[BreachExchange] Lead by example: Why executives need to understand cybersecurity
Audrey McNeil
audrey at riskbasedsecurity.com
Thu Nov 17 19:09:20 EST 2016
http://www.inferse.com/43769/lead-by-example-why-
executives-need-to-understand-cybersecurity/
Executives lead their team by example, and when they don’t follow the rules
they’ve set in place for the company, they prove themselves to be willfully
hypocritical to their staff. It’s challenging to respect an authority
figure in the workplace when they do not respect the rules of the company.
It’s an attitude of “if my boss doesn’t do it, why should I?”
If you’re one of the top executives at the company and you ignore company
cyber policies, (you check your personal email, update your social media
feed, watch torrent videos, shop, etc.) your staff has definitely noticed,
and guess what? They’re following by example.
Clicking Links, Pointing Fingers
Did you know the No. 1 cause of cyber data breaches in the U.S. is employee
negligence? Forbes Magazine found that 77 percent of businesses reported a
data breach in the last year. To add oil to the fire, it was learned that
many company data breaches happened because of poor cyber safety practices
within the business itself. Who is to blame for the cyber breach? While
you’re no doubt telling your screen “it’s the hacker!” maybe start by
asking yourself how safe your network practices are.
There’s a reason why Target CIO Beth Jacob resigned after the public
learned about the retail company’s security breach that resulted in 40
million customers having their private data stolen by cybercriminals. What
was the reason? It’s simple: because Jacob did not make cybersecurity of
the company a top priority.
When you start a business, you’re going to be anxious about making a profit
(why wouldn’t you be?) and that is going to take precedence over any other
concern. Considering most small businesses don’t make it beyond their first
18 months, it’s no wonder you don’t want to add your business to those sad
numbers. So, as a result, you ignore other areas of the business, including
its cybersecurity.
You let your employees bring in and use their own smart devices and connect
to the company’s network without fear of repercussion and you often skip
the network security update, promising yourself that you’ll get to it the
following day, but it never happens. These are little things we all do
every day, but these seemingly small practices lead to giant consequences.
Unsecure mobile devices are the second leading cause of cyber breaches.
When an employee connects to your network, they are also connecting all of
their apps, passwords and, for lack of a better term, electronic sludge to
your network. They may have a malware infected device and not even know it,
and guess what? They’ve now infected your network too and have offered it
up to a lurking cybercriminal on a silver platter.
Don’t Let It Become a Problem
Reports surfaced that the cause of the massive Target data breach were
network credentials lifted from a third-party vendor the Target company
worked with frequently. So here is what happened: a cybercriminal was able
to break into the network of the third-party vendor and gain access to
Target’s data all because Target and the subcontractor they collaborated
with had shared information with each other.
Do you let others use your devices? Do you willingly give out passcodes to
let your employees connect to services? Do you know if they also let others
use their devices? How do you know they’re not bringing a shared family
laptop with them to work every day?
Cybersecurity starts with rules that everyone must follow. While cyber
liability insurance coveragecovers the financial damage of a data breach,
it doesn’t stop it from happening; only you can do that. Protect your
network and your company’s reputation, practice cyber safety.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161117/b109c8c1/attachment.html>
More information about the BreachExchange
mailing list