Contrary to popular belief, Cybersecurity isn’t locking down all the files as tight as possible. So how does a firm’s risk tolerance affect its Cybersecurity plan?
When Cybersecurity professionals get to work, they talk about a whole lot more than passwords and antivirus. Before they can devise a plan, they need to understand the firm’s view of risk.
As we mentioned a few weeks ago, every worthwhile activity contains risk. Each firm’s acceptance of risk varies.
A cutting-edge firm may depend on plunging forward, the race to be first. A firm holding the public trust may need to be a lot more careful.
Some firms deal with confidential information – others, not so much. Exposing your customers’ social security numbers or credit card numbers is a big deal. The list of people who bought steel belted radials from you, less so. Although you may still run into breach notification laws.
As a business manager, you’ve probably never written any of this down, but it’s important to decide how much risk your business is willing to take. And of course, you should avoid risks that don’t promise returns.
Once you understand your firm’s tolerance for risk, you can start to develop a cybersecurity plan.
Tomorrow, we’ll revisit the formal approach to risk planning.
I’m Carter Edmonds with 20CREEK. We help you build IT you’ll brag about.
Episode #51 – 2/19/2019