Partner Article

Risk Management

When did you last consider the risks your business may have to confront.

Risk management protects your business by identifying risks that can affect the operation of your business, its ability to trade, its profitability and its reputation.

Risks can be both internal as well as external. Here are some examples of problem areas:

Data loss Company structure Poor management information

Loss Dishonesty Staff integrity Staff performance

Supply chain disruption Company culture Brand integrity

Poor customer payment Competitor activity IT security

Stock resale on grey market Adverse social media publicity

Resilience/ disaster management Fraud Board composition

Depending upon the nature of your business, certain problem areas will be of more importance to you than others, however all are of potential relevance.

I want to highlight one area in particular, which impacts upon all business.

I cannot think of any business that functions without IT as part of its daily operation. Whether it is for communication with clients, customers and suppliers, important data storage issues, storage of projects and work, marketing campaigns, selling and service delivery or developing your company profile on social media.

What would happen to your business if:

• the computers stopped working,
• the hard drives stops responding,
• data has been removed,
• data is not backed up,
• you are unable to open your customer spreadsheets,
• vital research or project work has been lost,
• you cannot communicate with other offices, departments or clients,
• what if your business sells its products via the internet, and your site refuses to cooperate with you.

These comon issues disrupt business operations on a daily basis, costing time and money to resolve. This is time and money you cannot recover.

These IT risks will happen at some stage; how many people have experienced simple issues such as not backing up their data, then the computer has a hickup, and looses your last two hours work. I am sure we have all felt the frustrations associated with it. When we reflect upon some of the other potential IT failure scenarios, it is apparent that the ability to operate and trade could be completely lost for several days, with obvious consequences.

Here are three examples of where risk became reality:

A national company which supports the airline industry suffered an IT failure, severely effecting their operation across the company. This resulted in them being unable to provide their contracted services to their clients. For every minute they were unable to operate, they were fined thousands of pounds by their clients. As the result of this experience, the company reviewed their IT resilience, and upon recommendation adopted a rapid recovery system, remotely operated and stored, together with the hosting of a duplicate operating system.

An entertainment company had an antiquated IT system which they used to take bookings and credit card details via their website and over the telephone. Some of the credit card details were incorrectly stored by the outdated and ineffective system. This resulted in the loss of 50 complete credit card details to a hacker. This also identified poor firewall security. The company were fined for each piece of data loss, plus they had to spend £25,000 on a new IT system and security. In order to demonstrate compliance, and for insurance purposes, they must undergo 6 monthly audits, and security testing, which is estimated to cost in the region of £50,000.

A company provided their staff with mobile phones so that they could access their emails whilst away from the office. The servers however were incorrectly setup. This led to poor firewall security relating to inbound emails from the mobile phones. This led to a virus entering the server via a phone. This virus then emailed all the company’s clients with pornographic images and with another hidden virus, which attempted to steal their data.

Consider having your IT system tested to ensure:

• your sensitive data is secure,
• your system is current and effective,
• your website is resistant to interfierence and breakdown,
• your system has effective firewall security
• your system has offsite, remote storage and backup.

If you would like any further information, please telephone:

0191 3890155 or 07772 514 273

or e mail your enquiry to: info@portcullisconsultancy.co.uk

http://www.portcullisconsultancy.co.uk

twitter @PortcullisT

This was posted in Bdaily's Members' News section by Portcullis Consultancy .