Buckling your seatbelt for a single car ride doesn’t make for safe driving practices. Buckling your seatbelt for every car ride is a safer bet. Best practices in cyber security demand that executives use and integrate policies that work consistently and coherently toward a collective defensive strategy among all users.
There was a time when cyber security was the sole responsibility of IT, but those days are long gone. Today’s executives know better than to presume themselves and their enterprises immune from a cyberattack, which is why staying safe online requires more than an old “do as I say” mentality.
Security is a frame of mind, one that is reached through practice. Just as parents buckle up every time they get in the car, executives and board members need to model their security habits for everyone in the organization.
A pair of Cisco leaders, CEO John Chambers and SVP and Chief Security and Trust Officer John N. Stewart place the responsibility squarely on the leadership’s shoulders.
“The CEO must make it clear that security is not just an IT problem—it is a priority for the business that is top of mind,” they wrote in Forbes. “Business and technology leadership must work together to discuss potential risks and find solutions that protect intellectual property and financials alike. A security strategy should focus on the critical services that enable the company. CEOs need to be able to answer tough questions and prove that they are leading a security strategy that works through testing and explanation.”
So what are the best practices to model? The ones you want all of your employees to model. That begins with being what Connection’s Security Innovation calls S.O.C.I.A.L: Security-minded, Organized, Conscientious, Inquisitive, Active, and Level-headed leadership that understand not only cyber risks but have a plan for responding to security incidents.
Keeping passwords complex and secure is one way to secure your accounts, but it’s also critical to keep work and personal information completely separate. When possible, issue work-only devices. Adopt a password management tool, and use two-factor authentication. Issue ID badges for employees to strengthen physical security.
Educating employees about these practices helps, but rewarding them for following them has even greater impact.
If you want to get everyone in the break room talking about the value of security, don’t believe that your executive position makes you impervious to cyber threats that could compromise corporate data. It’s a lot more effective to communicate those vulnerabilities, use that awareness to educate your employees, and use testing as a way to measure the success of your training programs.
Taking action now, rather than waiting until an incident has occurred will strengthen your security and possibly prevent someone in your organization from clicking on a link without first verifying its authenticity.