How to calculate the risks to your business

To begin understanding risk, you must:

  • Identify 'what and where' the weakspots are in your systems
  • Be Aware of 'who and what' is able to exploit those weaknesses
  • Comprehend consequences in terms of the state of your business and its reputation.

 It is critical to know who your enemy is. ‘Better the devil you know’ as they say. If you have never updated your security patches, you could be considered a threat to the future of your business as you are literally all your doors and windows open for the burgulars to take what the want!

Knowing who or what poses a threat to your data will allow you to make accurate judgements of your threat landscape. Most of us share the same threats from hackers, cyber criminals or whoever it is. However, some threats may be particular personal relevance to you or your business.

Security is not ‘one hat to fit every head’. There's no 'one size to fit all' solution. You should select security controls based on their ability to mitigate threats and vulnerabilities you perceive to exist. Ask yourself:

If a threat to your business were realized, what capabilities would you need for an optimal response?

Knowing how to answer this question will help you find the right solution.

Imagine you are seeking to preserve your identity from an 'iron-handed' authority. The risk of you being identified is high so you choose an anonymising service as a security measure to mitigate the risk. If your identity were to become known, this is the outcome of a risk being realised.

Implementing security controls is critical in protecting assets. It is imperitive to ensure privacy & anonymity. Or pseudonymity for that matter. That is, of course, if you require it.

It is uqually important to understand that security doesn't end at the technology you choose ti implement. Yes - technology provides Security. However, Security is also about behaviour of both you and the people in your business ain relation to the systems and processes you have in place.

The actions of you and those in your business may well be the most important element of your security controls. People are imperfect by default therefore humans pose the biggest vulnerability.

Thoughtful, educated actions will protect your assets and how well you mitigate risk and the threats posed against you will determine how vulnerable your business actually is.

Technology will not realise a risk unless people permit it to do so. Some argue that ultimately, when something does go wrong, it is usually down to human error and it is somebody's fault.

Protecting your assets, privacy and anonymity is the result of continual proactive monitoring into the health and performance of your systems. Such security processes are highly complex and  they are mission critical. They can only be carried out by 'tech-wise' engineers; specialists with the right tools and the skillset to deliver the level of infrastructure security you expect.

Click here for a deeper assessment of how vulnerabilities in your systems can be exploited and learn what security controls you can implement to effectively mitigate the risk.

Huw Tremlett

Data Management Consultant

Huw Tremlett