InfoSec Advisory with Del Aden: The certainty of uncertainty

0
Del Aden is a UK-based Enterprise Architect

Based on my recent travels across Europe, the Middle East and Africa, I have come to a simple conclusion: As much as we yearn for a return to pre-pandemic times, it’s naive to think that our old ways of living and working will ever return – at least for the foreseeable future. From the dot-bomb to the decline of brick-and-mortar retail to electric vehicles to virtual learning, and now to COVID-19, disruption keeps repeating itself decade after decade, year after year. With uncertainty as the new certainty, business leaders must rethink their business strategies and adopt enhanced organisation risk assessment.

Why Risk Management is Important to Your Business 

Risk management is important in an organization, because without it a firm cannot define its objectives for the future. The ability to manage risk will help organisations to act more confidently in future business decisions. Risk has a constant presence in the business world, and ignoring it does not make it go away. On the contrary, understanding a company’s exposure and practicing risk management are the first steps toward a healthier business.  Businesses rarely discuss risk openly, says Paul Slaggert – former Director of Executive Education in the Mendoza College of Business at the University of Notre Dame.

According to Slaggert, Business leaders need to realize that taking a risk and failing isn’t necessarily a negative thing. “Failure shows someone was willing to take a risk, and then you learn from that failure,” Slaggert says. This should be expected, and failure should be tolerated and considered an investment that should be rewarded, he says.

The real risk in business – and there are always risks – is not knowing    which risks are worth taking.

But How can you deal with risks and succeed in a disruptive world? 

  1. Identify critical business activities

To identify critical business activities for any organization is the first and most common step in risk management/assessment process. In doing this, it is recommended to identify essential business activities from their benefits to the organisation’s point of view. For example, if a certain business activity benefits an organization heavily (e.g., in revenue), then it is a critical business activity for them. But if a particular activity faces huge risks, but it is less valuable in overall company revenue gross, then it is not a critical activity to that organization.

For example, customer support is a low-risk activity for the majority of businesses; but if we talk about casinos, then it is a very critical activity for them. Casinos may rely on a small portion of VIP customers who regularly spend time in the casino and utilize a massive amount of $$. Casinos generate a good amount of revenue by these small numbers of VIP people. Treating these customers with the best casino services and hospitality requires significant investment, such as complementary use of jets, expensive suites, etc. So here, customer support and relationship activity are more crucial than any other activities.

  1. Sizing risks to the critical business activities

Once we identify critical business activities, we should start sizing the risk to them. Risk can be divided into primary and collateral (secondary). For a manufacturing company, disruption in their day-to-day production activity would be the primary risk, whereas stolen employee passwords, website hacking, physical security would be a collateral risk. Thus, risk (primary and collateral) must be quantified after identifying critical business activities through their priorities.

  1. Conduct Supply Chain Risk Assessment

Supply chains have become integral part of modern business operations. Engagements within supply chains require sharing sensitive information and provision of access to information systems of organizations. This gives rise to various business/operational risks and can be very disruptive to many organisations. It is therefore incumbent on organisations to work closely with suppliers throughout the procurement process (from onboarding to contract termination) to manage Supply chain risks. This needs to be embedded in the procurement/vendor management processes.

  1. Make Contingencies Mandatory

If we’ve learned anything from this pandemic, it’s that backup plans are crucial – and must constantly be re-evaluated. Adapting plans will forever be an expectation for any Business manager. Regardless of whatever management approaches exist, you will need to articulate many more contingency options than ever before. This is more than just documenting doomsday scenarios in a risk register – it’s about embedding contingencies into your approach. The Business leader who has a backup to the backup is one who is not easily flustered by change and sudden disruption.

  1. Make Empathy a core responsibility

During a lockdown, one office Admin manager told me she was criticized when her toddler made an unexpected appearance on a videoconference call. Her co-worker justified the criticism by saying: “It’s just not professional to have children disrupting our meetings”.  Needless to say, that left a mark and now that relationship damage will lower her productivity, alignment and teamwork. What if that co-worker responded instead with the simple, common phrase: “Don’t worry, I get it. We are in this together”?

Empathy is a power-skill that’s been shown to improve organizational outcomes. It’s about asking colleagues to embrace the sentiment that every team member suffers disruption to some degree. What goes around comes around. Business leaders who invest in empathy training and formalize supportive working agreements will build a team that can better handle ongoing uncertainty. Embracing these tenets is no longer a luxury for Businesses in Africa. In a COVID-era economy, applying these skills will help leaders and their teams sustain resilience as they navigate uncertainty.

  1. Give Top Priority to Staff Education & Training in Risk Management

The key to successful risk management in your business is your people. Their risk culture, perception, attitude, engagement, behaviour and actions – with respect to risk management, will make or break the success of your organisation. It is the number-one ingredient for success. Developing and maintaining the right culture requires knowledge, understanding and skills. Given the maturity of risk management in most organisations in Africa, I would suggest structured risk training is the most critical. 

Worth Noting

Every person within your organisation is responsible for risk management and must play a role in its operation. It is not the sole responsibility of a ‘risk manager’. Risk and risk knowledge must therefore be widely dispersed among your team. This can only be adequately achieved via structured risk training, similar to the one offered by Delta3.

At Delta3, we help organisations navigate risk; giving you the confidence to act, adapt and succeed in a complex, uncertain world. Our Risk Assessment services will help increase your organisation’s risk maturity level across the whole of your organisation. Our Risk management training will help equip all of your team with the requisite knowledge needed to make your organisation successful. Only then can they make precise and powerful decisions on behalf of your business, driving actions that work in the real world.

Those organisations and individuals who have trained with us before will be familiar with the principles, tools and techniques of Risk management, Business continuity and Crisis response that can be deployed to help organisations prepare and respond to situations like the pandemic.

In conclusion

The level of uncertainty brought about by the perfect storm of a COVID-19 pandemic in the early part of 2020 has been a wake-up call on an unprecedented scale. As businesses enter into the recovery stage post pandemic, Business Leaders in Africa must realise that Disruption Isn’t Going Away soon!  Risk knowledge is critical in order to empower your staff to become effective and engaged managers of risk in your organisation. When it comes to risk management, it is imperative you invest in your most valuable asset: Your People!

About the Author

Del Aden

Del Aden is a UK-based InfoSec & Business Continuity Consultant, with a main focus on helping organisations to implement Digital Transformation, defend their digital infrastructure and plan their Business Continuity Strategies. Del is also a Freelance writer, international Conference speaker and a Global trainer.

Contact: [email protected]WhatsApp:+44 7973 623 624  |  Web: www.delta3.com

Leave a Reply