuable? When you really think about it, any business with a product or service has something a competitor or adversary could use. And if you’re being honest, you probably haven’t fully considered all the ways they might get their hands on that information. You’ve spent years building your business, but all it takes is one bad day to compromise that dream. In this week’s episode Brent sits down with FBI Special Agent (Ret.) and engineer Terry Fisher to discuss corporate espionage, electronic countermeasures (sweeps), bugging, and the common methods bad actors have used throughout history to gain access to proprietary information.
Read MoreThe Risk Takers Podcast Series Launches Today!
Chesley Brown Launches the Risk Takers Podcast Series Security Risk Management experts Chesley Brown Companies today announced the launch of “The Risk Takers Podcast Series” — a highly bingeable podcast hosted by veteran risk management…
Read Morerisk-takers #1 The Aldrich Ames Espionage Case
Dell Spry, a former FBI investigator and counterespionage expert, sits down to discuss the biggest case of insider theft in U.S. History: The Aldrich Ames Case. Hear how he, along with the help of the CIA, and the fellow FBI agents used their cunning, hard work, and old fashioned investigative work to capture and convict most infamous CIA officer-turned traitor: Aldrich Hazan “Rick” Ames. Beginning in 1985 the CIA experienced the unparalleled loss of its of Soviet assets, which nearly destroyed the government’s ability to gather intelligence on the Soviet Union. In this interview Mr. Spry discusses his personal involvement in the case as the FBI’s lead investigator including many of the investigative methods they used. Hear never before details about the harrowing investigation to not only investigate and convict the highest ranking government official ever accused of spying, but to protect future Russian assets. In 1991, the quest led them to search for a Soviet spy in the CIA. They came to identify that spy as CIA Case Officer, Aldrich Hazan “Rick” Ames, a long-time CIA case officer and analyst. In February of 1994, Ames was arrested by the FBI and sentenced to life in prison.
Read More