Manage Pressing Risks with

A one-stop hub for practical, timely and actionable insights, tools and training that may save thousands of dollars by minimizing potential loss exposures, human resources expenses, training costs, and attorney fees.

Stay on top of current workplace issues, legislation, and employment trends with:
  • Articles, News Briefs, and Checklists
  • Interactive Training Modules
  • Model Handbook with 100+ Template HR Policies, Procedures, and forms

Today's Workplace

Password Managers Are Effective, But Are There Limitations?

Password managers can keep your data safe with strong, unique passwords. And, there are some steps to take to make sure they are used effectively and what to avoid.

Continue Reading

Has Social Distancing And Remote Workers Made Your VPN More Vulnerable?

Cybercriminals are taking advantage of the pandemic to attack organizations. Are your cyber protections up to the challenge?

Continue Reading

COVID-19 Conspiracy Theory Phishing Scams Are Starting To Surge

Cybercriminals are trapping victims with promises of secret cures and coronavirus conspiracy theories. Learn how to spot a scam.

Continue Reading
print   email   Share

The Cybersecurity Risk Assessment: The First Step Toward Cybersecurity

According to a survey of nearly 13,000 business leaders entitled "Regional Risks for Doing Business 2019," cyberattacks are the leading risk for business executives in the United States, Canada, and Europe. Cyberattacks are the second biggest risk for executives across the world.

The survey asked leaders to select "the five global risks that you believe to be of most concern for doing business in your country within the next 10 years" from a list of 30 options.  

Cyberattacks also came in second on the survey's list of the top 10 business risks of highest concern globally, with "data fraud or theft" coming in seventh.

The top five business risks in the U.S., according to the survey, are: 1. cyberattacks; 2. data fraud or theft; 3. terrorist attacks; 4. critical information infrastructure breakdown; and 5. failure of critical infrastructure.

The survey was published by the World Economic Forum. Emilio Granados-Franco, head of Global Risks and Geopolitical Agenda at the World Economic Forum, said, "…cyber-threats remain a major risk due to their rapid evolution and increasingly disruptive potential." L.S. Howard "Cyber-Attacks Named as Top Business Risk in U.S., Canada and Europe, by WEF Survey" (Oct. 01, 2019).


The first step that any organization should take to address the risk of cyberattacks and data theft is to conduct a cybersecurity risk assessment. This assessment will help you understand where you are vulnerable and in what areas of cybersecurity you need to improve to stay protected.

A customized risk assessment is essential because your needs will depend on your business activities and areas of exposure.

If your internal information technology team is not equipped to conduct a cybersecurity risk assessment, hire a skilled third-party cybersecurity consultant to do so. Your assessment must include a plan of action that identifies areas where your employees need training, how to keep employee email platforms secure, and how to protect your organization's information and data.

The U.S. government provides several tools to help businesses conduct a cybersecurity risk assessment. These tools can be helpful in the short term to shore up any immediate gaps while you wait for the results of a more in-depth assessment. They they should not replace a full cybersecurity risk assessment conducted by your IT team or a skilled consultant. However, if your organization does not have the means to conduct an assessment in the near future, these tools could serve as a stop-gap until you are able.  

The Federal Trade Commission's Cyberplanner can help small businesses create customized cybersecurity plans. The Cyberplanner can be found online at

The U.S. Department of Homeland Security's Cyber Resilience Review evaluates your organization's "operational resilience and cybersecurity practices." Organizations may hire DHS cybersecurity professionals to conduct an on-site assessment. Learn more at

Finally, Homeland Security provides other assessment tools that can either be performed in-house or by DHS cybersecurity professionals, including Cyber Hygiene: Vulnerability Scanning; Phishing Campaign Assessment (PCA); Risk and Vulnerability Assessment (RVA); and Validated Architecture Design Review (VADR). Read more about each of these types of assessments at

Finally, your opinion is important to us. Please complete the opinion survey: