Because of the 2008 financial crisis, there is a tendency to think of risk management as an matter limited to the banking industry. However, all businesses need to identify potential risks to their capital and their revenue streams. Natural disasters, legal liabilities, mismanagement and security vulnerabilities can threaten businesses of any size. Small businesses need to evaluate their own risk exposure and develop strategies for mitigating those risks.
Risk Identification for Small Businesses
The first step in developing a risk management strategy for a small business should involve an effort during the startup stage to identify risk-mitigating milestones. This provides an opportunity to take the necessary preemptive actions that can resolve potential problems before they arise. While it would not be possible to address all risks immediately, you should establish a plan, as soon as possible, for addressing the most likely risks.
Data security threats can arise from both internal and external sources, such as hackers. This demands a risk management strategy for both remote and on-site threats. Carefully assess the most appropriate cybersecurity software for the needs of your business. Establish a data backup plan allowing for regularly scheduled backups to a cloud-based platform or off-premise server. Consider what measures you should take to avoid loss or damage to your company’s computer equipment and data storage devices. Keep backup copies of software programs that your business uses in the event of data loss. Although you might keep backup copies of data files, the cost of replacing the actual programs for processing that data demands a complete system backup. Limit the number of staff members entrusted with full access to your company’s data. Familiarize yourself with the seven layers of cybersecurity and make them an important part of your risk management strategy.
Minimize Risks of Theft
An important on-site risk involves potential theft by disloyal employees. To the extent possible, avoid giving a single staff member access to all of your company’s bank accounts. Spread the risk of embezzlement by limiting an individual employee’s access to your company’s money.
Risk Management and Insurance Coverage
Obtain adequate insurance coverage and utilize indemnification agreements, and place the burden of insuring your company on those entities who perform work for, or on behalf of your company. For example, an owners and contractors protective liability policy would provide coverage for your company arising from claims arising from the acts or omissions of an independent contractor working for or on behalf of your business. However, OCP coverage protects your company only in situations involving liability for the acts or omissions of the contractor acting on your company’s behalf as well as your company’s liability arising from supervision of the contractor’s activities. Requiring your company to be listed as a named insured on the contractor’s commercial general liability policy affords the broadest coverage. Demand a certificate of insurance from the insurance carrier (rather than the broker) indicating your company as a named insured, rather than an additional insured on the commercial general liability policy. Request a copy of the CGL policy and understand the extent of its coverage.