Running a busy Los Angeles distribution company without knowing how well you would stand up to security threats is like driving fast in a car that left the factory untested. If a bump in the road sends a wheel flying off, be prepared for a rough landing.
A security threat assessment lets you know where the bumps are, what effect they will have, and better still how to start avoiding them.
Find Your Vulnerabilities
Are your shipping activities at risk because of a hacker commandeering your servers as part of a botnet? Or does a lax password policy mean a real danger of user identities being compromised and confidential company financial data being stolen?
The first thing a security threat assessment should do is to identify and catalog the holes or weaknesses in your security.
Remember too that security threats change frequently. This comes with today’s business territory. With more and more business being software-driven and because information technology is constantly morphing and progressing, new security threats are created daily.
The older ones are then often forgotten. Yet many of them such as social engineering remain as dangerous as ever. In short, regular, timely assessments of security threats can spot the new ones and remind about the current ones.
Adware that gets into your PC may be a pain, but it is not necessarily a disaster. On the other hand, hackers that penetrate your corporate data system and exfiltrate your entire customer database complete with payment details represent a major catastrophe.
A threat assessment of your security arrangements must let you understand the impact in each case.
- Financial Loss. How much would you need to pay out or what financial damage would you sustain if the threat materialized? In a recent high-profile case, health insurer Anthem Inc. was insured for $100 million, but was likely to have to spend $1 billion or more after 80 million health records were stolen from its systems.
- Reputation. If you lose your own data, you could be considered careless. If you lose your reseller and customer data, reputational damage could put you out of business.
- Compliance. Depending on what sector you operate in, there may be regulations to be observed. An after-an-attack assessment that showed non-compliance will make total damage that much worse.
- Availability. Hackers can wreck your systems as well as steal your data. No systems rapidly mean no business, no cash flow, and no future.
What to Fix First
When you know what your risks are and the business impact of each risk, it will be simple to draw up a list of priorities. You can refine the list by also assessing the probability of each risk occurring and multiplying each probability by its respective impact.
Your security threat assessment will lead you to the action plan that is right for your business. This is an important point, because different organizations have varying security needs.
There is no one-size-fits-all approach to security. In other words, trying to apply another distribution company’s security measures to your own is liable to leave you with gaps.
Are the security threats that bad? The answer will depend on your particular distribution company. However, an anti-virus software vendor ran a survey based on 130 security threat assessments on a range of organizations with an average of 7- 8,000 employees.
The survey found that 42% of the enterprises had at least one network worm, 56% had malware that stole information, and 100% had active malware infections of one kind or another.
Do your own vendors and suppliers volunteer information about their security threat assessments? Tell us how you make sure that your business partners are taking proper care of their data with a line or two in the Comments box below.
And to follow up on the tips in this article, download your free guide, How COOs at Los Angeles Distributors and Manufacturers Get More Done: A Guide to Productivity, Data, Staffing, Delegation, and Making It Home for Dinner Most Nights.