It only takes a click… the small business risk checklist

Welcome to Day 2 of Business Self-Defense from Microsoft Canada! In this post, explore how small businesses can better assesses the risk(s) to them from criminal behaviour, include phishing and other cyber attacks. We discuss the scope of activities you need to consider and then provide a checklist you can follow.

What to protect

Let’s start at the beginning. Your business includes your people, your assets, your sales and profit, your data, and your brand. But here’s a big one that often gets overlooked: your level of compliance to regulations and laws. Once you have identified every aspect of the business you need to protect, do a risk assessment. Consider the challenges that might warrant taking a deeper look at the level of protection you need.

Common risks

When analyzing failed companies, we hear terms like theft, fraud, unsafe work conditions, harassment, toxic work environment, mismanagement, exceptions to standard operating practice—you name it. All these risks make small businesses vulnerable to disruption and failure, not to mention a rough place to work. So, the question is, how much do you want to invest to handle these risks?

Three options

If you consider that there are three options when it comes to how you treat risk, it can give you a better understanding of what you might want to do. You can 1) transfer risk (like buying insurance); 2) accept risk (like a skydiver who knows what happens if the chute doesn’t open); or 3) mitigate risk (putting in security and protection systems).

Assessing risk

Mitigating the risk is the most common for small business, but at times it seems like that alone can put you out of business because of the cost. Here’s the secret: the spend should be aligned to the value, and the risk. Just don’t underestimate and don’t go overboard.

Test your instincts

Now, what do you think might represent the biggest risk to Mom and Pop? The money in the register? Shoplifting? The ham and mayo sitting at ambient temperature all day? Or the POS system? The answer is—it depends. You need to assess the risk of each. For example, the owners may want to reconsider those sandwiches. Mayo left unconsumed for over four hours at ambient temperature can create a foodborne illness!

The real prize

What about that POS? Let’s say cybercriminals compromise Mom and Pop’s system and manage to clone 50 credit cards—each with a $5,000 limit each. Just like that, the business failed to prevent $250,000 worth of potential fraud. Even in a store with only $10,000 in inventory, criminals can steal $250,000. That’s the way they think!

Assess your risks

Work with your IT team or solution provider to conduct a risk assessment to your business. When you do your assessment make sure you consider the full scope of your operations. Try to develop a layered approach to your security—one that accounts for every layer—from physical security to your end users. You can build on our checklist with your own potential vulnerabilities to consider.

Risk checklist

• Physical Security (locks, security gates, guards, etc.)
• IT Security (data protection, application protection, privacy laws, compliance regulations, device protection, network protection, etc.)
• People (background checks, access control, etc.)
• Policies and Procedures (guidelines on how to protect the business while on the job)
• Business risk management session

Tip: Try holding a business risk management brainstorming session to call out the top risks and start designing your own new security strategy.

ModernBiz

See more articles from this author