Speaking to C-Level executives about what they need to know about Cyber Security
The new norm for any business is waiting for a cyber attack. It is an unfortunate part of our daily lives as business people. What’s worse is that there isn’t much we can do about it to stop hackers from attempting to infiltrate a system, application or network. If there is sensitive data that your system stores or processes a cyber criminal is going to try to steal it. Or simply wreak havoc on your business.
Unfortunately, with all of the media coverage and large data breaches it is hard for any of us not to pay attention to what is happening in the world. Because of this information being so widespread many top executives are making it a priority in their business roadmap. The one’s who aren’t are simply in a waiting game for when it will happen not “if” it will happen.
Hackers are everywhere in the world and they simply look for opportunities to disrupt, steal and dismantle anything digital. That is why preparing for the worst and hoping for the best is the only way to go.
The best way to look at cyber security is similar to buying an insurance policy. You buy an insurance policy for that day that you may need it. You hope you will never need it, but you prepare for the worst case scenario.
Remember a single attack can not only disrupt your business, but completely destroy it financially, socially and legally. Think about the data breaches in companies like Target, Yahoo, Equifax and others. Even the US Government that spends billions of dollars on cyber security has experienced minor breaches.
If you store any sensitive user data or documents, facilitate any billing information or credit card processing, or enable the connectivity with third party systems you are at risk.
Here is some information to alter your perception of cyber security:
1. Assume that a cyber attack will happen. Do not wait. Just because your development team says your system is secure it is important to have a team of cyber security experts analyse and stress test it.
2. Review all security controls with your tech team but understand there is a major shortage in knowledge of the latest security issues. Your tech team may be great at solving tech issues, but security is not normally part of a developers head space. Cyber security is an absolute need not a secondary add-on after thought.
3. Be proactive about penetration testing, risk assessment and retesting and monitoring your application, network or system. Automated testing doesn’t cut it any more. Cyber-criminals will use both automated and manual tools to try to break into your system. Both automated and manual testing is a must nowadays.
4. Do not be fooled by being on AWS or a large cloud server as your solution. Amazon and other large cloud providers have an amazing infrastructure, but it is still up the tech team to configure all security settings. Any cloud server can still have major exploitable weaknesses.
5. Be proactive about understanding and securing for GDPR and other types of compliance. It is a big change to the data climate of yesterday and an absolute need in today’s environment.
6. Secure your wireless network. At a minimum, upgrade it to the latest standard. It doesn’t stop at the server. The cyber criminal can gain un-authorized access via office infrastructure weaknesses such as wireless network, mobile network, a printer or a fax machine.
What every C-suite executive should understand is that you need to safeguard all of your assets by ensuring that proper security controls are in place to prevent that one bad event that can ruin all that you’ve worked so hard for. The only way to start is to start asking questions and take control of protecting your business.