What Your CEO Needs to Know About IT Security
A week does not seem to go by without breaking news of a new data security breach affecting numerous, well-known organizations in the United States. This fact alone has made information technology an important functional area of any business entity. So, it is now incumbent upon any Chief Executive Officer to stay on top of all aspects of the information technology roles in their organization, especially as it relates to data security. Technology permeates every aspect of a business, and IT must be managed from the top!
Historically, the role of IT staff was to facilitate increased staff productivity. The advent of advances in cloud technology and the widespread access to low-cost internet allow cybercriminals to wreak havoc from across the street or across the globe. This means that data protection, privacy, and security are now more important than ever to the IT professional. The regrettable truth is that a major cyber breach could result in the loss of proprietary and/or confidential information that could result in a business losing important sales revenue streams, exclusive intellectual property, and enormous profits — as well as its reputation. All too often, the worst case happens and the organization does not survive.
The Outside Threats
Lead by Example
The Weakest Links Are Inside
Questions to Ask
Whether relying on internal or external resources to manage the IT role in an organization, top management must consistently ask these questions to keep the staff on top of things:
- What is the current risk level and business impact of a cyberattack to our company?
- What is the communication and action plan in case of any breach?
- What industry standards exist for our organization and how do we compare to those standards?
- What is our cybersecurity insurance posture and is it adequate?
- When did we last execute a cybersecurity risk assessment and what were the recommended outcomes and tasks?
- What is our overall cybersecurity and disaster recovery plan including prevention, resolution, and remuneration?