Cybersecurity Starts at the Top
Why Top Management Must Set the Tone for Data Security
By Glenn Reid
Cybersecurity has been in the news a lot lately. The high-profile security breaches at Target, T.J. Maxx and other major retailers have served as a wakeup call for businesses everywhere, and even the smallest companies are not immune from the threat of data security failures and identity theft.
The days when managers could afford to be complacent about the security of the data with which they are entrusted are long over. Upper management can no longer rely on the knowledge and professionalism of their IT team to keep them safe. These days, the men and women in the corner offices need to take a leading role in cybersecurity. If they fail to do so, they are putting the reputation, and the very survival, of the companies they run at risk.
The people at the top of any company need to be ready to take the lead on cybersecurity, but training the IT team and the rest of the employees is definitely a big part of that lead taking. Too many CEOs assume that everyone in the IT department is an expert in cybersecurity, but that is rarely the case. While some on the team may indeed know cybersecurity inside and out, it is just as likely that the front-line workers are ill-equipped to spot the early warning signs of a data breach or network intrusion.
"If a company with an unguarded network and outdated software gets hacked...does a good part of the blame land in the CEO's office..."
It was not that long ago that many CEOs took the head in the sand approach to cybersecurity. Back then the prevailing notion in the upper echelons of corporate governance seemed to be that deficiencies in cybersecurity did not exist if they had not been detected.
If that blasé approach to cybersecurity ever worked, it no longer does. These days there is simply no excuse for ignorance, and there is plenty of training available to get everyone - from the IT workers on the front lines to the CEO in the corner office, up to speed.
The concept of blame for cyberattacks has also changed in recent years. In the past it could be argued that cyberattacks were the fault of the criminal and the criminal alone. These days, however, some of the blame has to lie with a management team that knows about the problem but does nothing to guard against it. If a company with an unguarded network and outdated software gets hacked, is it the fault of only the cybercriminal, or does a good part of the blame land in the CEO's office as well?
From the perspective of the customer at least, the answer is clear. It is evident by now that consumers place a large part of the blame on the companies that put their personal information at risk. And when your customers assign blame in the wake of a data breach or identity theft scandal, they will blame the IT guy - they will blame you and the rest of your management team.
The increased interest in data protection is no doubt behind the growth in cybersecurity training. Over the past few years, cybersecurity training has been the fastest growing part of the IT industry. That means there are probably plenty of courses available to get your IT staff up to speed quickly.
While there are many excellent companies doing business in the cybersecurity training sector, EC-Council has long been considered a leader in this unique niche. EC-Council is a real leader in cybersecurity training, providing the content and certification needed to train your IT staff and protect your business.
Our flagship Certified Ethical Hacker (CEH) course is designed to provide you and your IT staff with the tools you need to protect yourself against the bad guys. By learning about the tools hackers are using and how they are using them, you and your staff will gain the knowledge you need to protect yourself, your employees and your customers in an increasingly dangerous digital world.