The MHEDA Journal - Second Quarter, 2016 - (Page 40)

CONvENTiON TEcHnoLogy SpEaKEr Six C-Level Cyber Blunders (and Solutions) C BY JOHN SILEO riminals lust for your data. competitors hire the employee you just fired for the thumb drive full of confidential files they smuggled out. Data thieves drool over an executive's Facebook profile - a veritable "how to" guide for exploiting corporate access. cyber criminals digitally "sniff" the wireless hotspots your team accesses from cafés, conferences and even in their own homes. The end game? To intercept the data that drives your profits without your faintest knowledge. Convention Speaker 40 MHEDA | Every business, large and small, is under assault by forces intent on hacking your data: identity records, customer databases, employee files, intellectual property, and ultimately, your bottom line. Research is screaming at us-more than 87% of businesses surveyed have already experienced at least one breach and have no idea of how to stop a repeat performance. The average recovery cost, according to the Ponemon Institute, regularly tops $6 million. These are clear, profitdriven reasons to aggressively defend your data. Here are Six c-Level cyber Blunders I see repeatedly as I wade through the wreckage of organizations that failed to "do something" before it was already too late: Board-endorsed Arrogance, Ignorance and Inaction. Building a culture of security begins at the top. When the cEO arrogantly emails his unprotected username and password (Sony), it signals to those below that security is a façade rather than a priority. A board of directors with no cISO (Target) or a smaller business that thinks their assets are worth too little to exploit, demonstrate ignorance about a universal truth - everything that is digital... is hackable. Solution: At your next board retreat or executive meeting, host a facilitated "c-Level cyber chat" to ask and answer relevant questions about necessary budgets, executive accountability and feedback loops. Failure to Engage the Humans. companies waste billions attempting to indoctrinate employees on security solely from the perspective of the organization. Leading with a mind-numbing compliance policy or boring PowerPoint ignores a crucial reality: All security is personal. In other words, expect no one (except your cISO, whose job it is) to care about securing data until they understand how it impacts them. Solution: Educate everyone from the boardroom to the mailroom that security is, at its heart, an emotion - a burning internal reflex - not a department. Enlist them as soldiers in data defense and empower them with the knowledge and authority to protect virtual property. Finally, make sure your training isn't boring - in order for education to work, it must be entertaining and "sticky." Blind Reliance on Happy Security Audits. c-Level executives don't have

Table of Contents for the Digital Edition of The MHEDA Journal - Second Quarter, 2016

Chairman’s Perspective
From the Desk of Liz Richards
Editor’s Note
Ask Your Board
MHEDA University Calendar
MHEDA Member Profile
Women @Work
Industry Puluse
Teamwork and Personal Accountability
Exhibitors' Showcase Product Guide and Floor Plan
Exhibitor Summaries
Global Citizenship
Six C-Level Cyber Blunders (And Solutions)
What to Look Forward to in 2016
How to Build a sense of Community for Your Business
Women Mean Business
What's Your Exit Strategy?
Creating Great Customer Experiences: Why, How and Why Now?
Turning Near Misses into a Winning Safety Environment
Too Much of a Good Thing
Matuson's Sixteen Workplace Predictions for 2016
New Members
Spotlight on Association News
MHEDA Milestones
Index of Advertisers by Product Category
The Last Word

The MHEDA Journal - Second Quarter, 2016