Risk Management Assignment

In 2020, modern day companies are having to adjust to rapidly changing technology, interconnectivity between customers and tech + the sophistication of today’s cyber-attacks in the private and public sector. As technology improves, so does the avenues of attack that cyber criminals and perhaps state sponsored hackers have to penetrate IT systems and cause financial + operational damage. Its scary to say but anyone with a laptop, a Wi-Fi connection, and the technical know how could launch such attacks from anywhere on the planet. The risk of cyber attacks has been present ever since the creation of the world wide web and when civilians began to store data on the internet; but they were not considered as high risk as they do now due to the availability and ease to which these attacks carried out. This new/increased risk has never been more important than it is now to focus on because of how interconnected today’s society is. Social media, company data systems, email, electronic/web-based control systems are examples of sensitive information areas that are commonplace now. Just about everything we do or save is being stored somewhere on the web or on a server connected to the internet. A hacker with malicious intent, the right target, and toolset could launch a cyber attack that could cost a company or perhaps an employee of a company personally irreparable damage. We never have had as much to lose to cyber attacks as we do now.

When it comes to cyber security risks, companies have a high standard to meet and unfortunate for us, it is a constantly ever evolving threat. While the risks are numerous and require vigilance from all sides of the company chain of command; I will list a few that I discovered during my research. Per an article from Forbes titled “10 Data Security Risks that could impact your Company in 2020” the following risks and preventive measures must be monitored and implemented: Accidental sharing – when a company’s employees accidently share, misplace, or mishandle sensitive data. This data could then make its way outside of company control and into the public eye or perhaps someone who could use it for financial gain. This accounts for high percentage of security incidents at companies. Training and control measures for sensitive information should take place to ensure all employees know their responsibility when it comes to this risk. Overworked Cybersecurity teams – per the article more than two-thirds of cybersecurity professionals have considered quitting their jobs/leaving the industry. I witnessed this firsthand at my previous employer, IT employees are often on call at all times even off shift, are constantly putting out fires (resolving issues) left and right and are expected to still look out for the long-term IT management of the company. IT departments need to be properly resourced and cared for. The IT Director/Manager is a critical asset to the company, losing such an employee can have grave consequences due to how long it takes to fully get a replacement up to speed on all of the nooks and crannies of a company’s IT systems. It should not take a serious cyber-attack/incident for a company to realize this is a department that should not be taken any less seriously then perhaps its sales force. The last risk I will list is ransomware – these types of attacks are usually initiated when someone opens a file/program from an email or some sort of download from an unauthorized source. This program then may take control of the user’s computer or IT system and demand that a financial payment (ransom) is paid for release of that control on the system. These types of attacks are launched often with impunity on small to midsize businesses because they do not have the budget for high end IT defense and staffing. These types of attacks can be very expensive and just because you paid them once does not mean it will not happen again. Vigilance and IT training across all levels of the company need to take place to fight back against ransomware. It only takes one employee opening an email attachment or download for this to take place.

I would say that the ever-evolving cyber threat is something that we all must live with in the modern-day workforce. Instead of allowing it to cause us to be uncomfortable, unwilling, or uninterested to work in certain industry sectors; we should all exercise our part in cyber defense. While the skill level of people using computers and IT will vary, we should all learn at least the basic measures in which to protect ourselves. Recognizing phishing/scam emails, proper file handling, having strong computer passwords and not sharing that information are just some of the easy steps we can take. But like all change, it must first start with a company culture of cyber security.

Resources

Council, Young Entrepreneur. “Council Post: 10 Data Security Risks That Could Impact Your Company In 2020.” Forbes, Forbes Magazine, 1 Oct. 2019, www.forbes.com/sites/theyec/2019/10/01/10-data-security-risks-that-could-impact-your-company-in-2020/?sh=21baa8eaa0c0.

Guardian Computer. “Top 10 Computer Security Threats to Business IT in 2020.” Guardian Computer, Guardian Computer Https://Www.gcit.net/Wp-Content/Uploads/2018/03/GC-Logotransparent-300×127.Png, 20 July 2020, www.gcit.net/blog/computer-security-threats-business-it.

