Business these days is scary. Risks exist everywhere from hackers to weather to employee mistakes, and companies need to have a top to bottom strategic approach to risk management if they are to mitigate and/or avoid these risks all together. This approach must involve EVERYONE in the organization, and we mean EVERYONE. Awareness training for a hacker attack, disaster recovery plans, and comprehensive risk assessments are just a few of the must haves.
Your strategic risk management plan must be fluid, be available to everyone in the organization, have clearly identified roles, and have plans to act appropriately depending upon the threat. Remember, every action as a reaction. You must continually look for risks across your organization and assess the threat and the resulting action should it happen.
Being fluid means change happens continually. Assess, Classify, Plan and Act.
- Assess the risk and understand their implications should they occur.
- Classify the risk, is it minor or major, remember that not all risks are created equal
- Have a plan of action should it occur
- Act in accordance with your plans
Not having a risk register to record all of these essential components of risk management can result in total devastation if the risk is large enough. Hackers for instance, can be a company’s demise, damaging customer trust and resulting in huge losses in revenue. We hear about the big ones on the news, but reality is that ransomware and malware are fast becoming a company’s worst nightmare.