It is almost always less expensive to prevent a security breach than to do damage control afterward. One of the most important aspects of cyber security is increasing awareness among executives and employees. You should also challenge the potentially dangerous conviction that cyber attacks are something that happens to others and not you; as technology becomes more advanced and accessible than ever, the risks are also growing. It is possible to prevent cyber attacks or at least prepare for them to do effective damage control. Remember that cyber security is about your company’s reputation – something that can’t be regained easily.
Creating an Executive Cyber Risk Council
Managing cyber threat involves a host of people; cyber security is a complicated issue that encompasses the IT, security, and management areas. Every employee in your company should exercise proper caution in cyberspace. That said, sophisticated attacks can’t be avoided simply by educating the employees; your company needs a special task force to work out a comprehensive policy to prevent breaches and do damage control if one occurs. Having an executive cyber risk council will also tell your business partners, investors, and customers that you take cyber security issues seriously.
Roles on the Executive Cyber Risk Council
There are many positions to fill in on the executive cyber risk council.
- Legal officer. Cyber threat is a primarily legal matter, so it is indispensable to have a legal officer with cyber security experience. He or she will make sure that all regulatory requirements are met. If there is no qualified internal legal counsel, make sure to employ an external one.
- Risk officer. The risk officer should consider what risks are involved in a potential security breach, bearing in mind that cyber security affects many aspects of the company’s functioning.
- Chief security officer and/or chief information security officer. Your CSO/CISO should have appropriate training in logical, technical, administrative, and physical security; criminals sometimes physically break into companies to steal sensitive information.
- Chief technology officer. He or she should ensure the security of the company’s new devices, as well as watch out for early warning signs of a breach.
- Information and records management or chief information officer. Most companies keep electronic and paper records, so it is important to ensure that both formats are protected.
- Business security planning or disaster recovery.
- Marketing and sales. The marketing and sales executive can address a potential breach with customers.
- Human resources. People are the biggest security risk; the human resources should give the employees adequate training concerning cyber attack prevention.
- Chief privacy officer. Appoint someone to be in charge of the privacy of personal information, intellectual property, and trade secrets.
- Internal audit.
- Corporate communications. Shape the right message for the media from the start to prevent possible damage to the company’s reputation.
- Alliance management. Appoint someone who has a trusted relationship with your business partners in order to discuss any breach-related matters with them.
- Vendor management. If a breach comes from a third-party vendor, the vendor management will be in charge of communication with the vendor to resolve the issue as quickly as possible.
- Executive sponsor. He or she will be in charge of securing funding for cyber security matters.
- Independent adviser. Someone from the outside should analyze the situation to offer fresh solutions.
Early Warning Signs
Sometimes it’s possible to prevent a breach by paying close attention to warning signals – some of them may be technical in nature, some of them behavioral. Companies who have already experienced a security breach tend to be better prepared for another one.
Control the IP addresses in the environment. Some of the IP addresses will be authorized, whereas other may be unauthorized. If you detect any unauthorized IP addresses, check their source of origin and establish if they pose a threat. Check the authorized IP addresses as well; not all unauthorized IP addresses are toxic and not all authorized ones are benign. It is possible that one of your clients inadvertently introduces a toxic IP address in your environment – in this case, you should notify the customer immediately to stop the IP from spreading further.
Choose your Internet service provider wisely, especially paying attention to its breaches history. Think twice before choosing an Internet service provider based in high-risk countries with a high level of corruption.
The company’s employees should be vetted properly in order to avoid any internal hackers. The vetting process will vary depending on the employee’s position – you should perform a thorough check if he or she will have access to sensitive information. Conducting background investigations on your own employees is not enough; security breaches also occur in the third parties you work with – make sure that your partners also conduct appropriate security checks.
Ulsch, N MacDonnell, “Cyber Threat! How to Manage the Growing Risk of Cyber Attacks”, Wiley, 2014
This article is accurate and true to the best of the author’s knowledge. Content is for informational or entertainment purposes only and does not substitute for personal counsel or professional advice in business, financial, legal, or technical matters.