Jean Muy                                                                                                       Professor Buckler

BUS 311 – 1801                                                                                           April 18, 2021

With how the pandemic is going, the type of risks that many companies face now is making sure that the work environment is being clean for all of the employees working at their area is sanitized to ensure they don’t be receiving any sort of contact with the Coronavirus. Keeping up with the employees to ensure that their safety is a big priority and importance for the workplace and whenever something bad happens, they’ll be with you at all costs. Providing safe practices at work to ensure that everyone understands how this virus can impact not only people but even the workplace. A weak side to any sort of company can bring them down drastically since reports would surge in about how the workplace isn’t following proper virus protocols that it should be following like every other big company. So, all these sorts of risks are something that all companies have now to face with running it at a proper pace to ensure safety for the workplace and for the people that are shopping at the place.

Some ways that any sort of company can prevent from anything that the virus can be traced back to any place is making sure that cleaning is a main priority across all the areas that many people are around. With many people touching every little thing at any place, it’s important that every part of the area whenever it be busy or not, is being cleansed from the time they open to the time they close. Along with cleansing, making sure that every person who comes in and goes have face masks on at all times so that everyone is being covered to stay safe even when being outside from home. If you want any workplace to make sure that their protocols are being followed, perhaps do a temperature check whenever any person wants to come in to allow people in that are not feeling well whatsoever to prevent any sort of sickness in any area. Organizations have to implement a strong case across their entire place to ensure that the risks any person can encounter with have to be taken seriously.

The virus is something that not many people take as serious as others do since a lot of opinions come across with it as well. With that, I would always do my part and follow every protocol there is to ensure my safety at all costs. Especially for other people. My willingness to go into work and do what it is asked of me is something I can personally deal with since I know working right now during a big virus is something that much people can say they are working during a pandemic and would be grateful for working. However, I can reach out to anyone in the organization in case I’m not feeling safe at the workplace or something is up with me or have anything regarding the virus. My comfortability levels with many people is something that would be a slight concern since you may never know what type of things other people outside of work are doing so that would be a thing you would need to have in the back of your mind. Realizing that you got to make sure your safety across other people is mainly the priority when it comes to stepping out and heading into any organization now. At the end of the day, people really don’t have control over what happens around their surroundings or how they can react to certain things. However, you can make sure that you are safe as much as you can by covering your face while being outside or inside of a place that requires coverage and if you are doing this then you’re allowing yourself to bring safety to your own health.

As we have learned in this chapter of BUS-311, there are many different types of hazard and risk that can effect businesses in many different ways. Some risks have been around forever and will stay around forever, some risks are just being presented, and some are constantly changing.  Those are the risks that I think can have the worst effect on businesses, the ones that constantly change.  When researching I found that regulatory change is one of the top risks that companies are always thinking about.  Regulatory change is basically the way that regulatory requirements and oversight can lead to the disruption of businesses models and the companies ability to perform. This is from a website called corporatecomplianceinsights.com and they said “For example, shifts in regulations related to privacy, product development and approval, trade and tariff policies, the environment, social issues and broader governance expectations have been happening and continue to happen around the world, impacting any organization that wishes to do business both within and outside its home-country borders.” One big event that has caused a lot of regulatory change is the Covid-19 pandemic that has swept across our nation and the world.  Obviously we need to keep people healthy and safe and try to limit the spread of the infection, however this can and has been affecting businesses negatively as some business are forced to close or limit customers, especially small businesses that maybe don’t have the large pool of resources to fall back on that large corporations or other large businesses may have.  As some businesses are forced to close or to limit the amount of people that are allowed into their store, this regulatory change is definitely a new risk that every company is now facing. A business can take all of the appropriate measures and do everything that they can do to try and make their business safer and healthier when it comes to Covid-19 and limiting the spread, however even if the business themselves do everything in their power, they cant do anything about how other businesses decide to conduct themselves, and definitely don’t have power on how people themselves decide to act. So despite a company taking every step to make their store or business Covid safe, infected numbers in their area or their state can still rise, and therefore the government can decide to again change regulations or close down stores for a while.  We have already seen how regulations have changed a couple times during the pandemic and how that has affected businesses. Restaurants that I once went to are now closed down for good, meanwhile other places have just moved all their seating outdoors and seem to be doing okay. The new threats presented by Covid don’t really affect my current comfort at work since I don’t interact with anyone face to face other than coworkers and generally everyone is respectful and wears a mask when needed, etc, but regulatory change as a whole is something that constantly changing and evolving with the world and how people feel in general about things. Keeping up with the changing regulations can be and is a difficult thing for businesses to keep up with.  Other changes in regulations that are occurring are related to environmental worries, trade and tax policies, social issues, and the regulations relating to these are changing so businesses will need to adjust themselves accordingly.

