In a competitive business environment, every organisation operates in a climate of risk. It is never possible to remove all risk from a business, but it is important to assess and reduce risk to an acceptable level where possible.
In relation to IT, assessing and minimising risk has become increasingly important, particularly for businesses that rely heavily on technology. Therefore, it’s vital that business owners understand, monitor and control risk – especially as the IT environment changes rapidly and new IT-related risks appear regularly.
This article will provide you with some example of IT-related risks facing your business. Part 2 of this article will show you how to identify and assess the IT-related risks risks facing your business. And Part 3 of this article will provide you with some ideas on how to reduce these risks and their potential impact to your business.
Examples of IT-related risks
Business managers are used to recognising commercial threats and taking appropriate actions – for example, dealing with a new customer who turns out to be a late payer.
However, IT-related threats in business are much newer, a lot less predictable and change much faster.
A useful way of recognising threats is to classify them as follows:
- Physical threats are those that result from physical access or damage to information resources such as servers, network equipment, computer rooms, data centres etc. In some business environments it is easy to overlook these types of threats. However, if an unauthorised person – employee or not – can enter your computer room unobserved, then all your other IT security measures are essentially compromised.
- Electronic threats are those that aim to compromise your business information and typically come from outside your premises/network, eg a hacker accessing your network via your website. Other malicious threats can range from phishing and spoofing emails and websites to links in social networking websites that take you to websites that can steal your personal and financial details. Hackers can gain remote control of your computers through infections by viruses, worms or Trojans, turning them into ‘bots’. These groups of infected machines – botnets – are capable of a wide variety of activities, including denial-of-service (DoS) attacks, click fraud and identity theft.
- Technical failure is a common threat for IT systems. For example, if key data is stored only on the hard disk of one server, then the failure of that hard disk would be disastrous to the business.
- Infrastructure failure can be a subtle form of threat. For example, if your business relies on your internet connection to receive orders from customers, you could miss out on new purchase orders if that connection fails.
- Human error is a major threat. If an honest mistake by a user or system manager could cause an irrevocable loss of data, you need to take action to prevent it from happening, eg by regularly backing up data.
CONTINUE TO PART 2
Author: Mawdud Choudhury, Chief Information Officer (CIO) at Universal System Technologies (UST), Brunei Darussalam.