Educated decisions can make the difference between a successful business venture and a successfully failed business venture. Unfortunately, these same decisions can affect the lives and wellbeing of those that work for an organization, their customers or those just passing by; to the extreme of mortality.
No one person or individual has the complete compendium of knowledge and experience needed to operate a completely effective and profitable business. Small, medium and large business leaders, occasionally reach outside of their own brick and mortar to utilize the services of other professionals such as lawyers, business coaches and accountants. Professional marketers, IT services, human resources and insurance companies may also be called upon from time to time to render assistance and advice.
Rarely does the small to medium size business seek outside professional advice in this realm; security and risk management. Small and medium businesses are truly the backbone of any developed country’s economy. Just as important as copyright protection, server uptime and liability insurance may be many small and medium size business leaders rarely ask for assistance. If anything is in place it’s a reactionary response to something they’ve heard or read about, barely if any has research been done to ensure what they’re doing would even be considered best practice and whether or not it’s actually addressing a real of contrived problem. The end result is a broken approach to a perceived problem that may actually increase the risk to that perceived problem or in fact to another unforeseen one. Patchwork approaches to any problem in business doesn’t work in security and risk management and it most certainly doesn’t work in other areas of business so why should this be any different.
Cognising Risk
The risk assessment, the business impact analysis and, the vulnerability assessment; business leaders must first be cognisant of the real threats to their business. Very few business leaders have the skill set, training and experience to properly conduct a comprehensive and meaningful risk analysis of their business.
The business leader is apprised of a legal issue and subsequently relies on the skill and experience of a lawyer to resolve it. Security and risk issues require the skill set of an experienced professional.
All too often does the business leader seek and receive security and risk advice from a sales agent rather than a security and risk professional advisor. As many sales agents know their product with great expertise and its immediate application they are not security and risk management experts. The focus of a sales agent is more times than not limited to the problem their product is geared towards and doesn’t address any ancillary threats or risks. Unfortunately this is not a holistic approach and will invariably result in misdirected efforts to resolve a current security threat or risk.
Employing A Program
The first step is knowing what your business assets are; your inventory, the equipment, cash, reputation and of course your people. Protecting your people whether they’re your staff or your customers is sometimes overlooked, rare but it does happen.
Public reputation is an asset. A positive, communicative