Our national media are full of stories describing the risk of Russian cyber warfare — but rarely with any solutions.
Fortunately, there are exceptions.
One example is a recent (Feb. 18) article in Harvard Business Review — plus others from our risk management professionals. For example, our son, an IT manager for the University of Alabama, recently received from the university’s risk manager a summary of steps to avoid or at least mitigate this risk.
My 181-page book — published by the International Risk Management Institute in Dallas — addresses this risk proactively. Also, our local SBA Small Business Development Center at CSUB offers excellent data on protection against cybercrime risks. (See sba.gov/business-guide/cybersecurity)
So, counsel is available. The issue is: Will each of us take these proactive steps?
Big business generally is well ahead of this threat. Too many small business owners and family members are not. Small businesses (defined by the SBA as those with up to 500 employees) are perceived by “the bad guys” to be highly vulnerable. They are correct.
In my book, I’ve listed 12 steps a business or family can take. A complimentary copy of this list is available by email request. However, here is a more succinct — yet still helpful — list of steps you can use as a starting point.
• Instill a security mindset in your employees and family members. We are vulnerable and the consequences are costly.
• Bring together your insurance and IT support sources to be certain each is thinking through customized preventive measures for your unique yet customary situation should the worse-case scenario occur.
• Check the website of your bank(s) to discern the scope of their protection — plus specific steps they may advise you to consider within your own system to be compatible with the risk protection processes of the bank.
A business should review its Business Continuity Plan to be certain it is current and applicable to this expanding risk. A business should closely review its supply chain risks and seek back-up sources, if possible.
These steps should be closely coordinated with your insurance broker. Steps more specific to your unique IT system will be suggested or recommended.
This risk should be transferred to an insurance company if something “falls between the cracks” in your risk prevention program (no system is perfect). We need both — risk reduction as well as risk transfer to a commercial insurer.
As critical as is management of the cybercrime risk, another risk — of which Russia is totally capable (as are other hostile nations) — is one only Congress can address. It’s called EMP — Electro Magnetic Pulse.
It’s a result of exploding an atomic bomb high above the middle of the U.S. No lives are lost. No property is damaged or destroyed. However, our nation’s civilian electrical grid becomes inoperable. Shut down. Gone! Power outages are everywhere. Cars on freeways immediately come to an abrupt stop. Delivery of life-extending medications ceases. Food availability becomes non-existent. Then, fatalities follow.
I’m advised Congress has funded shielding of our military electrical grid but not our civilian grid. Earlier, shielding was reported to cost $2 billion. Today, that price may be $4 billion. Yet, Congress should fund this shielding without further delay.
Our local member of Congress, Minority Leader Kevin McCarthy, is perfectly positioned to take leadership of this issue even before mid-term elections. If ever there are bipartisan issues for Congress to address, shielding our civilian electrical grid must be at or near the top!
Time is of the essence for both risk management actions. As is appropriate, the “ball is in the court” of each of us — plus that of Congress.
Take proactive action now before the proverbial “horse is out of the barn!”
John Pryor, CPCU, ARM, AAI, AIS is a risk management consultant in CSU Bakersfield’s Small Business Development Center — a free consulting service through the US Small Business Administration. His book is “Quality Risk Management Fieldbook” — with the convergence of both risk management and quality management. His email address is [email protected].
