Have you ever performed a risk assessment on your business? Taken a hard look at where trouble can come from and have the plan to stop it when it happens? Don’t even have a clue what a risk assessment is? No matter what group you fall into, you can learn from Aliki Liadis-Hall, the Director of Underwriting and Compliance at North.
Liadis-Hall explains that a new year is a good time for security and compliance professionals, or any other business owner to conduct a risk assessment to gather information, analyze data and create a plan to handle the new tasks at hand. If your company has never done a risk assessment or you need a refresher, Liadis-Hall offers these starting points:
Research. Extensive research into your environment, your vendors and other factors specific to your business are necessary to show where the gaps are in your policies and procedures. Not completing this task will cause an incomplete risk assessment and leave your business vulnerable to threats that were not captured.
Address the issues. Creating action plans will set a road map to help you address and correct any issues you may have found in your research. The action plan involves keeping record of everything and being precise with what you want to do before starting your project. Be realistic in your planning and set reasonable goals both short-term and long-term. If needed, change the dates you intend on reaching your goals as different aspects of your business change. Remember to keep at it and stay motivated. You will reach your goals eventually.
Test. Put your action plans into motion and see if they help fix the issue. If not, your action plans will need to be fine-tuned to show how you’re filling those gaps. It’s better to be too detailed than not detailed enough.
Communicate. You’ve done your research, fine-tuned your action plans to address any issues, and now it’s time to share your findings. You’ll want to let any stakeholders know of the changes and how they can affect daily operations.
Schedule. This is an ongoing process to keep on top of any seen or unseen risks to your business. That’s why you need to set a schedule for reassessments to stay ahead of potential risks.
Assessing, especially the first time, is not a perfect science. The goal is to build on the first experience and learn how to get better at assessing. You will make mistakes, but through reassessments, you should be able to clear them up before any true harm comes to your business.
“I like to keep track of what has worked and what hasn’t to avoid getting trapped by previous mistakes,” Liadis-Hall wrote in a recent article for SecureWorld. “Start small – but most importantly – START!”
Liadis-Hall was also the featured speaker at the SecureWorld's December 2015 web conference, "2015 First Half Breach Report: Data Protection Pitfalls to Avoid?", where she discussed several issues, including how to unshare your data in an online world. To view the web conference, click here and follow the prompts near the bottom of the page.