https://www.paychex.com/articles/compliance/top-regulatory-issues

Top 10 Risks for 2020

https://www.businessnewsdaily.com/7671-regulatory-issues-changes.html

https://www.investopedia.com/articles/economics/11/government-regulations.asp

Sonia Gonzalez

April 17, 2021

Professor Brille Bucker

Risk Management

The Covid-19 is a severe issue nowadays. It is spreading very quickly into every corner of the world. It has negatively affected small and other forms of businesses worldwide. The business people are busy taking corrective actions for this risk. People should consider the company’s employees, mediators, and customers to eliminate this risk in business. One of the new risks companies face now that was not thought of in prior years is the Coronavirus. The Coronavirus pandemic has made a blow to the U.S. economy since the incomparable melancholy.

Companies need to now focus on their employees and what changed going into effect.

1- Temporary work plan: Simply it means work from home”. There are many tools in the business that are used in and out of the plant. The employees can use these tools for doing their jobs. Business people can communicate or contact the employees through email, phone calls, and other contacting methods. By doing these jobs regularly, the employees can maintain their responsibility towards their business.

2- Reduce meeting: By reducing appointments, business people can eliminate the chance of being affected by this COVID-19. They conduct meetings online. I t is more convenient than a traditional type of meeting.

3-Transparency in communication with customers: Both employees and customers are facing this virus together. So it is more suitable that both businessmen and customers should behave transparently. A transaction should be based on utmost good faith. Every people should be careful in this time wash their hands frequently. Avoid handshakes. The company can reduce the spread of the virus by reducing the number of meetings or should eliminate the conference these days. I suggest there be a complete lockdown. At this time, the business should focus more on online sales. It will reduce the chance of spread. By using deals online, we can create a personal relationship with the customers. It will positively influence your sales in the future.

4- Business Insurance: I prefer every company must take an insurance policy. It will help then reduce the risk. Risk is the uncertainty of loss. It can be met by taking an insurance policy. Planning for the long term would start a plan for the future. It will help you enhance your businesses and increase your productivity in the future.

There are some opportunities for new companies in the future. It mainly concentrated in two areas, that is 1) medical field and 2) economy field. Nowadays, the medical spectrum in preventing Covid-19—the use of medical masks, gloves, etc. are should face high necessity in the future. At this time, hand sanitizers and ventilators are the most wanted items. It will have greater demand in the coming days. In the economic field, now some governments are offered low-interest loans for reconstructing their economy. New companies can acquire these loans for their business. It will help you in the future. U.S. government proclaimed that they are ready to provide unlimited short-term finance to business persons for reconstructing the economy.

The new threat will affect many people returning to work. The business of purifies, masks, and sanitizers has been on the trend—the use of robots in the supply chain and auto cars in delivering goods. Many may struggle at first with working from home. As time goes by, they will get the hang of it. I t is a massive risk of computing in the subway also returning to the workplace, but the company assures the worker that they’re keeping the work area clean. As virus cases have grown, many businesses have begun closing offices and stores and sending workers home to help slow the spread.

https://www.nytimes.com

https://www.weforum.org

https://www.nyc.gov/coronavius

The world is evolving, human-being conceptions are changing over time, the risks run by organizations are reflecting the new realities.  Worldwide, in January 2021, we have 4.66 billion active internet users, which means 59.5 percent of the global population. Among the largest online markets in the world, the United States ranks third with over 313 million active internet users nationwide. Among this population of internet users, many are from organizations. The Internet has become a relevant tool for communication and interaction between companies. Further, the internet is a tool used for draining, gathering, and even storing data on clouds whereas they are from the organizations or their clients. Unfortunately, cyber risk has the aptitude of impacting negatively all the aspects of an organization, including its customers, employees, partners, vendors, assets, and reputation.

