What does your CEO need to know about information security?
Does your CEO really get information security? Research has shown that information security is still lacking in both large corporations and their smaller counterparts... and, of course, a security minded corporate culture must start at the top to be effective.
So, what does your CEO need to know? Shred-it believes the first place to start is with truly understanding the importance of data security and what’s at stake should a breach occur. A breach isn’t all that unlikely either. Some 81% of large corporations and 60% of SMEs had a data breach in the last year, according to a 2014 survey of UK businesses carried out on behalf of the Department of Business Innovation & Skills (BIS).
What’s at stake? Alongside the financial and legal repercussions, businesses stand to lose their hard earned reputation if a data breach occurs – and no CEO wants that. Reputation matters for all companies, of course, but if you’re an SME that reputation can make or break your company. You’ve worked hard for it, building strong relationships with your customers, your clients and your employees.
Maybe it’s time to quiz your CEO on their knowledge of data security. How do you think they would score if you asked them the following set of questions?
True or False:
1. A well-executed data breach can do serious damage.
True: A wide range of costs and repercussions can occur... at worst, a huge bill to fix a data breach may mean a company files for bankruptcy protection. The BIS survey found that the average cost of the worst breach suffered has gone up significantly year-on-year, particularly for small businesses where it has nearly doubled (£65k-£115k up from £35-£65k a year ago).
2. It’s not your responsibility to stop cyber-crime.
False: While proper authorities are involved, every company and every single employee has to know how to avoid cyber-crime tactics too. This can be as simple as knowing not to open a phishing email to avoiding accessing confidential work documents in areas with open networks.
3. Not all companies get targeted by cyber criminals.
False: It’s likely every company has been breached at some point; they just don’t know it yet. Cyber thieves enter and exit a system in a matter of seconds but it can take months to identify a breach has occurred – almost 3 months as we noted in last week’s blog. Also, cyber criminals don’t just target the large corporations: a third of SMEs were attacked by an unauthorised outsider in the last year, the BIS found.
4. Cloud computing solves everything.
False: Placing your data in the hands of a third party might look good cost-wise. But regulations and ethics in some offshore locations may be risky. Best practices? Closely manage third-party vendor relationships.
Why not share this blog with your CEO and challenge them to put data security at the top of the agenda?
Find out more about how to protect your company's confidential information from security breaches and fraud.