culled from:ceo.com
In May, Forbes ran an article titled “IT Security: The New Target for CEO Performance.” The title of this article is telling. The evolution of data breaches and IT security in general is now a C-level concern because security has become a bottom-line issue. When you combine the recent iCloud breach with the cyber-attacks on Home Depot, Target, Adobe, Snapchat and eBay (big companies with big IT security budgets), it seems that no company is safe.
The security of corporate data is now a factor on which your organization and the competence of your organization’s leadership are judged. I know it’s not fair, and it’s just one more thing that CEOs must add to their growing list of responsibilities.
So, how deep does the CEO’s involvement need to go? How comprehensively must an organization’s leadership be involved in data security?
The answer is: you need to know enough to know you are protected. Here are some general topics you need to know:
1. Compliance or government regulations
Know if your organization is subject to them, what they require of you, and how your organization is in compliance.
2. Data sprawl
Understand where this is happening inside and outside of your organization. Collaborate with your internal or external IT people to secure the data that is being shared and distributed.
3. Personally identifiable information
If your organization handles this type of data (think Social Security numbers), then you must ensure this information is protected.
4. Contingency planning
In the event of a disaster scenario, what steps would be put into place to ensure that the organization would be back up and running with no data is exposed? It is imperative that leadership understand and test the ways in which data would be secured and restored in these circumstances.
5. Communication with IT
Although most CEOs want to hand security off to an IT resource without another thought, this is no longer an option. Therefore, it is imperative that you have open and direct lines of communication with your IT providers so that they can explain the safeguards being put into place. It also helps if they can keep the technical jargon to a minimum and speak in a way that business leaders can understand. If they can’t, find someone who can.
6. Confidence conversation
Leadership must know enough about data security that they could describe the process in confident and clear language to clients, customers and other stakeholders. You don’t have to talk tech or be a techie to do this.
Now more than ever, CEOs must be involved in organizations’ security policies and procedures because it is how their performance as leaders is being judged. We all learned a significant lesson from the resignation of Target’s Gregg Steinhafel and the company’s significant stock drop following the security breach incident. I’d love to hear how leadership at your organization is navigating this new territory. Reach out to me at hlanda@optimalnetworks.com.
