Identify key business assets.
As a first step, take an inventory of your business assets and identify those that are business critical or otherwise of high importance. Your inventory should include any key intangible assets (such as customer data stores, business plans and trade secrets) as well as physical networks and hardware.
Identify external dependencies.
Your inventory should consider assets outside of your organisation on which you rely. Does your business operate using an external network or cloud service provider? Do you offer any services that customers are able to access remotely? Are any key assets held with your subcontractors?
Assess risk associated with the above.
For each asset that you have identified, consider its value. Make a risk assessment of how much damage your business could suffer if the asset was compromised. This will help you to determine what level of security you should apply to each.
Audit of supply contracts.
Part of your risk assessment should involve a review of your existing relationships with your suppliers. Do you have appropriate warranties on IT security? Is there a suitable remedy should your supplier cause a network breach? Our Commercial team can audit your supply contracts and advise on any risks.
Review employment contracts and internal policies
It is important not to focus solely on protecting against threats from outside your organisation – PwC's 2014 Global Economic Crime Survey found that more than half of companies surveyed reported their main threat to be from an insider. Our Employment team can advise on the adequacy of your standard terms of employment and internal policies to protect against insider security threats.
Assess safeguards over trade secrets and intellectual property
Our Trade Secrets group can advise on the protection available for your intellectual property, including any registration requirements and how best to document your business ideas.