IT support and risk management
Once you bring your business, including its employees and customers, to the digital world, there will be persistent risks to manage, such as ensuring IT and data security. Not all business will be able to set up dedicated IT teams and functions. However, there are aspects that business owners need to consider when working online. Technology brings exciting opportunities for transformation and growth but adopting new technology also introduces risk.
The digital risks your business may be exposed to include:
• Operational risks
As your business becomes increasingly reliant on digital technology to function, failures of technology, which can include anything from software bugs to hardware failure, can leave your business unable to function. Are you well equipped to continue doing business if one or more of your critical systems fails – do you have manual backup systems in place?
• Lack of internal skill sets
Your business will increasingly depend upon complex software to function. This includes not only your internal systems but the external web site sites and services that customers use to interact with you. Do you have the internal skills to regularly update these facilities to adapt to your needs, and fix them if anything goes wrong?
• Vulnerable systems
Hackers and cyber criminals are increasingly targeting businesses in all manner of ways. They may want to steal your business or customer data, or they may want to disable your business operations by encrypting your data illicitly demand you pay them for the encryption key. Activities like these are possible because criminals can exploit vulnerabilities in your systems. Are your systems adequately protected with the latest antivirus software, firewalls and other threat monitoring systems, and do you have the skills to respond to a cyber attack if one occurs?
• Vulnerable people
Your employees may be increasingly working from home. They need access to systems from wherever they are. However, this provides a route for attackers to gain access to your business through social engineering. They can send malicious emails, asking for information or passwords, or with malware attached, or they can even contact your employees personally pretending to be from IT support. This gives them the credentials they need to digitally impersonate your employees and gain access to your business. Are your employees trained to avoid social engineering threats, and do you have a response system in place for if an employee believes they have been the victim of such a scheme?
In addition to this, your operations, customer relationship management, and sales and marketing will all be affected by.
Before entering the digital world, business owners should be prepared to deal with the risks associated with digital technology and think through all security aspects to ensure they identify and acquire the required skills and technologies. Anticipating and addressing risks in advance will avoid problems later.
Three simple yet effective steps towards managing digital risks are:
— Develop an agile risk framework with the consumer at the centre.
— Establish effective control and governance models.
— Be ready for constant change and adaption.
Developing an agile framework
With information and data secured across an array of tools and software, risks emerge from various sources, from cyber attacks to general vulnerability of systems and loss of data. There are also insider risks to watch out for, with different employees having access to different types of data. For example, sectors which typically employ seasonal workers may be faced the risk of them providing sensitive information to competitors next season.
When developing your surveillance framework, be aware of business areas that may be affected, such as:
• digitally sharing information with supply chains
• employees with access to sensitive data
• accessing third-party platforms and information stored in those systems
• systems that are not fully integrated and have manual interventions
• fallback systems that are in place in case your primary infrastructure fails.
This will complement your assessment of critical business processes and individuals.
Establish effective controls
Establish effective controls over new working models, including work from home and hybrid physical and online practices. This involves:
• more effective email and web security
• dealing with backlogs (processes not being executed properly end-to-end or through all systems, such as orders online not being integrated into all business systems and so not being handled and delivered on time)
• authentication for processes and purchases
• checking cloud security configurations.
Essentially, the goal is to get the business into a stable position for the new operating model and ensuring it is well prepared to deal with crisis situations like the coronavirus pandemic.
Being ready to change and adapt continuously
Once you have established a framework and appropriate controls, your business and IT support must remain responsive to change and new risks, given the changing environment of the digital world. This means that once your governance and control systems identify risk, your business should be able to change its processes and way of doing things rapidly to avoid future risks.
Ultimately, your IT security will entail:
— ensuring that IT support for your business is stable and reliable
— having an adequate level of cyber security and being aware of possible threats.
Cyber security threats are a new business reality. As cyber threats grow in volume and complexity, the loss or theft of intellectual property, customer data and other sensitive information can put your entire business at risk.
The loss or theft of data may not only result in disruption of business operations, but can cause severe financial and reputational damage and affect product integrity, customer experience, investor confidence, regulatory compliance and more.
You can take following steps to build or improve your cyber security:
o Have control over the information that you are asking for and sharing.
o Devices and systems that you use in running your business need to be secure and reliable, with strong passwords.
o Regularly back up your business critical data and test your plans for restoring backups.
o If your business takes online payments, make sure they are completely secure and trustworthy as customers are typically very sensitive when it comes to their personal and private data.
o Ensure you install modern, comprehensive cyber security products which include antivirus solutions, firewalls and other threat monitoring and detection systems.
Train your employees about the technology solutions and options available, and most importantly, the risks.