Our national media are full of articles describing the risk of Russian cyberwar – but rarely with solutions.
Fortunately, there are exceptions.
An example is a recent article (February 18) in Harvard Business Review – as well as others from our risk management professionals. For example, our son, an IT manager at the University of Alabama, recently received from the university’s risk manager a summary of the steps to take to avoid or at least mitigate this risk.
My 181-page book — published by the International Risk Management Institute of Dallas — proactively addresses this risk. Additionally, our local SBA Small Business Development Center at CSUB offers excellent cybercrime risk protection data. (To see sba.gov/business-guide/cybersecurity)
So the lawyer is available. The question is: will each of us take these proactive steps?
Large companies are usually well ahead of this threat. Too many small business owners and family members are not. Small businesses (defined by the SBA as those with up to 500 employees) are seen by “the bad guys” as very vulnerable. They’re right.
In my book, I listed 12 steps that a business or a family can take. A free copy of this list is available upon request by e-mail. However, here is a more succinct – but still useful – list of steps you can use as a starting point.
• Instill a sense of safety in your employees and family members. We are vulnerable and the consequences are costly.
• Gather your insurance and IT support sources together to ensure each is thinking about preventative measures tailored to your unique but typical situation should the worst-case scenario occur.
• Check the website of your bank(s) to determine the scope of their protection — as well as the specific measures they may advise you to consider in your own system to be compatible with the protection processes against bank risks.
A company should review its business continuity plan to ensure that it is up to date and applicable to this growing risk. A company should take a close look at the risks in its supply chain and look for sources of relief, if possible.
These steps should be closely coordinated with your insurance broker. Steps more specific to your unique computer system will be suggested or recommended.
This risk should be transferred to an insurance company if something “falls through the cracks” in your risk prevention program (no system is perfect). We need both: risk reduction as well as the transfer of risk to a commercial insurer.
As critical as cybercrime risk management is, another risk — which Russia is quite capable of (as are other hostile nations) — is one that only Congress can address. This is called EMP – Electro Magnetic Pulse.
It is the result of the explosion of an atomic bomb above the center of the United States. No life is lost. No property is damaged or destroyed. However, the civil electricity network of our country becomes unusable. Close. Faded away! Power outages are everywhere. Cars on highways stop immediately. The delivery of life-prolonging drugs ceases. Food availability becomes non-existent. Then, the deaths follow one another.
I’m informed that Congress funded the shielding of our military electrical grid but not our civilian grid. Previously, shielding would have cost $2 billion. Today, that price may be $4 billion. Yet Congress should fund this shielding now.
Our local Congressman, Minority Leader Kevin McCarthy, is perfectly positioned to take the lead on this issue even before the midterm elections. If ever there are bipartisan issues for Congress to address, shielding our civilian power grid needs to be at or near the top!
Time is of the essence for both risk management actions. Fittingly, the “ball is in court” for all of us – plus Congress.
Take proactive action now before the proverbial “horse leaves the stable!” »
John Pryor, CPCU, ARM, AAI, AIS is a Risk Management Consultant at CSU Bakersfield’s Small Business Development Center – a free consulting service through the US Small Business Administration. His book is “Quality Risk Management Fieldbook” – with the convergence of risk management and quality management. His email address is [email protected]