Risk Management Advice for Technology Companies

As a technology company, it’s crucial to identify risks to your IT systems and data, to reduce or manage those risks, and to develop a response plan in the event of an IT crisis. Business owners have legal obligations regarding privacy, electronic transactions, and staff training that impact IT risk management strategies. IT risks include hardware and software failure, human error, spam, viruses and malicious attacks.

Managing Information Risks

Managing information technology risks is a structured process that involves:

  • Identifying risks
  • Assessing risks
  • Mitigating risks
  • Response plan development
  • Risk management procedures review


Specific or targeted criminal threats include:

  • Hackers: Those illegally break into computer systems
  • Fraud: using a computer to alter data for illegal benefit
  • Passwords Theft : Typically a target for malicious hackers
  • Denial-of-service: Online attacks who prevent website access for authorised users
  • Security Breaches: Physical break-ins and online intrusion
  • Staff Dishonesty: Theft of data/sensitive information

Policies and Procedures

Policies and procedures are put into place to explain to staff, contractors and customers the importance of managing IT risks and can be part of your risk management plans. These can assist in the training of:

  • Safe email use
  • Setting out processes for common tasks
  • Managing changes to IT systems
  • Responses to IT incidents

A code of conduct can provide staff and customers helps to keep key IT issues in open and clear communication, such as protection of privacy and ethical conduct.

Reducing Risks

Threats and risks are an everyday reality for most modern businesses. Be sure to assess the security of your website, email accounts, online banking accounts and social media profiles.There are specific measures to protect your systems and data against theft and hackers.

Steps to improve IT security:

  • Secure all computers, servers and wireless networks
  • Use anti-virus and anti-spyware protection, and firewalls
  • Update software to newest versions regularly
  • Use data backups that include off-site or remote storage
  • Secure your passwords
  • Train staff in IT policies and procedures
  • Understand legal obligations for online business.


IT policies, procedures and codes of conduct staff training is a vital component of risk management strategies. Training can cover key business processes and policies, such as:

  • Safe handling of infected email
  • Protecting the privacy of customer details
  • Priority actions in the event of an online security breach

It is impossible for a business to avoid all technological risks; which makes business insurance an essential part of risk management and recovery planning for technology companies. Be sure to review and update your insurance, for emerging IT risks, such as the increasing use of personal mobile devices for workplace activities.

About The Rubin Group

Based in New York, The Rubin Group provides insurance in most of the 50 states. Our full-service insurance brokerage provides insurance and risk management services to individuals in all income brackets and businesses of all sizes and types. We understand that every client has unique coverage requirements, and we are passionate about providing the ideal individualized coverage for each customer. Each member of our team takes the time to truly understand your situation, the particular risks you anticipate – and the very real risks you’ve not yet contemplated. For all of your insurance needs, contact us at The Rubin Group!