When you think about risks to your business network … what comes to mind? Hackers? A server meltdown? Data loss? That would be an understandable response, but actually those aren’t risks. Instead, they are properly understood as “threats.” So what’s the difference, you ask? (Or pretend you did.)
To conduct a proper risk analysis, look at three things:
- Threats – Actions or events that could damage your business. This includes-among other things-any sort of malicious attack, a network outage that halts productivity, a fire or flood … or the dangers of running afoul laws like HIPAA or Sarbanes-Oxley.
- Vulnerabilities – Areas or features of your IT systems that are susceptible to damage or exploitation. Threats are always out there … what matters is whether or not your business is vulnerable to them.
- Assets – The value or importance of whatever it is that may be damaged or lost. This could be productivity, cost of replacing equipment … or even the worth of your entire company.
Risk analysis requires cataloging all known and foreseeable threats as well as painstakingly identifying all vulnerabilities. Then the likelihood of a threat causing you to lose a valuable asset is weighed against the cost of eliminating the related vulnerability.
To illustrate how risk analysis works, consider this scenario: A hacker (the threat) could guess a weak password (vulnerability) and steal a secret formula (the asset) that’s going to make a million dollars. Risk analysis would find that it’s worth the investment in time to think of a better password than someone’s birthday. Conversely, it would not be worth the investment to buy insurance protecting your computer network from a tsunami if you live in Kansas.
Of course, professional risk analysis goes well beyond common sense scenarios involving things like poor passwords and tsunamis in the Midwest. Examples: Will your ten-year old servers handle business growth for another year without melting down? Will data security be enhanced, or more at risk, by moving to the Cloud? How important is it that you monitor employee usage of the Internet on company time? With questions like these, determining threats, vulnerabilities and the associated risks can be extremely complicated.
It is the SynchroNet Way to assist you in understanding the nature and scope of threats to your IT systems. Our IT expertise enables us to root out vulnerabilities and provide recommendations that will make the most sense for your operations. And of course, we’ll be right by your side in helping you implement smart solutions to keep your IT systems safe from harm.
