Email and Web Security: Everything you need to know

How to assess your risks

"The first step is not about technology – it is about asking some simple business questions."

Security starts with putting a business value on different kinds of risks so that you can allocate resources to reducing them. It makes sense to prioritise: you don’t have an infinite IT budget, and some risks are more threatening than others. Therefore, the first step is not about technology – it is about asking some simple business questions.

What are you trying to protect? Typical issues include legal requirements, such as the Data Protection Act, and professional obligations such as client confidentiality. Then there are straightforward business issues. Nobody wants to publicise sensitive information like plans, lists of potential customers and so on. You may have mission-critical systems such as your email, ecommerce site and accounting records. Don’t forget intangibles such as management time, IT resources, your company’s reputation and morale.

What are the risks? There are external risks, such as viruses and hackers. There are legal threats, such as the risk of employee misbehaviour landing you in an Employment Tribunal.

Who is responsible for IT security? It is not enough to delegate the question to your IT department or supplier. You need to see IT security as a business-wide issue and address it at a board level. If you know what you want to protect and what the risks are, setting priorities, delegating responsibility and allocating budgets all fall in line with what is important to the business. Which manager is going to take the lead? Who is responsible for creating and implementing a plan? What budgets are available and appropriate? For example, compare your IT security budget with your insurance costs.

Where’s the plan? Even if it is a couple of pages, an IT security plan is the first step to protecting your business. It’s better to have a good plan now – and carry it out – than a perfect plan next year. Do you have the right software and technology? Do you have appropriate staff policies and training? What is the budget and timetable?

1 2 3 4 5 6 7

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>