Complacency happens. When it does, it can be deadly. Think about the Deepwater Horizon oil spill, or, on a personal level, people who don’t heed advice to prepare for coming hurricanes, volcanoes, or earthquakes by stocking up on supplies and having an escape plan.
Sadly, many executives have become complacent about cyber security. Sometimes they’re overconfident in their people (even justifiably), and sometimes their IT people, as good as they are, fall into routines or just miss something.
As Ronald Reagan used to say to Mikhail Gorbachev, “trust, but verify.”
Take a look at your IT department’s cyber security audits – and if they don’t exist, make sure to develop them. Does your IT department understand that you view cyber security as mission-critical for the organization? Are you and your executive team involved enough in security initiatives that your IT department knows (and maybe fears) that? Have you reviewed the security policies – maybe you’ve even got 20 of them, or more – or just relied on what you were told? Has your team or an impartial auditor performed a security assessment? Have you even looked at the write-up after your organization’s last disaster recovery [DR] test?
There’s a big list of security to-dos, and it’s getting longer all the time.
Ignore it all at your own peril. What could happen? If there’s no DR testing, then there’s no way to be sure that the data critical to your operation can be recovered to put the company back on its feet if something… disastrous… happens. If you haven’t trained your people about the importance of security and paying attention to it… terrible things can happen when they make uneducated choices. Worse, your business will have legal risk if you don’t have shared security-based policies; when systems begin to perform unpredictably or are breached, your partners and clients will want answers – if they remain as clients and partners.
Never assume your company has security under control. There are gaps but if you do not search them out, you will never close them. Trust the good people you’ve hired, but verify that their systems and procedures are working.
If you are not frequently reviewing your cyber security at the executive level, now is the time to change that. If you have not had an assessment done, do it. Start asking the questions to reduce your exposure. Ask the young folks say, “Double make sure.” Remember, we are always here to help.
Do your clients and partners make you a larger target for cyber crime? Do you unintentionally expose your clients? – a partner of Quest Diagnostics, LabCorp and a few others filed bankruptcy due to a cyber breach.
If you have a website – it is a target. Question: Would it hurt your company if it was compromised? If so, what are you doing about it? The time to do something is before a crisis. This is a good starting article to get the ball rolling.
Something is wrong!!!! If more than 50% of manufacturers are extremely confident in their ability to prevent and manage breaches, but more than 50% have been compromised the math does not work.