IT security is a matter of accountability
For today’s CEO, being the victim of criminal hackers is no longer just a source of embarrassment. Being hacked often carries legal ramifications and can even cost you your job. We live in the age of transparency, where “mega breaches’ and data theft from an organization are increasingly hard to keep from the customer. It has never been more challenging for a CEO who must accept responsibility for IT security incidents, thoroughly assess the risks and remain vigilant to potential threats.
Accepting responsibility
The CEO has always had responsibility for the overall growth and health of his or her organization. Bottom-line issues such as manufacturing and marketing, for example, were traditionally within their remit. However, in the digital age security has become a fundamental bottom-line issue. Invariably, the cost of investing in adequate IT security measures is lower than the cost of recovering from a breach.
Good data protection practices should be at the heart of important organizational goals such as compliance and reputation. At the end of the day, the market will punish a company that loses the trust and business of its customers.
Assess the risks
A thorough risk assessment of an organization should be a top priority. A good CEO would look at external risks – eg those of competitors, new entrants, market forces; and internal risks, eg finances, and human resources. IT and security should now be a priority in this latter bracket.
From an IT perspective, it is crucial to know where you are vulnerable, both inside and outside your firewall. You may not have complete visibility over what applications your customers are accessing, but this can be solved. Vulnerability and risk assessments, as well as penetration testing by trusted third-party firms are now just as important as the quality of your product or service.
Putting software and hardware to one side, one of the greatest potential threats inside the corporate firewall is that of the disgruntled employee. Many high profile breaches include some element of internal, malicious or careless activity carried out by employees or contractors who work for the company. How can C-level executives know how social media channels are being used by employees to liaise with customers? This lies at the intersection between technology and people management, both of which the CEO must take a role in.
The rise of BYOD and mobile working also presents significant cyber security risks. With more and more employees accessing corporate data through tablets and smartphones, these devices and apps especially are ripe for compromise, providing hackers with more ways in to steal private company information such as passwords and files.
Bolstering background checks and personnel security is a wise decision. But, CEOs may also want to rethink data access policies. Specifically, policies that define who in your organization has access to corporate and customer data, should be evaluated. In the digital age, now is the perfect time to separate these two data classes, providing only the most trusted employees access to customer data on an as-need basis. These access restrictions should then be applied across the board.
Nurturing support
You are only as good as the people you have around you. In order for CEOs to truly prioritise IT security as a business issue, having a dynamic and innovative supporting CIO is necessary. A CIO who is willing to collaborate with the top executives and invest in the right technologies that will protect an organization from hackers, can accelerate business growth. CEOs should look to employ CIOs who can move fast and anticipate cyber threats.
Stay vigilant
In the world of IT security, hackers are continually looking for new ways to compromise new and old systems alike. CEOs and not just CIOs must remain vigilant and react swiftly to potential threats and serious breaches. CEOs and the board should develop cyber security strategies that focus on what matters to their business, and the risks that are associated with that.