Many small to medium sized business (and even large enterprise businesses) have limited budgets, let alone spending a lot on risk and security.
Before you do go and spend a lot of capital on risk and security mitigation measures (aka security cameras, access control, bars and locks, lighting, training, fencing, etc.), you need to know what you’re buying for.
That is, you need to know what risks you are addressing.
Having a Risk Assessment completed on your business narrows the focus of your spending and aligns your purchasing with the specific types of risk and security mitigation measures you need.
To get a little technical…Risk assessment is the overall process of risk identification, risk analysis and risk evaluation. It involves the process of identifying internal and external threats and vulnerabilities, identifying the probability and impact of an event arising from such threats or vulnerabilities, defining critical functions necessary to continue the organization’s operations, defining the controls in place necessary to reduce exposure and evaluating the cost of such controls.
That is a mouthful. Let us break this down a bit.
If you have a threat, but there is no vulnerability, then there is no risk.
If you have a vulnerability but no threat, no risk.
Perhaps something many can relate to, you went online and purchased some products, and they are set to be delivered to your home. And no, we are not going to discuss online security…a topic for another day perhaps.
The packages are delivered to your home. But because of your daily routine, errands, off to the office, or shop, you are not always home. The shiny object is the packages just delivered. The vulnerability or sometimes referred to as a gap, is you are not home, and the packages now sit on your front step unattended. The threat, someone will take those packages right from your front step.
So, going back to the assessment. The key is once you know what your largest threats are (and yes you need to be able to determine that), it is important that you take action (implement risk and security mitigation measures) to lower your vulnerability.
Why not eliminate the vulnerability?
Great question, thanks for asking.
Eliminating the vulnerability may not always be possible.
Some business sectors and industries simply have built-in threats. But, if we focus on lowering the vulnerability, we lower the risk of a loss.
The assessment is complete, and we have identified risks. The next important step is finding the risk and security measures that are going to be the most effective in mitigating the identified risk. These measures come in all different shapes and sizes, video surveillance, locks and safes, lighting, security focused training, etc.
Where in doubt, reach out to us or find your trusted Independent Risk and Security consultant.
Yes, we highlighted Independent. That is definitely a topic for another day.
It all starts with a conversation.
We can Help.
Plan the Work. Work the Plan.