Since many of my blog posts have focused on strategies companies can utilize to enhance their performance, I’ve decided to further explore the topic by analyzing the relationship between high-performing organizations and cyber-related risk.
As an organization increases its performance capabilities, it tends to introduce more IT solutions into its key processes. These include a higher level of automation, remote access to information from a variety of devices ranging from laptops to tablets and phones, and the integration of customer and supplier back office systems in order to achieve a more seamless supply chain. With these added IT capabilities, organizations are able to achieve maximal levels of business performance. However, it is also critical to consider the potential increased exposure to information security vulnerabilities.
Here are a few real-life examples that we have encountered:
- An outside sales team member connected to a wireless network during his travels and his system was infected by a virus.
- A key executive left his iPad on top of his car when leaving the house for work. Once he arrived to his office, he realized he had lost his iPad which also contained his corporate emails and confidential documents.
- A customer service manager brought her laptop home to work over the weekend, but did not realize the USB device that she plugged into her machine to view family photos was infected with malware. This infected her employer’s corporate network when she came back to the office on Monday.
We have seen many such scenarios and in most instances, the organizations impacted did not have a proper set of cyber and information security policies, procedures, and training mechanisms in place. A possible solution to the above scenarios could be to lock down all of your systems and only allow your employees to use company-provided machines with limited Internet access. Given today’s realities of an increasingly connected workforce, a “Fort Knox” locked down type of approach is not a realistic solution for most companies.
Fortunately, there are proven and cost-effective approaches that middle market companies can put in place, such as conducting periodic assessments and training sessions as well as updating policies and procedures. Recent research studies have indicated such simple yet practical steps can reduce cyber and information security breaches by as much as 85 percent for most companies. The key to increased cyber readiness in support of high performing processes is to ensure you have an active Cyber and Information Security Program in place that reduces exposure to vulnerabilities in a well-planned manner.
Sassan S. Hejazi is a director with Kreischer Miller and a specialist for the Center for Private Company Excellence. Contact him at Email.
You may also like: