5 Critical Questions Every CEO Should Be Asking About Cybersecurity
As CEO of a company, you wear many different hats, and you serve many different masters. It is your job to keep the stock price up and the shareholders happy, but you also must please the customers and safeguard the data they provide.
Increasingly, that last task is becoming much more difficult. From spearphishing attacks targeting key executives to malware masquerading as innocent invoices, the threats have never been greater. In this difficult environment, the difference between success and failure could be asking the right questions. Here are five critical queries every CEO should be asking themselves.
Question #1 – Does Outsourced IT Provide the Protection I Think?
In their quest for security and lower costs, many companies have outsourced IT solutions. These managed IT solutions can be very valuable, and quite effective at lowering costs, but they may not provide the protection you think.
No matter who is handling your IT tasks, you bear the ultimate responsibility should a data breach occur. Impacted customers will not care that the managed IT service dropped the ball; they will want answers, and you will need to provide them.
Question #2 – Is Highly Sensitive Information Sealed Off?
When data breaches occur, hackers routinely grab as much information as they can. They scour the company servers, raid their cloud accounts and make off with everything their digital tools can carry.
If those servers and cloud accounts contain highly sensitive information like Social Security numbers and bank accounts, they will be gathered up as well. Sealing off that highly sensitive data can mitigate the damage a data breach can do, protecting your customers and possibly thwarting attempts at identity theft.
As CEO you are accountable for security, how much do you really know about your companies security posture?
Question #3 – What Are the Legal Ramifications of Cybersecurity Risks?
If your legal team is not intimately involved in cybersecurity, you could be increasing your level of risk. While it makes sense to let IT take the lead, the involvement of company attorneys is essential.
Even a small and contained data breach could have enormous legal ramifications, especially if the lost information is health related. It is important to address these risks with the legal team; they can work with IT to identify existing risks while addressing future concerns.
Question #4 – Do I Trust My Team?
As CEO, you would like to think your team is rock solid, and that outsider threats are the only ones you should be worried about. But no matter how much you trust your IT staff and key team members, you cannot discount the risk of an insider attack.
Some insider dangers are inadvertent, like the accidental deletion of a key file or the overwriting of existing data. Others are more deliberate, like a disgruntled employee swiping company secrets on a tiny thumb drive. If you are not addressing these insider risks, you are not doing your job as CEO.
Question #5 – Am I Focused on the Future or Just the Present?
The thing about cybersecurity threats is that they are constantly changing and evolving. Like bacteria evolving to evade antibiotics, computer viruses and other forms of malware are constantly in flux.
If you are addressing only present threats to cybersecurity, you could be putting your company at risk. Addressing emerging threats is critical, and as CEO you cannot afford to ignore them.
Cybersecurity is everyone’s responsibility, but as CEO the buck stops in your office, and at your desk. If you are not asking yourself the above five questions, you are putting your business, and your career, at risk.
Sjir has over 15 years of experience in information technology, having done various positions at companies such as Blizzard Entertainment, TV4, and Basefarm. He now wields multiple security, cloud, and IT certifications he currently works as an information security engineer.