Why CEOs need to track information security
/Information Security is often regarded as something that "IT has under control". In fact, it is a business practice that all CEOs need to stay informed about, with significant impact on employees, customers and suppliers.
Security creates headlines when it fails for high profile companies, but it is a necessary form of insurance for ALL businesses that use digital communications. It's easy for business managers to be alienated by the techno-bable that surrounds this topic, but a few simple measures can go a long way to addressing the risks.
What Risk?
Understand the Consequences
Security breaches can result in the leak of important intellectual property, financial or strategic information, and sensitive customer data. Operational disruption while recovering from damaging viruses can be significant.
Consequences can include significant loss of productivity, damaged reputation with customers, and costly legal action.
Quantifying the impact of these consequences on your business will inform your decisions on what risks are untenable and what responses would be appropriate. In general, "we didn't consider the matter" is not a good response.
Competitive Advantage. Or Disadvantage.
If your business operates in a regulated industry or your customers require you to share your safeguards, Security becomes a matter of competitive differentiation. If you provide a product or service that relies on secure delivery, Security is an important feature that can make the difference between winning and losing deals. Information Security audits and certifications are ways to demonstrate sound practice, but it's important to understand the range of costs and benefits before proceeding.
You don't have to be a big target to be hit
High profile leaks may create an impression that security only matters if your business presents a big target. However, security hackers have means of scanning for vulnerabilities that allow them to easily find weak targets which then become vulnerable to exploitation. Most companies are targeted every day - ask your IT team to show you the logs.
In addition, over 75% of security leaks come from accidental or deliberate action on the part of employees.
Information Security is a Process, not a Project
Implementation of appropriate tools and practices will upgrade security measures, but it's the operation of these practices which determines the ongoing risk. Employee awareness and observation of their responsibilities is a company-wide concern which starts at the top, not in the IT department.
Next : How much will it cost to fix my Security?
Probably less than you think. In the next article, we review a few simple measures that can dramatically reduce your risk.