“Don’t ask me about tech; I’m the money man/woman.” I’m willing to bet more than one CFO has deflected queries about their company’s technology strategy overall, let alone grittier details about data security and cyber risk. I’ll admit I’ve even been tempted to use this tactic myself – especially as cyber threats expand and hackers grow smarter.As the CFO of a tech company, though, I don’t have that luxury. And I’m telling you that no matter what industry they work in, no other CFO has that luxury either. In today’s information on-demand world, cybersecurity isn’t just a job for tech support or the help desk: there’s a role for every employee, those in the C-suite in particular.
C-suite executives need to know and understand the risks to company and customer data and the security practices and tools to mitigate those risks. That knowledge is power: It allows business leaders to be united in policy and practice against one of the biggest reputational and financial issues corporations face today.
In that effort, a proactive rather than a reactive approach is critical – to reduce already prominent threats and make executives more effective partners to their CTO. Here are four steps executive can take to improve organizational cybersecurity:
Break siloes. The CIO knows the details of software programs, the CFO examines the intricacies of the budget, and the CEO keeps a watch on overall organizational health – and all of them should have the same information. Cross-functional knowledge throughout the C-suite will help when allocating budget funds for security tools, or meeting requests that you’re hearing from your IT specialists. Only by joining conversations about risks and security strategies can all members of the C-suite have the preparedness they need to address ever-evolving threats.
Geek out. You know what I’ve learned from embracing my inner techie while working at Businessolver? Not all data breaches are the same. Hacking and publication of sensitive data are the most publicized types of breaches, but internal issues can be problematic as well. For example, private data could be available to employees who don’t require access to it because of laxity with internal systems. This can leave your customers at risk, and any resulting breach or theft can be just as damaging as a highly publicized hacking. Your CTO has a wealth of knowledge that (trust me) he/she wants to share with you, and it’s in the best interest of your work and your organization to draw out that information. C-suite executives must be aware of what data their organization is storing and who has access to it. Knowledge of all the potential risks will help you formulate robust plans to keep data protected and immediately address any security breakdowns.
Follow the rules – but make your own, too. Consumer protections and regulations are an integral part of cybersecurity, and they provide a helpful framework for companies. But you can’t stop there – even if the framework was removed or regulations were to change, businesses still need to have thorough cybersecurity plans in place. Hackers and external threats don’t wait for new rules, and with the breakneck pace of change in technologies, C-suite executives need to be equally adaptive to new threats. Regulatory changes move slowly, so the C-suite must cultivate proactive behaviors regardless of what current rules and regulations may be.
Be transparent. Clients are already asking about data protections, and they expect vendors to take responsibility for any data breaches. This trend will only grow with time, so when meeting with prospective customers, C-suite executives need to be prepared to discuss cybersecurity measures they have in place – and what they would do in the event of a breach. This doesn’t mean your business needs to issue a press release about specific security tactics. But sharing plans and information with potential clients will give them confidence in their purchasing decisions, and it can help differentiate your brand from competitors. A high-level understanding of privacy and protection measures from the C-suite demonstrates that your entire organization takes cybersecurity seriously, which is crucial to maintaining brand reputation and customer confidence.