Issue link: http://read.uberflip.com/i/45522
can to mitigate risk. What happens if power, phone and transportation are out? Is internal fraud possible? How about a data breach? Do you have a good sense of what your vulnerabilities are? Even though unpredictability is one of the characteristics of events that might disrupt your business, and even though some of these cannot be prevented, there are things you can do to help decrease their likelihood. DEFINING RISK MITIGATION This is risk mitigation, and it is one of the most valuable tools in business continuity. Essentially, risk identifies a potential circumstance. If you can take action to mitigate the risk, you can keep it from occurring, or at least lessen its impact. Of course, it is usually much more effective to keep an incident from occurring than to deal with it once it becomes a reality. Mitigation includes all the activities you undertake to reduce your vulnerability, or the activities performed to minimize impact, loss or damage. Mitigation is ensuring that client files are secure and redundant. It's planning how you'll communicate if the phones go out. It's having a way to pay employees if the payroll system goes down for three days at a time when checks are due. It's investing in and implementing the best and latest cybersecurity measures for your data and network systems. DETERMINE RISK You're probably wondering how you can plan for the possibility of unknown disruptions that could occur sometime in the future. It's actually not very difficult. You start by identifying all of your possible vulnerabilities, then gather all the information you possibly can from whatever sources are available to you — everyone in the firm from the senior partner to the cleaning crew. Assemble a group of these individuals who are aware of and can help identify issues or activities that make you vulnerable to specific risks. This will enable you to identify potential threats and assess their individual risk. You might never have a data breach, but you can't count on that. What kind of safeguards do you have in place to protect the personnel and client information stored in your network? Does your IT group know what information to protect? Are there new technologies you can use to decrease the risk of data breaches? People in your organization are in the best position to determine your risk. Think of everything that can possibly go wrong, then ask yourself "What would I do if … ?" ESTABLISH PRIORITIES AND FOCUS It's true that nobody can possibly plan for every contingency; you have to concentrate on what is most likely to occur. It is important to know, therefore, the risk of each potential disruption and to decide on which disruptions you will concentrate your resources. This universally accepted risk evaluation equation will help with this effort: Risk = Probability x Consequence (aka Impact) Probability refers to the likelihood that something will happen, while consequence refers to its impact. For example, the probability of a meteorite hitting your building is quite small, while the consequences of such an event would be huge. The meteorite, www.iltanet.org Risky Business 69