Your Company Is Going to be Hacked – How Bad Do You Want it to Be?

There are steps you and your organization can take to mitigate the impact of a security breach.

I’m here to deliver bad news: Your company is going to get hacked.

From Yahoo! to HBO to Equifax, the global scene over the past 12 months alone has been littered with instances of poor corporate security.

Unfortunately, there are generally two prevailing schools of thought when it comes to cyberthreats: “it’s never going to happen to me” and “it’s going to happen no matter what, so why bother doing anything?”

While the first answer reflects pure denial, the second is a form of security nihilism that can be incredibly dangerous. Every time I get into the car, I know I might get into a car accident and the other person will left the scene of the accident, but for the same reason I also buy car insurance and buckle my seat belt.

Similarly, there are steps you and your organization can take to mitigate the impact of a security breach.

1. Make security a priority. The first and most important job of a CEO is to set the priorities for the organization. If you have never talked about security, you can bet it’s not being perceived as a top priority. Hiring the right people, such as a chief security officer, is important, but as a baseline there should be someone on your team who is tasked with security and given a platform to talk to your leadership team about it.

“If you have never talked about security, you can bet it’s not being perceived as a top priority.”

2. Know your industry’s standards. While it’s unlikely that you will know the details of security best practices, you should know that these standards affect your organization: ISO 27000 is a set of information security standards published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). For Personally Identifiable Information (PII), the Massachusetts Data Protection Law governs information that can be used to distinguish an individual’s identity (name, SSN, date and place of birth, mother’s maiden name, etc.). The people who are charged with keeping your company secure must be familiar with these standards and have some experience implementing them.

3. Understand where your risks are. There are a number of in-depth analyses that can be done to determine the ROI of securing your systems, but you can assess any potential hack based on four general levels of risk:
1. Public domain: Disclosure would cause no harm.
2. Restricted: Disclosure would cause minor embarrassment or minor operational inconvenience.
3. Confidential: Disclosure would have a significant short-term impact on operational or tactical objectives.
4. Secret: Disclosure would have a serious impact on long-term strategic objectives or put the survival of the organization at risk.

For example, the recent Equifax breach that exposed the personal data of 143 million people would be classified as secret. While the CEO of Equifax was not the one who should have personally secured that data, he bears ultimate responsibility for selecting the person who should have overseen the activity and for making security an ongoing corporate priority.

Any CEO knows that change is constant. Navigating the world of corporate security is much like driving in busy traffic: You should drive carefully, but no amount of driver’s ed can guarantee you won’t get into an accident. With driving, we are taught to buckle up and keep our cars insured, reducing the personal and financial repercussions of an accident. Good security is much the same. You are going to be hacked, but you can – and should – take steps to mitigate the damage.


MORE LIKE THIS

  • Get the CEO Briefing

    Sign up today to get weekly access to the latest issues affecting CEOs in every industry
  • upcoming events

    Roundtable

    Strategic Planning Workshop

    1:00 - 5:00 pm

    We are in a period of rapid change. Customer needs, technologies, competitors and internal capabilities require companies to review and update their strategies for the new realities. In this workshop, strategy experts Steve Rutan and Denise Harrison will show you a systematic approach to strategic planning to help you refine or redefine your business strategy and approach including:

    • Learn what you need to know to develop an effective strategic plan. Put the right players on the strategic planning team.
    • Develop strategies that leverage your company’s unique position in the marketplace. Lift your management team beyond “business as usual” thought processes and activities.
    • Translate your strategies into action. Achieve your vision for success and generate superior financial results.
    • Identify exactly what you need to do now to position your company for future success.

    To sign up, select this option in your registration form. Additional fee of $695 will be added to your total.

    New York, NY: ​​​Chief Executive's Corporate Citizenship Awards 2017

    Women in Leadership Seminar and Peer Discussion

    2:00 - 5:00 pm

    Female leaders face the same issues all leaders do, but they often face additional challenges too. In this peer session, we will facilitate a discussion of best practices and how to overcome common barriers to help women leaders be more effective within and outside their organizations. 

    Limited space available.

    To sign up, select this option in your registration form. Additional fee of $495 will be added to your total.

    Golf Outing

    10:30 - 5:00 pm
    General’s Retreat at Hermitage Golf Course
    Sponsored by UBS

    General’s Retreat, built in 1986 with architect Gary Roger Baird, has been voted the “Best Golf Course in Nashville” and is a “must play” when visiting the Nashville, Tennessee area. With the beautiful setting along the Cumberland River, golfers of all capabilities will thoroughly enjoy the golf, scenery and hospitality.

    The golf outing fee includes transportation to and from the hotel, greens/cart fees, use of practice facilities, and boxed lunch. The bus will leave the hotel at 10:30 am for a noon shotgun start and return to the hotel after the cocktail reception following the completion of the round.

    To sign up, select this option in your registration form. Additional fee of $295 will be added to your total.