NVTC is inviting members and industry leaders to serve as guest bloggers, sharing insights and information on trends or business issues relevant to other members. In the below post, David Farmer of member company Environics Communications shares cybersecurity advice for companies and their CIOs. This blog was originally posted June 2, 2014, on the Environics Communications blog.
According to CNN Money, half of American adults have been hacked this year. That is a frightening statistic, especially since the year is not even half over. Virtually every day a new cyberbreach is exposed, increasing risks associated with everything from conducting transactions in-person and online to ongoing national security efforts designed to protect Americans.
Last week at the Hub, Environics Communications sponsored a panel on which several cyberexperts shared valuable insights for CIOs to consider as they deploy their various networks. The Hub is a networking organization that inspires ideas by connecting leaders in the technology communications industry with one another for business development, innovation and insights. Cyberindustry expert Jason Gayl of Cyber Capital Partners moderated the panel. Panelists included Chris Kauffman of Personam, Christopher Garcia of Calibre, Brett Wilson of Cyren and Kevin Jones of Thycotic. Each company offers unique solutions to help organizations better protect their networks against cyberthreats.
One key take-away from the discussion is that companies need to properly prioritize their cybersecurity efforts in order to ensure adequate protection from cyberthreats. Such prioritization must be done carefully after performance of a risk-based network assessment. A prudent first step is to consider what is typical in your sector, and then determine how to do it better. Since decisions made at this point will identify the required internal and external resources (and therefore budget allocation), it is imperative to make sure priorities are actionable and implementable.
Companies must also be sure to account for insider threat possibilities as they continue to be one of the largest opportunities for security breaches, whether intentional or accidental. Insiders are integrated into an organization’s culture, and they know what the most valuable data is and where it is stored. Therefore, insiders can cause more damage more rapidly than an external hacker. Typically, malware does not identify insider threats, so CIOs should explore the growing field of insider-threat detection technology. Since their job is to protect the network, CIOs must weigh the potential cost of stolen data against the potential HR liability stemming from insider threat detection.
CIOs sometimes have a thankless job. When all is well, their effort is taken for granted. The minute something goes wrong, CIOs become the center of attention. Budget constraints are not an acceptable reason to fail to deliver the security required to protect an organization or business. CEOs need to keep cybersecurity top of mind when it comes to considering the technology, resources, and budget CIOs need to deliver the security required. Failing to employ the right cybersecurity tools and procedures has enormous implications to the long-term viability of an organization.
CEOs and their respective communications officers must be forthcoming when a cyberbreach occurs. It is important to learn from recent examples where major corporations suffered breaches of their electronic payment systems and online shopping networks. Being proactive in informing the public what a company does and does not know will earn favor from its customers. Not sharing information about the breach instills a lack of trust among customers and can be detrimental to business and profits. Communications officers must be ready to share information quickly, even if one does not have all the answers. In such an instance, it is ok to let the public know when you expect to have more information.
One way to stay informed on the latest cybersecurity advancements is by attending industry events on the subject. Additionally, blogs published by some of the panelist companies mentioned above also offer some guidance: Cyren Security Blog and Thycotic Blog.
David Farmer is with Environics Communications, a mid-sized, full-service marketing communications firm. He has 25 years of corporate communications and marketing experience in the technology sector with a track record of producing results for domestic and international telecommunications, security, and information technology companies serving business, consumer and government clients. He has broad experience in strategic planning, corporate communications, messaging, public relations, marketing, product management, mergers and acquisitions. In addition, David is actively involved with NVTC.