When companies think of risk mitigation, they often sort risk into two categories—internal and external. It’s tempting to categorize risk as “external” if the culprit is outside your company, i.e. an outsider who breaks in, physically or digitally, and steals corporate assets. Surprisingly, however, break-ins are not an external risk.
External risks are risks over which a company has no control—where the only possible action is mitigation. An internal risk is one where the organization has the power, within the firm, to prevent the risk. With this definition, the list of “internal” risks is quite lengthy.
Consider, for example, a firewall. A business that fails to purchase and configure an adequate firewall would be considered to have failed in meeting the minimal requirements to prevent a potential attack. That failure is an internal risk, and one that could expose the firm to considerable financial liability.
Today’s Intrusion Prevention System (IPS) firewalls have advanced features that specifically combat current threats, and the hardware can be purchased for as little as $500. The basic router or cable modem that came with your Internet service is insufficient to repel attacks. Yet, many business owners fail to expand their security, and hackers know this. It’s one of the reasons so many of them are targeting small and medium businesses, so frequently.
As Richard Clarke, former National Security Council Official and Assistant Secretary of State, once said, “If you spend more on coffee than on IT security, you will be hacked. What’s more, you deserve to be hacked.”
To learn more about risk and loss prevention tactics, or to explore any other security-related question, feel free to email us or give us a call at 770.643.4400 (toll-free: 877.841.8069).