With a new year underway, now is an excellent time to take a step back and look at some of the critical gaps in your approach to risk management and risk mitigation. Here are three of the most common corporate risk mitigation tactics that CSOs and Directors of Security may not be currently practicing—but definitely should be adopting—in 2019:
Operate as a business enabler
To re-envision risk management by becoming a true business enabler is the next step in the natural and ongoing evolution of corporate security.
With the on-going digital transformation and the growing speed of business today, the need to be agile and to help with implementing security initiatives is more important than ever. Corporate security leaders need to be savvy and focused with risk management objectives fully aligned with business goals. That connection empowers them to add value to an organization by educating business leaders on potential risks as they are trying to achieve their business objectives.
The Pinkerton Risk Wheel illustrates this shift well. CSOs and Directors of Security have traditionally focused their risk mitigation efforts on the quadrant of the Risk Wheel encompassing Hazard & Event risk. Today’s evolving threat landscape requires security professionals to be more attentive to the Technology & Information, Market & Economic, and Operational & Physical risk quadrants in order to better align their efforts with business goals.
Action plan:
- Conduct a comprehensive risk assessment to understand how risks from all four quadrants of the Risk Wheel can impact your business.
- Establish and maintain clear and consistent lines of communication between security professionals and C-Suite executives to ensure risk management objectives are fully aligned with business goals.
Think globally
Corporate security professionals should adopt a truly global perspective when thinking about their security and risk mitigation practices. Even for organizations that may not yet be operating on a global scale, there are always emerging threats in an increasingly interconnected world. Seemingly disconnected events overseas can have a ripple effect that impact your business operations. A fuel shortage in Latin America can impact your supply chain; parts of Asia vulnerable to natural disasters can impact your ability to rely on supply from that region; and, legislative changes in Europe could limit your ability to collect and use data.
Regardless of the size of your company and its market footprint, everyone operates in a global marketplace. Understanding the contours of your organization’s footprint, and evaluating business decisions in the context of complex supply chains and an evolving marketplace with new threats and competitors is essential. Increasingly sophisticated data- and intelligence-gathering programs can help generate information to form sound decisions, but having the resources to collect that information on a global scale is just the first step. Corporate security teams need to digest and analyze vast amounts of data—determining what’s relevant to the business. Machine learning and AI tools can help, but you still also need the intelligence function of trained security professionals to interpret and act upon that intelligence.
Action plan:
- Take greater precautions when evaluating the security practices for an overseas partner (a stringent evaluation should be part of any vetting process for third-party partners).
- Engage with a trusted security partner capable of monitoring global events, evaluating the potential for those developments to impact business continuity for your organization and providing advice on how to navigate those risks.
Empower your people
Don’t let the power of new tools and tech, like AI and machine learning, distract you from the critical importance of personnel training and education. Regular and rigorous training programs to review policies and procedures and educate your team about new and emerging threats are arguably more important now than ever before.
For instance, the increasing sophistication and complexity of social engineering and phishing scams means that, while people are your best asset, they are also often your greatest vulnerability. The ongoing convergence of physical security and cybersecurity principles (things like access control and points of vulnerability apply to both brick-and-mortar buildings and virtual networks, for example) makes this priority even more urgent. If you don’t have formalized security awareness and training programs in place—and a process through which those programs can be updated regularly—you will be leaving yourself unnecessarily vulnerable.
Action plan:
- Implement formalized security awareness and training programs for your workforce.
- Evaluate the effectiveness of those programs on a regular basis and update programs and protocols as needed to reflect an evolving risk landscape and protect new and emerging threats.
Interested in learning more? Contact us to learn how we can help your organization implement these tactics and more to keep your people, property and proprietary information safe and secure.