24 security
Are you ready and able to handle today’s business risks?
Most companies are not adequately prepared to deal with the business risks that they face in the 21st century, says Phil Wood MBE, head of the department of security & resilience at Buckinghamshire New University in High Wycombe
“I would suggest that many companies run the risk of contributing to their business failure if they don’t address these matters with a little more diligence.”
They are words to note, writes John Burbedge, since Wood heads up arguably the UK’s leading higher education resource for the study of organisational resilience, through diploma, degree and postgraduate courses developed with the Business Continuity Institute.
“It is amazing to me how many businesses, big and small, have not fully considered the potential problem areas within their operations.” He adds that the majority of risk issues for businesses are caused by human error, procedural omission, and a lax approach to security and resilience.
Wood explains that the world today is not necessarily any riskier than it has always been, and companies are not totally unaware of risks that might affect their business continuity – but most will have underestimated the disruption and commercial impact that can take place when things go wrong.
Mentioning the recent disruptive Thames Valley floods, and highlighting the impact of the Japanese tsunami on Fukushima’s nuclear power plant, and the Icelandic ash cloud on air travel, Wood added: “The world has not changed, we have always had natural threats such as earthquakes, hurricanes and volcanoes, but now that man interacts throughout the world these things have become much more of an issue.
“We have always had armed conflicts and terrorism in some form or another, but today their impact can be much greater. We often underestimate the potential of such adversities.”
In this interconnected information age, dramatic world news can be tomorrow’s fish and chip paper, but the ongoing impact of that event can radically affect economies, markets and individual business continuity.
It is our global communication ability and interconnectivity within international, financial, commercial and social networks that has raised the game when it comes to the likely impact of a business risk, says Wood. And the Internet
www.businessmag.co.uk
has been the catalyst and game-changer in increasing the need for resilience.
The vulnerability of organisations to technological risks is now a key 21st century threat, says Wood, on two important fronts: reputation and control of IP and data.
“People have been empowered through this global technology. It has changed the way people behave and think, and the power now lies with those individuals who are interconnected.”
Internet communication, instant and often anonymous, has made the customer experience a potential minefield for businesses. Today, consumer complaints and personal opinions can go viral through 24/7 critiquing sites and social media applications. Business reputations can be harmed overnight.
That power of global interconnectivity can also be seen in public uprisings in Egypt, Ukraine, and at home with fracking protests, says Wood. “There is now a contagious ability for populations to make their views known.”
Better understanding and use of today’s mediums of communication should be high on the risk agenda for businesses. “We will always have the Internet, and how companies interact with it will create positive or negative impacts for their business.”
Control of the corporate message, data and IP are also main agenda items, says Wood. Once again, human actions, whether accidental or deliberate, are the risk concern.
Lack of trained usage of today’s ubiquitous communication technologies, even over- familiarity, can lead to lax standards of data security, or unwitting and embarrassing emailing etc. “In some cases, technological familiarity is breeding contempt for resilience procedures.”
Personnel need to be involved ambassadors for their company, not tweeting their work concerns to friends or copying sensitive files onto USB memory-sticks that may have viruses or get mislaid.
Thus, the workplace environment, security standards, internal controls, staff training and business morale are all factors that
Phil Wood
need careful management. Plainly, security systems also need to be in place to protect the company from external ‘hacktivism’.
But, too often, risk management assessments, business continuity plans or security procedures are produced, and then lie on office shelves gathering dust, says Wood. “It’s a bit like someone reading the Highway Code, having an owner’s manual, then getting into a car and thinking they are proficient and in control.
“Resilience needs to be an integral part of the business not a bolt-on, part of its culture, an unconscious awareness. Reading the frameworks and manuals is not enough. Resilience needs thinking active practitioners.”
Organisational resilience needs to be continuously updated and rigorously tested, he added. The success of a plan is in its implementation. Tested scenarios, practice and review are essential. For example, will your crisis management team all be contactable at 11am on a Bank Holiday morning?
“I would suggest that many plans currently in place would not stand scrutiny, beyond a very straightforward list of who is responsible for what. Unless you are a big multinational or blue-chip you are unlikely to have the right structure in place.
“When I’m doing consultation work, I find that THE BUSINESS MAGAZINE – THAMES VALLEY –APRIL 2014
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52