“Hey, I’m going to use the machete to chop up the branches that fell in the storm,” says my 8-year-old son. 

Hmmm. Granted, it would be nice to have those branches cleaned up. But this is also the kid who just tore up the Monopoly board while simultaneously sword-fighting his brother and trying to buy Boardwalk. 

Immediately my mental Risk Management formula pops up.  Risk = Severity x Likelihood.  My mental 5×5 risk matrix pops up. 

As a business owner, you know that risk assessment constitutes a significant step as you look out and consider threats and opportunities for your business. Likely you have a solid grasp of what those risks actually are in decision-making areas where you are an expert – the services or products you provide, market trends, personnel decisions, etc.   

However, are you familiar enough with the risks related to IT infrastructure and cybersecurity? As we’ve written about in this blog and as is evident from any cursory search of “cybersecurity incidents,” a significant IT / cyber threat level exists for all businesses. 

Typically, a risk assessment consists of the following steps: 

1. Identify the risks 

  • This sounds easy, but without understanding the demands, context, and trends of IT, trying to identify these risks without expert help jeopardizes your business. It’s your classic Donald Rumsfeld: you may know some of the things you don’t know, but there are also unknown unknowns – things you don’t know that you don’t know. 

2. Assess / analyze the risks 

  • This is where the 5×5 matrix mentioned above comes in. You can chart how likely an event is and how severe its outcome, and this helps you prioritize decisions. But again, without expert help, this is difficult to do. How risky are the outdated computers in your office? How risky are your credential policies and procedures? Are you appropriately managing access to IT hardware and accounts? There are a myriad of questions like this which are top-of-mind to BIT Services as an expert managed service provider (MSP), but which may not even occur to the average user or business owner. 

3. Develop controls and implement controls 

  • These two stages are often broken down into different categories, but for our purposes, just consider that these are the tools, tactics, policies, and procedures which are implemented to mitigate risk. Again, expert help like BIT Services works daily in the flow of IT trends and can help you identify useful tactics and develop procedures appropriate to your threat environment. 

4. Measure and review 

  • Quarterly or annually, you and your team should be reviewing your IT plan, making sure that the controls implemented above are being followed and are working, as well as to project out to the future what necessary steps ought to be taken. BIT Services meets regularly with its clients in order to do just that – to help you plan and budget your IT and cyber needs. 

We’ve noticed two trends when we meet with new clients: first, business owners and decision-makers tend to think they are already covered from these risks. Second, we offer clients and potential clients our free PEN Test (a penetration test that evaluates a network’s security), and we have NEVER conducted that PEN Test without finding vulnerabilities. Every network has vulnerabilities – do you know what yours are? 

Our PEN Test is a robust, standards-based tool which covers over 60 categories. Out of this PEN Test and our assessment meetings with you, BIT Services will help you develop a targeted, robust IT and cyber approach for your business. We will help you develop Roadmaps to address short-term and long-term needs, threats, and weaknesses. We will help you maximize the efficiency of your physical network infrastructure. We will help you develop project plans and realistic budgets. We will help you develop best-practice policies, procedures, and practices that contribute to the security of your business. If you are a business with compliance demands, BIT Services can use our tools to help with this, as well.   

In short, IT and cyber risk assessments are necessary, daunting tasks for business owners, but BIT Services offers expertise and robust tools to aid you in making these risk management decisions.   

Oh, and if you are interested in how the machete + 8 year old boy situation turned out, it ended before it began. He immediately got attacked by vicious briars and abandoned his noble attempt to clear the yard of debris.