Identify & Manage Technology Risks In Your Organization

Is your overall business risk mitigation strategy and crisis management policy to ensure continuity and capability evaluated, in case the event of something (else!) unexpected occurs?

With the recent SolarWinds attack, the impacts of cybersecurity and breaches are back in the news. As a business owner or leader what should you take away from the hype beyond the obvious technical aspects of securing your technology environment?  
You have likely got an internal IT staff or external partner like NetStandard who is tasked with securing your corporate data and technology assets, so your focus as a business leader should be broad. Between a national pandemic, a shifting economy, and an increase of cybersecurity threats, it is critical to evaluate your overall business risk mitigation strategy and crisis management policies to ensure continuity and capability in the event of something (else!) unexpected. Executives today must consider the myriad of risk sources to your business operations and engage company leadership in creating mitigation plans.
As a Chief Information Officer, I have routinely been engaged with other organizational leaders in business risk analysis due to the impact of a breach on the bottom line.
As organizations evaluate their risk and preparedness, they must consider the following:
• Economic and reputational impact of cyber breach• Data loss and how access to corporate data impacts daily operations• Your compliance standards or certifying organizations
 IT can offer a wide variety of technical solutions to prevent external threats, but only the business itself can determine how mitigation offsets the potential financial risk. No security plan is absolute, and some amount of residual risk will always exist, whether due to malicious actors, acts of God, or human error. Holistic planning prior to realizing our worst nightmares allows cool heads to prevail over hasty decision making or limited options.
As we recently learned with the SolarWinds incident, ignorance is not a defense and will not protect your environment. If your answer is “well, the IT guys do that” then you may benefit from engaging someone to help facilitate a business impact analysis for your company. You most certainly would not ignore the production of your product and simply say, I have no idea how much we built and sold because the operations guys do that. Given the rapidly changing cyber-threats to your technology, leaders will have to add understanding their cyber environment to the list of subjects they learn in business school. 
I recommend having a conversation with your IT leaders, service providers and/or vendors about cybersecurity. I would then meet with all your company senior leaders and talk about impacts a cybersecurity incident might have on operations, sales, and the organizations reputation. 
Start by asking your leaders questions about the type of data they depend on for daily operations—where it is kept, how is it accessed, how would you operate should it suddenly be unavailable? It is the first step towards building shared understanding and collectively making smart decisions to keep your organization as safe as possible in a rapidly changing environment.      
If you need help working through your business continuity strategies, NetStandard can help. With expertise in data protection, security, compliance, business strategy and engineering, NetStandard is uniquely positioned to facilitate a good conversation around cybersecurity and assist with a cost/benefit analysis of the next steps to protecting your business.