TECHNOLOGY
FIVE STEPS TO ASSESS PHYSICAL RISK TO YOUR BUSINESS
By : Olga Detrixhe
Let ’ s talk security . It ’ s everywhere , whether your business has five or 500 employees : encryption for your emails , surveillance cameras , or all the cloud services requiring multi-factor authentication . IT departments can ’ t get around it anymore , but it ’ s still a challenging and complex conversation , especially when budget time comes .
People usually make buying decisions for two reasons : it will either bring a great benefit or relieve great pain . In the consumer world , it ’ s pretty simple — yes , that new leather jacket will make you look like a Rockstar and 15 years younger ! In the business world , we call it return on investment : Whatever you ’ re purchasing will help you make more or save more money , either by making your team more efficient , more flexible , or your delivery system faster .
Security is a more challenging buy because it usually doesn ’ t do either . Surveillance cameras or electronic access control can foster efficiencies . For example , you don ’ t have to switch locks and make new keys every time an employee leaves . But let ’ s face it , having to connect to your VPN each time , re-key your password again and again , and then re-authenticate via your phone is not exactly a time-saver .
Security falls into the only other category we usually spend money on without making us more profitable : Mitigating risk .
This seems theoretical that something may or may not happen in the future , so it ’ s easy to ignore or put on the backburner . Unfortunately , the consequences can be severe , so assessing and mitigating risk to some degree is paramount for any long-term organization . And the larger or more regulated the organization , the more processes and resources are delegated to implementing security measures .
However , what gets really tough is when an organization is not quite at that stage but still must take the risk conversation seriously . Maybe , some of it lies with accounting , IT for cybersecurity , or maintenance when it comes to your premises . Each of these areas has a framework specific to its domain , and it is certainly advisable to partner with experts in the field to navigate it . Nex-Tech , for example , consults on the NIST framework and can take a deep dive into controls such as alarms , cameras , and access .
To get the conversation started , here are five simple steps to consider when evaluating risk .
1 . Define your threats , assets , and vulnerabilities . Look at where they overlap . That is where your risk is . If one of your assets is a warehouse , high employee turnover could be a potential threat if you use a traditional key lock system . Ask yourself , “ How would a threat actor most likely get in ?” You ’ ve just identified a vulnerability by defining that , and it ’ s a pretty obvious area of risk .
Once you ’ ve listed areas of risk , determine the likelihood of those scenarios happening . If you ’ re thinking about cybersecurity threats , there are many different stats out there , a common one being that about 70 % of SMBs have been subject to a successful cyberattack . You can also go off your own experience . Have you had any intrusion
45