Business Risk Analysis
Everyone understands risk! You know you must protect your house to make it safe. You face risk every time you leave your safe house and get in your car. You cross the street and risk getting hit by a car where someone is texting and not paying attention. Every day, you hear about new computer hacks and threats to our computer security. You know that you should protect your computers and phones every time you want to use them. Where do you start?
Before you start worrying about protection, make sure you know exactly what you need to protect. This means that you have to do an inventory of your assets. When you want to buy insurance for your home, you need to do an inventory of your house and its contents. When you buy insurance for your car, you assess the value of the car. It’s basically the same for a cyber risk inventory.
You should do this for your home computers, devices and phones. If you are in business, you should definitely do this for all equipment used in your business, including any BYOD (bring your own devices) used by you or your employees.
If you know how to use Excel or another spreadsheet program, it’s easy. Just set up a grid with the information below in each cell at the top:
Equipment – This would be the PCs, Laptops, Tablets, Mobile Phones you use.
Model/Brand
Serial Number
Location
IP Address – From Google, type “What is my IP”
Purpose
Responsible Person
User1 – may be the same as the Responsible Person above
User2….If you have more than one user, just create another column
Software – You may need several columns depending on how much software you use
Function
Businesses Add these columns:
Social Security Numbers from Clients
Credit Card Numbers
Personal Financial Data
Personal Health Data
Other Private Information – this includes addresses, date of birth, race, ethnicity, and any other private information about a customer. This would also apply to information collected about employees for payroll and tax purposes.
Criticality – Criticality applies to both Personal and Business equipment
Once you have this information, you will need to decide how essential this is to your own life or to your business. Until you know exactly what you have, you can’t know what to protect.
Now, you have a computer that you use to prospect for clients, to record appointments and business you’ve done with them.
That’s critical, Right?
If you only use you phone to make calls, it may or may not be critical. However, if you use it for banking or for purchases, it becomes more essential and riskier.
Remember, critical doesn’t necessarily mean risky. It may just be necessary to your life or business. It does mean that you need to protect it.
In the next article, I’ll talk about what your next steps should be. Stay tuned.