Frequent readers of Optimal Security know I have very strong opinions on our nation’s need to improve cyber security at all levels. Information security professionals agree today’s threat landscape pales in comparison to what existed only a few years ago. Increasingly savvy hackers seek to disrupt business and quietly steal everything, from your financial transactions and customer credit card data to your intellectual property. In fact, 2011 is on track to be the most expensive year yet for U.S. businesses.
We all know this is a problem. Where confusion and even dissension occurs is what to do about it.
As CEO, your involvement in this issue is critical. For the long-term viability of your organization, there should be little more important than your organization’s data. Whether its customer information, stores of intellectual property or statistics you rely on for contract negotiations, data is your lifeblood. Unfortunately though, most CEOs aren’t aware they need to make data security a board room issue.
Information security is no longer a concern exclusive to the industries of banking, healthcare and government. Sadly, every industry is vulnerable to attack today. Just ask Sony. Or Fox News. Trust me. When you ignore IT security, you will learn the hard way. Like many before you, if you don’t address information security in the board room, you’ll address it in your financials – or worse yet, in the newspapers.
To begin getting your arms around this issue, start by asking yourself, how is your organizational data protected? While CEOs and other c-level executives aren’t expected to know the technical minutiae of how this is accomplished, you do have a responsibility to understand what data you own, where the greatest risk lies and what your team is doing to protect it.
While hackers, hacktivists and even malicious insiders hoping to profit from the sale of your secrets should be a concern, well-intentioned company employees must also be considered. In fact, the highest ranking threat for most organizations is your employees being tricked into running a Trojan horse malware program that bypasses your security defenses.
This point is worth repeating – often the biggest risk to an organization is the behavior of the people inside.
While it may seem an insurmountable task, it is critical we begin to drive a proactive security culture within each of our organizations. A good first step is to talk with your IT leaders to identify the top three to five data security issues within your company and plan around those issues accordingly. Equally as important, we need to educate our global workforce – your employees – on basic online dos and don’ts. Even the very best IT departments in the world can’t entirely shoulder the responsibility for strong organizational security.
In fact, when we started to take a look at our own internal IT security infrastructure, we found there were several ways we could strengthen not only our overall information security posture, but provide better education and more relevant resources for employees. By no means a solution rather a starting point, we have created an eBook for you, What Every CEO Should Know About IT Security and a quick video series, Be Aware of What You Share to be shared with your employees.
My hope is that these tools will impact your colleague’s decisions as they have mine and serve as a good starting point to help you get the conversation rolling in your organization.