As a business owner, are you managing risk or throwing caution to the wind? In today’s economy business is tough. Belts are being tightened, departments and entire organizations are being downsized, people are being laid off, sales and marketing projects are being put on hold. These actions are being taken to protect the company and stretch revenue. In many cases a significant negative event to the company could have catastrophic consequences. An event like getting hacked and then sued for loss of customer information, proprietary information, or even employee personal information, that could have easily been minimized through risk management. Follow these simple steps to minimize your risk and put your company in a better position to survive the unforeseen!
1. Do a risk assessment: take a look at what information your company collects, processes, and stores, and write it down. This may be information obtained from customers, third parties, or employees. Also, who are you connected to? Who do you rely on for support: webpage, accounting/bookkeeping, Internet and computer service, cleaning crew, etc, and what is their plan to protect your data? Write down who has access to the data you identify as sensitive, the stuff you would not want posted on the Internet. If a third-party vendor cannot or will not show you their security plan for protecting your data, find one who will!
2. Put a plan in place: Now write it all down. Develop a plan or policy that outlines what is considered sensitive data, how it is collected, processed, stored, who has access to it, why, and how it is kept secure, whether by you or a third-party. The plan should include incident response, how you will react and what you will do if this data is lost or stolen.
3. Manage Risk: even if you have to proceed with baby steps, manage identified risk. Train employees to correct or avoid identified risks: don’t leave sensitive info unsecured where cleaning crews or prying eyes have access to it when no one is around; use good passwords; understand cyber and physical risks, threats, how to avoid them, and much more. Put the policies in place that will protect you and your business.
Just thinking about and putting some of these things on paper will provide you a better understanding of your company’s data, how it is processed, the current and potential risks, and how to manage them, which will lower your liability in the event of a catastrophic incident like getting hacked, natural disaster, or the disgruntled employee. A well drafted policy/plan either created or reviewed by an attorney who knows what he is doing can significantly minimize your risk and liability and provide tremendous peace of mind along with enormous customer confidence. Simply identifying and managing risk could result in the elimination of significant waste in the company potentially easing current the economic impacts businesses face today.