Your Board and risk management

For small business owners, it may seem your daily energy is caught up with just keeping the doors open and revenues coming in. However, unless you were very fortunate when you started up, you have a board of directors; most likely initial investors whose focus is on the long term success of the company and on strategies for future growth. Part of their concern will be threats and risks to the present business. A particular concern may be the risks to the business in the case of a cyber attack. Small businesses are just as vulnerable to cyber attacks as large companies. However, they are far less likely to have the resources to recover.

In our next few blogs, we are going to look at what ways a small firm may be vulnerable to a cyber attack. In particular, we discuss the major areas of vulnerability your business faces. Specific topics include customer and company data loss, legal implications, fines, and regulatory penalties, brand damage, downtime and revenue loss, and supply chain vulnerabilities.

Obviously, your shareholders want to understand how you plan to defend against and respond to cyberthreats, but that’s a topic for another e-guide. Today, we will talk about educating your board about one area that you are at risk for when a cyber attack occurs.

Downtime

This is the most obvious and immediate consequence of a cyber attack. Your business becomes partially or fully shutdown. Given our reliance on technology, almost every aspect of a business, even a small service business is, in some way, reliant on technology. For example, a medical office can’t function if its reservation system is attacked. Staff may lose the basic ability to know which patients are scheduled for the day. A smaller retailer can’t ring sales if the POS goes down. If your website is attacked and compromised, that’s akin to shutting down the doors of a brick and mortar operation.

Why is this a shareholder topic? Downtime places the entire organization at risk of failure. Small businesses are much less likely to recover than are large businesses. Your Board will want to be informed about how you propose to keep the organization safe.