Security Risk Assessments - You Don't Know What You Don't Know

Threat, vulnerability, likelihood, consequence, and risk. For those operating in today’s business environment several of these are a moving target.  While we often think we understand the threats our corporations or private families face, and we believe (or should know) that our countermeasures will thwart any attempts by adversaries to penetrate those defenses – the reality is, you don’t know what you don’t know.When was the last time you commissioned an independent third-party to conduct a risk assessment for your corporation, private family, or family office?  One year ago? Five? What has changed since that last assessment? Geopolitical winds have shifted, a global pandemic has upended supply chains and travel, and social unrest has created new menacing threats, highlighted expanding cyber vulnerabilities, and blown holes in our once-sound security policies and procedures. Do you feel like your last assessment is still valid among all those changes?Especially today, after many employees now work from everywhere. The risks to them in their specific location and the increase in cyber vulnerabilities by working away from the office are significant. Companies must work to strike the balance among policies, procedures, and privacy. To inform this balance, reassessments of vulnerability are critical as now many of the inherent protections at the office (guards, gates, access controls, video, and intrusion systems) are no longer present in employees’ homes (or wherever they are working).For those that have never completed an assessment, the compliance and governance environment should be driving you to do this key task now. Why wait? If one has never looked for threats, identified vulnerabilities, or assessed risk -  you truly are in the dark with regard to not only what might happen tactically, for example, a tornado hitting the office building, an active shooter, or a ransomware attack – but you are even more unaware of the strategic impact by omitting this risk management tool from your list of annual reviews. And, if you are reading this article – now you know. You know more now than you did five minutes ago… and you know you are at risk.  Because when it comes to security risk assessments, you don’t know what you don’t know, especially if you have never bothered to look.How exposed is the enterprise? The Family Office? The CEO’s second home, or their travel arrangements? Is the network, or his/her devices protected against current threats?  How would you know? By completing a security risk assessment, that’s how. Hire a professional company that completes this work as an independent third-party security consultant. Red Five has been doing this work for 17 years, conducts this work consistently, with professionals, and provides actionable results, so that you can take away the unknown risks…and know what you didn’t know.