Every day or two, we hear about another cybersecurity attack in the news. High-profile companies with millions of customer’s personal information has potentially been compromised. The numbers are so big that most people cannot comprehend the impact. The business impact of a breach can be huge in terms of lost customers, lost revenue, and taking a major brand hit.
We are told that known vulnerabilities are being exploited. In most instances, high-profile companies have defined policies, procedures, and standards in place that should have either prevented or at least mitigated the risk of the attack. Where does that leave mid-sized businesses that don’t have the resources of larger companies?
The key for Small and Mid-Sized Enterprises (SME’s) is to first identify where the risk areas are and then determine what the right plan of action is to address them. Perform an assessment and develop a risk register. The register is a living tool that enables you to rank each finding to segregate the risk. This enables an organization to analyze both the business risk and cost to determine the appropriate actions to be taken to mitigate risk.
Any action that needs to be taken falls into the three buckets that we are all very familiar with – People, Process and Technology. We will focus on those activities in a later blog. The key is understanding what the risk is, quantifying the business impact of the risk, and the cost of addressing the risk. Once these are understood, the next steps will be clear.