During the last decades, the observation is that many organizations could not operate without the internet. Besides, cybersecurity has become a prior goal for companies since cyber “cyber incidents have been ranked as the top business risk in the Allianz Global Risk Barometer 2020, knocking business interruption from a top spot it had held for seven consecutive years”. Many big firms have been victims of this type of criminality. eBay in May 2014 was a victim of an attack that impacted 145 million users and lasted for at least 229 days, enough time for compromising the user database. Fortunately, the financial information of their clients was stored separately which narrowed the consequences of the attack. Yahoo during the years 2016 and 2014 had been a victim also. In September 2016, Yahoo announced having been a victim of the “biggest data breach in the history”. Overall, Yahoo has been a victim of several attacks which compromised over 3 billion user accounts. During the period of the first announcement, Verizon was negotiating an acquisition of Yahoo’s core internet business for $4.48 billion. But the cyber-attack engendered an estimated $350 million off the value of Yahoo. Myspace also has wiped an attack after 360 million user accounts were sold on the dark web market. In the same list of big victims, we can highlight LinkedIn, Equifax, Twitter, Nintendo Easy Jet… Thus, companies are always facing cyber-attacks, and even governments; medical institutions, and the business sectors, no one is exempted in this kind of new war.

Organizations risk a lot with cyber incidents. We all know how companies’ reputation is important and we cannot estimate its value to them. A cyber incident can harm an organization, therefore, the need for politics to respond effectively to cyber risk will involve all the components of the companies.

These are the 4 key steps your organization can take to implement a robust cyber risk management strategy.

1. Understand Your Risk Profile: Understanding your risk profile and potential exposure requires an enterprise-wide threat assessment.
   • Identify critical enterprise risks to determine the applications, systems, databases, and processes subject to cyber risk. Consider the array of external and internal threats, from unintentional user error to third-party access to malicious attacks.
   • Undertake risk assessments with all stakeholders to assess the likelihood and potential impact of cyber risk exposure, including cross-divisional and secondary effects and technology dependencies. Consider third-party exposure, as they have increasingly become vectors for cyber incidents, and the risk posed by the expanding technology perimeter due to work from home requirements.
   • Quantify risks including the potential financial, operational, reputational, and compliance impact of a cyber risk incident. A risk scoring framework can help provide a more holistic ranking of threats.

1. Set a Firmwide Strategy: Establish a firmwide strategic framework for cyber risk management
   • Prioritize risks by employing a shared risk measurement framework and reporting systems to effectively prioritize risks across the organization and enable informed resource allocation.
   • Consider industry-specific risk standards and incorporate any specific compliance requirements into your cyber risk management practice.
   • Set and communicate an enterprise-wide IT and cyber risk management strategy. Technology infrastructure and application use is critical throughout every organization. Therefore, cyber risk exposure can occur in any division, making it an organizational priority, rather than an IT one.

1. Invest in Cyber Risk Management Infrastructure
   • Assess system requirements to understand where organizational cyber threats originate and provide a guidepost to the types of systems required. A distributed, cloud-based organization will have different needs from a physical asset intensive organization. Consider how your company currently operates to ensure that a GRC platform will accommodate evolving needs.
   • Potential investment in GRC software or other cyber risk management tools should also consider risk reporting and incident management requirements, workflows, ease of use, flexibility, and future expansion capability.

1. Establish a Dynamic Cyber Risk Management Process
   • Establish robust oversight by maintaining an updated inventory of potential threats and dynamic quantification of the potential impact and mitigation costs of cyber incidents.
   • Communicate with third parties to ensure their security protocols align with organizational standards and practices.
   • Invest in Training – With rapid evolution of technology and related cybersecurity risks, cyber risk management is not a static, tick the box solution. Organizations can spend large sums on state of the art security infrastructure, but a truly effective cyber risk management program requires effective stakeholder training.

In my opinion, these threats don’t involve only the employees, it is more dangerous for the customers whose personal and financial data may end up in the wrong hands.

https://www.statista.com/statistics/617136/digital-population-worldwide/

https://www.cmmonline.com/news/top-10-business-risks-of-2021

https://www.insurancebusinessmag.com/us/news/breaking-news/these-are-the-top-10-business-risks-around-the-world-in-2020-211542.aspx

https://www.keepnetlabs.com/the-biggest-data-breaches-in-the-first-half-of-2020/

https://www.logicgate.com/blog/grc-101-what-is-cyber-risk/

Here’s where assignments students submit for our Unit 10 Assignment will appear. If your post is not appearing in this section, you may have forgotten to add a Category to your post. Go back to your post and click “edit” to add “Risk Management” as the post category.