James Kelly Chief Executive British Security Industry Association (BSIA)
n order for a business to be successful in the face of any type of adversity, it is
essential that comprehensive contingency plans are in place from the word go in order to ensure business continuity.
In today’s world, the threats facing businesses are varied: from cybercrime to fraud and the ever-present concern of terrorism. Risk management is therefore an essential part of any business model. Some of the key elements that make up effective risk management are explored here.
In an unpredictable world, it is very important that businesses are taking the time to review their security strategies, policies and plans on a regular basis, not just in response to current threats. Anticipating a range of events can help in the development of a multi-level response plan that will enable the business to continue to function regardless of the threat.
One way of achieving this is by assigning responsibilities to a few key people within the business, particularly those on a senior management level. These individuals should be up to date with all contingency plans and be able to direct personnel efficiently following an incident.
When assigning responsibilities to a specific group of employees, it can be wise to have them undertake specified training courses on crisis management. These courses can help personnel enhance their existing crisis management skills and teach them valuable new methods that can be instrumental in the development and implementation of a successful incident response structure.
The training available is extensive and can cover all aspects of incident management, such as risk assessments, security surveying, continuity management and disaster recovery. However, it is essential that the training is delivered by a reputable training provider with professional, qualified tutors who have real world experience of the industry.
As well as seeking the assistance of a qualified training provider, it can also be good practice to engage with a security consultant in order to assess the various risks the business is facing. An outsider’s perspective can be very beneficial, as often it can be hard to identify all of the potential risks from within the business. The services offered by security consultants are wide-ranging, including threat and risk assessments, security audits and reviews, security policy, procedures, strategy and management, crisis management and business continuity planning. Being able to adequately identify its risk register is one of the most important steps in preparing a business for the future; working closely with a qualified security consultant can be a helpful aid in ensuring the register is as comprehensive as possible. When considering the various risks, it is also important to consider other companies that are involved
© CI TY S ECURI TY MAGAZ INE – S P R ING 2017 www. c i t y s e cu r i t yma g a z i ne . com
with the business. For example, if a company is looking to go into business or merge with another company or individual, it can be considered best practice to carry out necessary due diligence checks in order to expose any possible liabilities. Security consultants can carry out a risk assessment of the potential business partner in order to determine the level of due diligence required.
Subsequent due diligence checks can uncover details of a company’s management, financial information, performance, suppliers, clients and history. Once all the data has been collected, it must be thoroughly verified and validated by someone who is objective – such as the security consultant – who can then properly evaluate the data and identify any red flags.
These red flags can help build the risk register of the corresponding business and will aid the business, and security consultant, in developing plans to mitigate those risks. This will also help identify whether or not the new business relationship is too high risk to continue.
As mentioned, remaining one step ahead of the game is important when crisis planning; this is especially true in relation to cyber security. Cyber criminals are regularly finding new ways to carry out attacks, with the repercussions of a cyber attack having huge financial and reputational impacts on a business. As such, it is essential for businesses to be prepared when it comes to cybercrime, taking the time to develop cyber policies and strategies and training staff effectively to ensure everyone is vigilant with cyber security in the workplace.
Security consultants can help assist in the development of cyber policies and can also carry out penetration testing of a business’s networks in order to ensure that the protection already in place is adequate enough to challenge ever-advancing cyber threats. The testing can also identify any weaknesses in the network and address them where necessary.
Generally, when implementing security strategies for the sake of business continuity, the importance of quality should always be a key factor. It is essential that those responsible for procuring security products and services for their organisation should only be enlisting the help of a trusted, professional provider who meets with the necessary British and European standards.
Members of the BSIA are all inspected to rigorous criteria and offer a professional service. To find out more visit: www.bsia.co.uk/home.aspx#
| Page 2
| Page 3
| Page 4
| Page 5
| Page 6
| Page 7
| Page 8
| Page 9
| Page 10
| Page 11
| Page 12
| Page 13
| Page 14
| Page 15
| Page 16
| Page 17
| Page 18
| Page 19
| Page 20
| Page 21
| Page 22
| Page 23
| Page 24
| Page 25
| Page 26
| Page 27
| Page 28
| Page 29
| Page 30
| Page 31
| Page 32