How to Mitigate Your Business Security Risks
Set backs are all too common for the business owner and entrepreneur. Fortunately, we have the ability to learn from our mistakes and if we are smart enough we will put a better plan in action. Mitigating your business security risks is a necessary process and will involve some work.
Time and time again, I have seen companies expose themselves to the same risks but not MITIGATE those business security risks. They become victims to specific business crime, get a police report, talk about it and seldomly put the proper measures in place to either reduce or eliminate the risk. Mitigating risk and expecting the unexpected goes hand in hand. As a business owner, you should make it a priority to be able to identify risk, understand the impact, and put proper measures in place to mitigate those risk.
So let’s take a serious look at common problems of business security risk and explore solutions that are often overlooked.
Mitigating personnel risk begins with your hiring process but does not end there. Some of you reading this article may have your own HR department who run background checks for your company. However, for some smaller business owners you may have to run your own background checks by paying for a background check service.
Running a background check prior to hiring a candidate is vital. This information will help determine if the individual is a good fit for your company or it is time to say NEXT. Depending on which service you use to get the report will determine how much information you get.
You should have a system in place where you categorize your background checks for candidates: Not Eligible, Eligible for Hire, Pending Background Check.
Not Eligible-based on your policy, job requirements, law, and qualifications. Not everyone is a good fit for your company. Sometimes a background check may expose certain crimes that will make the candidate ineligible for hire. Your policy should be in writing to determine when you will not hire candidates. Take heed in your background checks.
Eligible for Hire-based on your policy, job requirements, law, and qualifications. The ideal candidate who has passed your background check and will make a good fit for your company should be Eligible for Hire.
Pending Background Check-based on your policy, job requirements, law, and qualifications. Depending on the information in the background check, the candidate can either be cleared for consideration or not cleared.
Your background checks should not stop at your pre-employment process. You should also conduct post-employment background checks. The status of your personnel can change at anytime which could possibly increase business security risk if not caught in a timely manner. Consult with your attorney or HR for Post-Employment background checks.
One Caveat to remember: Sometimes when crimes are committed by a candidate, that information may not always be readily available or in the criminal data base. Each law enforcement agency is responsible for uploading criminal charges into (NCIC) National Crime Information Center.
So if this activity is not conducted in a timely manner for whatever reason, you can only act on the information that you have at the time. This is why Post-Employment background checks are essential in mitigating the risk of personnel.
Breach of Data Risk
Breach of Data can be internal or external. Personnel are exposed to internal data and customer data. Every company have their perspective on what is safe and what exposure of data is risky. This is the time to identify your data risk and determine if you can control or limit the amount of information that is exposed.
Personnel who work with customers on a daily basis have the highest exposure to data thus having the highest risk. A high percentage of cases show that breach of data has occurred internally by personnel who have access to specific information. These associates who are willing to steal information are doing it for self gain and it may be indicative they are part of a larger group; often considered organized retail crime (ORC).
Breach of Data can also be taken by your system being hacked. Make sure your system has the necessary firewalls in place. Sometimes these players will call your office and phish for information by asking specific questions of your personnel. Discuss this risk with key personnel and train them on how to handle these issues before they arise. Don’t hesitate to purchase the necessary security software or call an IT professional for consultation.
At some point in time you will have to hire a contractor to conduct some type of service for your company. Whether they are installing an alarm system, cameras, IT service or the landscape company, procurement risk can be managed with the proper plan in place.
Procurement of services will vary from company to company. In this particular area, attempt to quantify the risk of the contractor by determining the amount of exposure to sensitive data or merchandise. If the contractor is an IT person, you should determine and know what amount of information they will have access to. Before work is started, have them sign your acknowledgement form that exposure to sensitive company data will be kept confidential. This acknowledgement form can easily be found on the internet and changed to your specifications.
To mitigate this type of risk you should have specific written policies in place and train only key personnel to interface with contractors.
Steps to Mitigating Business Security Risk
- Prevent Risk-the first step in mitigating risk is preventing the risk from occurring. Have a written policy on critical daily task such as cash handling policy, accepting debit/credit cards, etc. Educate and train personnel.
- Identify Risk–Identify those risk that will have a huge impact on your bottom line. Work on placing certain measures in place to identify risky behavior or activities within your company.
- Quantify Risk–Place a value on each risk. For example: 1 = low risk and 10 = high risk
- Monitor and Control Risk–After you have conducted your mitigating risk prevention strategies, identified and quantified risk, you can now start the process of monitoring and controlling risk.
As you gain experience and exposure to mitigating business security risk, write down what works and let this become part of your business best practices procedures.
Please leave a comment below!