9
OPINION
Risky business
W hen it comes to eliminating the risk of an IT security incident at your firm, the only way to get to zero risk is to not be in business. There are several proactive actions that can be implemented to mitigate IT security risks and keep your firm prepared.
However, there are several proactive actions that can be implemented to mitigate risks and keep your firm prepared. Ultimately, mitigation is about minimizing the risk factors, assessing the cost, and making plans to recover as quickly as possible with minimal loss and downtime. While it would be difficult (and frankly, boring to most readers) to provide a comprehensive list of disaster recovery, cyber-attack response, and malware prevention tools, this article is designed to provide an overview of four categories of mitigation strategies that can help protect your firm – whether you have an in-house IT department, outsourced IT, or you do it all yourself. Let’s take a look: 1. Classification. Classification includes defining and understanding the events that can cause
business downtime or data loss. To keep it simple, there are two main classification categories: infrastructure loss and cyber-attack/ corruption. Infrastructure loss happens when you lose access to the physical environment. This occurs if your building floods, burns, or a truck drives through the front of it. Infrastructure loss also includes lost connection to local hardware, such as if a gas leak shuts off access to your space, which can be especially detrimental if your firm has a local server. For engineering firms, this is a specifically unique challenge since most employees work with large CAD files; limited – or loss of – access can be detrimental to productivity and projects.
Jason Cunningham
See JASON CUNNINGHAM , page 10
THE ZWEIG LETTER JUNE 20, 2022, ISSUE 1446
Made with FlippingBook Annual report