April 21, 2021
5 minutes of reading
Comments expressed by Businessmen the contributors are their own.
Is the chief executive officer of a country Information Technology consulting firm, I asked hundreds of clients, “What keeps you up at night?” Although I receive a lot of answers, most of them can be summed up in four words: fear of the unknown. I often joke with my employees that I get paid to be paranoid, whether it’s losing a sales deal, predicting a competitor’s movements, or even dealing with politics within a client. mine. In business, I see paranoia as a force, allows me to admit that there are many unknowns that can affect a situation and force me to think about multiple situations in order to plan. Much as chess, thinking ahead of time many steps helps my team predict and plan for changing customer priorities, changing competitors or changing employees.
One area in particular that I continue to be very paranoid about is network security. My business works with many Fortune 500 and companies Department of Defense Agencies take cybersecurity very seriously and this gravity falls on us. For most customers, we have contracts and agreements to comply with our customers’ cybersecurity policies. As CEO, it is my responsibility to make sure we meet these standards and agreements to protect my client information. In addition, I have a responsibility to protect the personal data of the employees they have entrusted to us.
A security breach can have devastating effects on our business and the trust we have with our customers and employees. Perhaps a company like Equifax can survive hacked 148 million customer records, but losing the trust of my customers and employees could cause us to stop doing business.
Protecting the data of our customers and employees can be a daunting task, especially with 150 employees and contractors interacting with our customers on a daily basis. Every day, I am responsible for protecting all this data. However, I do not know what information is being accessed, downloaded or emailed within and outside of our company.
Who has the key to the castle?
When I talk to my employees about cybersecurity, I compare the company to a castle with lots of doors. Our job is to ensure that all entry points are protected to prevent unwanted intruders. But equally important is making sure no information gets leaked, either accidentally or maliciously. This includes information in digital and physical spaces.
Once one army Over the trench, all bets are finished. And, as Game of Thrones has taught us, an insider allowing the invader through some secret entrance would destroy all precautions. Never underestimate the threat humans have in your cybersecurity strategy. A chain is only strong when its weakest link, and man is its weakest link.
When you think about your strategy for cybersecurity, focus on three F-points: find, fund, and repair. And this is when the paranoia comes in handy. Think about all possible scenarios. Be prepared, because this can be a dark exercise. Some basic scenarios to think about are:
What if someone loses their laptop or phone?
What if someone compromises their password?
What if an employee downloads unauthorized data?
What if an employee intentionally forwards data to a third party?
Once you drag the topic to these questions, all kinds of bad scenarios will emerge. And, you will probably start to realize that too many doors open into your castle.
Another important strategy to find out about your network’s security hole is to compare security tools, also known as your security stack, with the standards published by your Institute of Standards and Technology or International Organization for Standardization. This process can be laborious, but if you use Google’s “rationalization tool” you can find a number of companies that can automate this for you.
Ignorance is a responsibility
As an executive, you don’t need to be an expert in cybersecurity, but the risks and impacts of breaches are too great to not be properly trained. Begins to understand terms like social engineering, phishing, ransomware, and distributed denial of service (DDoS). You need to understand the risks of the third party applications you rely on and your new cloud Information Technology ability to judge. You also need to be aware of solutions for which you may be asked to fund, such as Single Sign-in (SSO), Multi-Factor Authentication (MFA), Mobile Device Management (MDM), and Broker. Cloud access security (CASB).
Ultimately, decisions on these investments are on company management, many of whom will never understand the specifications of cybersecurity technologies, risks, frameworks, etc. It is important to relate cybersecurity risks to business goals, such as customer experience, financial managementsupply chain, reputation and brand protection so they can understand where to best invest based on their business goals.
When it comes to cybersecurity, paranoia is a good thing. It keeps you on your toes and you can use it to find risk blind spot. When you discover your security flaws, you can take action on them.