4 Risk Management Steps That Could Save You

It could be a punishing snowstorm that brings down power for weeks. It could be a hacker that vandalizes your website. Or a war-torn country that inhibits communication with your team. It might even be as simple as a data backup that stops running for some reason. Running an organization with an online element is inherently risky, yet few leaders think seriously about what those risks might be and how they might affect day-to-day operations.

Earlier this month in the blog, we talked about how non-profits should think about IT risk management when they have an online element to their organization.

But how do you create an IT risk management plan? Start with these four steps:

1.     Identify possible risks.

First think of all the forms of electronic communication you use, and brainstorm together some worst case scenarios. What could possibly go wrong? Write them down.

2.     Categorize and prioritize.

Now look at your list and decide which is the most potentially damaging. You might rank the risks by Low, Medium and High, so you can decide where to put your most careful plan.

3.     Determine plausibility.

Some of the items on your list are more likely to happen than others, even if they’re damaging. An earthquake might flatten your off-site storage facility, but is it likely to happen in the middle of Utah? Rank your items based on plausibility: Possible, Probable and Likely are helpful labels.

4.     Make your plan.

Now you have a good idea of what could go wrong and the likelihood it will. Think through each item and plot out what you would do in case it happens. Will your web project manager quit?  Have a good staffing agency on call. Did you delete your website’s homepage? Have your web host on speed dial so they can revert to the latest backup. Write down every step so anyone can pick up the plan and know what to do.

Educated plans are the best, so don’t shy from asking others what they might do. Plan within your department, and call in colleagues and other professionals for their advice.

Your turn: do you assess risk? Let us know in our poll if you have a risk management plan for your organization. We’ll share the results in our next newsletter. Take the poll!

[This appeared in our February newsletter. Wanna subscribe? Do it now!]

Egypt’s Internet Shutdown a Lesson for Non-profits

CIO magazine ran an article about how Egypt’s Internet shutdown should be a wakeup call for CIOs. It’s a fair point, considering how many organizations run their businesses completely online – in the cloud. If the cloud were to go down, they’d be without a business.

It’s not a far-fetched notion. The CIO article says:

Virtually every country’s government reserves the right to temporarily nationalize and control what’s considered critical infrastructure, which usually includes mobile networks, fixed-line telecommunications and Internet backbone systems.

Governments can invoke that right during national emergencies, whether they be natural disasters, terrorist attacks or any other incident that qualifies as such under a country’s legal code.

If CIOs of corporations are starting to sweat a little, so should non-profit execs. Many have organizations that work in countries where civil unrest isn’t a possibility, but a given. That doesn’t mean they should backpedal into a dark, unconnected communications landscape, in which they rely solely on mailed letters and phone calls. It just means they need to do some risk assessment.

Non-profit leaders should sit down with their entire team and think about what such an event would mean to their organization. What would people do if they rely on the website to gather up-to-date information? What’s the plan if text messaging fails? Is there redundancy built into website backups, if they’re stored on a virtual machine?

Risk assessment is one of those activities that’s easy to put off until it’s needed. But by that time, it’s too late.

With the Egyptian uprising happening in the background, this is perfect time for non-profit leaders to stop procrastinating with their risk assessment. They should think about the most necessary technologies they use and come up with a concrete plan for what to do in their home country as well as those they work in if Internet technologies are canceled.

Your Turn