5 Ways to Minimize Risk Exposure

Risk management is something to be taken very seriously. There's nothing more potentially harmful to a company's reputation and bottom line, than a technology security breach.

However, many companies out there are over-managing risk exposure or using complicated and expensive solutions to mitigate risks, when there are much simpler solutions available.  To more efficiently manage risk, let's go back to basics and take a look at five simple (and often overlooked) ways to minimize risk exposure:

1. Stop looking for a silver bullet
Remember that a “control” is not the same thing as a “security product.” Despite what the salesman may say, a shiny new technology solution is not a “silver bullet” to reducing every conceivable risk.  Changes to an existing process or the implementation of a simple procedure are often all that is required to reduce risk to an acceptable level.  

2. Don’t forget risk acceptance
Many times further risk mitigation simply does not make financial sense. When the potential loss resulting from a risk is less than the cost of implementing a risk mitigating control, get senior management to accept the risk and move on to more unacceptable risks. That said, don’t forget to monetize the potential cost of reputational damage or loss of public or regulatory goodwill in your calculations.

3. Use risk to enable business development
You don’t need to eliminate all risk.  Sometimes technology risk management professionals forget that businesses must take some risks to succeed. Launching innovative new products can be risky. Just be sure your organization understands the risks and keeps them at an acceptable level. As long as risk is at or below the organization’s tolerance level, stop, or you'll mitigate your way to a decrease in revenue!

4. Consider risk transference
Shifting risk elsewhere is a relatively painless, but oft forgotten method. Risk can be transferred to a third party through a legal agreement or an insurance policy. Today most commercial property and casualty policies come with a built-in cyber-insurance policy or rider. Be sure you are aware of any such coverage and factor that into your risk assessment. Instead of adding new controls, it may be more cost-effective to allow a contract or insurance policy to cover losses.

5. Improve existing controls before deploying new ones
Technology risk management professionals often start down the road of proposing the implementation of new controls without examining the effectiveness of existing ones.  Often existing controls can be upgraded or shored up enough to reduce risk to an acceptable level without undertaking a costly new deployment.

Bring these five basic solutions to the table during a risk assessment to save your company valuable time and resources. 

 What other systems do you have in place to minimize risk exposure?

About the Author: Bradley J. Schaufenbuel, CISSP, CRISC, is Senior Vice President and Chief Information Security & Privacy Officer at Midwest Bank – Now Part of FirstMerit Bank, N.A.  He is a regular speaker at industry conferences and has authored numerous books and professional journal articles on topics related to information security and I.T. risk management.

Learn how risk assessments can streamline vendor compliance and score vendor risk.

Shared assessments are an efficient and powerful way to streamline vendor compliance and mitigate risk.  Schedule a free trial of Evantix Risk Manager and start taking control of your supplier compliance today.