Executives and business owners often view cyber security as an information technology (IT) issue. As such, they expect their IT resources, whether internal or external, to ensure that their organizations are protected from cyber breaches. Such a mindset ignores the fact that the majority of cyber breaches result from employee actions and vulnerabilities inherent in various business processes. Hardening IT systems through practices such as updated systems and disciplined patch management practices is vital, but it can only take an organization to the 50-yard line.
You need to incorporate cyber security into each employee’s daily activities, both from an individual mindset and a business process perspective. Employees need to know what to do – and what not to do – when it comes to using email, the internet, and social media. This requires culture change, which will only occur when you have proper policies in place and train employees on the policies as well as the ramifications of violating them. Training should be an ongoing process of education and validation – not a one shot deal – in order for it to be effective.
Business processes are a whole separate matter. The way a business process is designed in regards to handling, storing, and sharing information will have implications for how susceptible the organization is to a breach. Identifying sensitive data and determining how that data is obtained, where it is recorded, who has access to it, and how it could be shared all directly impact the organization’s cyber security vulnerability. As a result, management needs to have a solid understanding of how each business process addresses the handling of sensitive data – from personal to intellectual and competitive – and design proper safeguards to minimize the loss of such data due to an internal or external breach.
This all might sound like a lot of work to better protect yourself and your corporate assets. But while organizations are gaining significant advantages in operational efficiency and market opportunities through the use of interconnected systems, not implementing good cyber security practices with employees and business processes could result in significant vulnerabilities – and damages.
Sassan S. Hejazi can be reached at Email or 215.441.4600.
You may also like: