[BreachExchange] Cybersecurity Tips for the Break Room and Boardroom

Audrey McNeil audrey at riskbasedsecurity.com
Thu Jan 5 18:55:56 EST 2017


http://www.securitymagazine.com/articles/87700-cybersecurity-tips-for-the-
break-room-and-boardroom

Every day we are updated about the latest cybersecurity breaches – whether
it's Yahoo, Dropbox or LinkedIn, how many records have been stolen, or how
much companies have paid in result from ransomware or financial fraud.

However, are employees and executives aligned with cybersecurity awareness?
Are the risks and top discussions that happen in the break room similar to
those that happen in the boardroom? The topics and concerns are farther
apart than you could ever imagine.

 The Break Room

As employees sit in the break room and discuss the latest cyber breaches in
the news and how many records have been stolen, it’s not typically a major
concern as they are not aware of the direct impact to their data or
personal information. To them, it is just another cyber breach.

As thousands of records are stolen daily, the lack of direct impact means
that many employees are not clear on the risk or the value of the data
being stolen. Many companies have failed to educate employees on
cybersecurity. While it is common to see companies creating complex IT
policies, ensuring their employees understand their role and responsibility
when it comes to security within the company is a good place to start.

Share with your employees that even a bad link clicked on a smartphone can
lead to a cyberattack throughout the organization.

Companies fail to treat external breaches as cyber incidents and therefore
reduces the severity or impact. Employees bring their own devices, connect
them to the company’s network, store corporate data on them and very few
companies check those devices for security compliance or that security
protocols are enabled.

Employees believe it is the government’s, technology companies’ and their
company’s responsibility to protect them from cyberattacks. The
cybersecurity topic at the break room is more likely to be about the
cyberattacks that influence the presidential election, the possibility of
cyber terrorism against the government and critical infrastructure, and
“did you recently change your password?”

In all seriousness, you should probably update your passwords.

 The Boardroom

Now just down the corridor, the executives are having their monthly meeting
in the executive boardroom and after numerous topics, cybersecurity
eventually gets brought up.  The main concern for the CEO is to know the
business is running smoothly. While sales and operations are top of mind,
the security of the company needs the same awareness and care. While
juggling many business functions, CEOs don’t have the time to worry about
small intricacies.

Make cybersecurity a priority topic during meetings and define the business
impact of a security breach.

New security breaches like ransomware make security a more pressing concern
for enterprises now more than ever before. Most of the boardroom looks to
the CISO for what the current state of the company’s cybersecurity is.
However, many view it as a risk and therefore lack of business impact. The
biggest topic that comes to the table is typically is whether the company
is meeting government and industry regulatory compliance and will they pass
the upcoming audit.

Establish a culture of cybersecurity responsibility throughout the C-Suite,
not just the CISO.

The challenge in the past is that it is difficult to measure cybersecurity
risk for many organizations and this has put the CISO in a tough situation
as how to show business value. It was about keeping the existing security
controls working, making continuous improvements where possible, and
placing security on previously adopted technologies. Security has always
been an afterthought and sometimes not possible to keep the same high level
when security and privacy were not implemented by design. This means the
risk always continues to get greater, making the CISO’s already tough job
more challenging.

Since cybersecurity is a growing topic in the boardroom and the breakroom,
the education in the boardroom needs to continue on the business impact of
cybersecurity, clear metrics, cyber insurance and a clear recovery plan.
Educating employees of the importance of security with BYOD and their own
workstations will greatly mitigate the risk of a cyberattack.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170105/d5fb3a87/attachment.html>


More information about the BreachExchange mailing list