Ignoring Risk won’t make it go away
Cyber crime is one of the most insidious threats facing businesses. As reported here, more than 50% of businesses have suffered cyber attacks–70% of them being small to medium-sized businesses with as many as 60% going out of business following such an attack. Yet, one study found that 70% of organizations were unprepared to address cyber crime.
Nevertheless, cyber crime is not the only threat facing businesses. For instance, as civil unrest has unfolded, small to medium-sized businesses across the country have faced the possibility of substantial property damage due to vandalism and arson.
Given the reality of threats to our nation’s enterprises, how can business leaders plan for the unforeseen?
Luckily, there are a series of steps business leaders can take to secure the future of their organization. In what follows, we’ll guide you through the first step in this process, namely, conducting a threat assessment.
What is the purpose of threat assessments?
According to Kim Meador, Executive Vice President and COO at Chesley Brown International, a threat assessment is a formal evaluation conducted “to determine what risks and threats (internal or external) are likely and foreseeable and what the responsible actions are that a business can and should take to mitigate those risks.”
Thus, a threat assessment, when done correctly, determines the most probable threats to a business. But how do executives identify the most pressing threats to their organization?
Let’s find out.
Consider the structure of your business
Is your business primarily web-based or situated in brick and mortar properties?
Consider your business structure when evaluating risks–certain classes of threats are more likely to impact operations. When developing a threat assessment optimize time, energy, and money allocation by identifying the most serious threats.
This is an important consideration your business must address. As alluded to previously, cyber crimes are a monumental problem for businesses of all stripes. Yet, as a web-based startup, the entirety of your business infrastructure resides in the digital domain, and can be severely compromised following a cyber attack. Threats in the cyber domain include software update attacks, phishing attacks and ransomware attacks. Additionally, sensitive customer information is vulnerable to theft.
Many brick and mortar companies rely on web-based platforms for their day-to-day operations. But they must also consider the possibility of physical threats. Such threats include property destruction, physical harm to customers and employees, and theft.
It makes sense then that a web-based B2B marketing startup allocates a substantial portion of their time and resources to preventing a cyber attack. They may hire a dedicated professional, for example. This person monitors threats in real-time and optimizes the company’s digital footprint to protect against cyber crime.
An appliance store with multiple locations faces other threats. These threats include property damage and theft. Thus, the owner will need to balance a focus on protecting his employees, customers and property with protecting his or her digital assets—employing both security professionals on the ground and a team to manage web-based systems.
Once you’ve identified the class of threats most likely to impact your business, it’s time to get specific.
Specify: Develop a list of possible threat scenarios
You’ve identified the class of threats most likely to disrupt your organization, now what? It’s time to develop a list of specific situations that could disrupt operations.
- Consider the statistics – What is the likelihood of a given threat based on the data? Look at the crime statistics for the area where your organization is situated. Based on these data, does it make sense to anticipate physical threats? If so, what are the most common threats?
- Learn from business peers – Human beings are social creatures and when it comes to planning for threats, we should leverage our sociability. Reach out to peer executives to learn from their experiences. What threats have other companies addressed? What did they do right? What would they have done differently?
- Identify the largest threats – Not all threats are created equal, and it’s important to weigh risks and allocate resources to the threats with the most potential to disrupt operations. First, whittle down your list of threats to those that will have a tangible impact on your organization. Rank those items and determine where you should allocate the most time and resources.
Once you’ve identified a list of possible threats, it’s time to consider the most viable strategies to put in place.
Be creative and practical about threat management
What are some proactive and inexpensive ways you can prevent damage to your business based on your list of possible threats? Identify the aspects of your business that are most vital to its success and consider how you can bolster them against threats.
For instance, imagine that you own a digital marketing firm with a reputation built on customer trust. Consulting with a business associate, you learn that a public relations blunder cost her thousands of dollars. After doing some research, you discover that PR crises are common for online companies. Based on this information you develop a new strategy focusing on employee communication. The strategy describes best practices for employee communication–focusing on public and private exchanges..
Anticipating threats to your company is a vital first step in ensuring a prosperous future for your company. Part of a broader strategy for protecting your company, threat assessments help your company plan for the unforeseen.
After all, “if 2020 has taught us anything, it is that times can and do change. As a business owner, we have to prepare for everything that can disrupt our business. We have to have a plan. We have to review that plan. Test that plan. Adjust that plan. And then repeat” – Chesley Brown Vice President and COO, Kim Meador.
We understand that planning for the unforeseen can be an overwhelming process. That’s why we’ve built a framework that enables businesses to anticipate and navigate risk before it becomes a crisis. We are here to manage risk so you don’t have to.
For industry-leading guides and analysis sign up for our blog below.
How to Respond to a Whistleblower’s Report
In theory, it should be a good thing when employees come forward with a whistleblower report. They’ve spotted a threat to your organization and are giving you the insight you need to address the problem…Read More
The First Steps for Conducting Internal Investigations
Written by: James Hart When the call finally came, Raquel Henderson lunged for the phone on her desk. Henderson was less than three months into her job as the HR director for a midsize family…Read More
Theft of Trade Secrets: How to Prevent the Loss of Key Intellectual Property
Written by: James Hart The names have been changed, but the following story is a compilation of real situations faced by real businesses. Doug Medford had never considered himself paranoid. But there were too many…Read More
How to Prepare for a Cyberwar
Written by: Dell Spry At Chesley Brown, nothing is more sacrosanct than the safety and security of our clients. It is our intention to keep you educated, updated, and informed as world events continue to…Read More
How the Events of September 11th Have Impacted National Security
How Has National Security Evolved Since September 11th, 2001? Written by: Dell Spry As I sit and write this paper, Afghanistan is collapsing. It is not my intention to point the finger at anyone and…Read More