Funding higher levels of cybersecurity is part of the business problem executives must address. Small and medium businesses often operate on razor-thin margins.
Therefore, it is important to ensure every cybersecurity dollar is spent wisely. Failure to do so not only leaves gaps in security, but overspending can destroy a competitive edge on cost.
When allocating funds, it is important to decide which cybersecurity expenses are treated as a cost of goods sold and which to consider as investments for improving profits and winning market share.
It is the same problem executives faced during the rise of computers and the Internet decades ago: Is this newfangled stuff to be treated as an expense or an investment? We argue that it is both and will help you understand both perspectives.
It is particularly hard for busy leaders of small companies to prioritize risk management planning. They want to jump to the part where they buy cybersecurity solutions and get back to running their business as quickly as possible.
Taking time to think about strategy, for a small company, seems like a waste of time when there are customers waiting to be served. But nothing could be further from the truth, and we also understand that it can be daunting to think about cybersecurity when everything is so technical.
We use the terms strategy and tactical to identify those areas that need your attention and which to consider delegating or outsourcing.
Before we dive into our step-by-step explanation of your role, let’s examine several of the contributions and benefits to executive involvement. Most of these functions are impossible to outsource because they require expertise and authority that only top management possesses.
That doesn’t mean you cannot use tools and advisors to help you along the way; it just means you cannot relinquish responsibility for them.
Stating and controlling direction
Goal setting starts at the top and reflects the needs of the business. Goals and objectives provide context for tactical planning, and communicating them clearly to a diverse team of expert tactical advisors keep everyone focused, and on the same page.
Business owners understand that cybersecurity measures will cost time and money, and as an executive, it is your responsibility to decide where the money will go.
Your IT guru recommends a new firewall. Then your insurance agent recommends adding a cyber insurance policy. If you buy both (and you should buy both), how do you divide up the limited budget between all the possible solutions?
If cybersecurity is relegated to just a tactical IT problem, you will have a fantastic firewall but no protection when a hacker finds their way around it.
Authorizing company-wide policies
Whether it’s enforcing bring-your-own-device policies or using strong passwords, someone should be in control of what’s being done and how well policies are being followed. The ability to authorize new cybersecurity measures comes from the top in any organization.
The people-driven aspects of cybersecurity are absolutely a business problem that you, as the top manager, need to oversee.
Once authorized, policies and procedures must be carried out. Failure to do so will be construed as negligence, which leads to prosecution and regulatory fines.
Cyber insurance, citing ‘failure to follow’ exclusions, will also deny coverage if you fail to maintain your own security standards. Your authority and your ability to develop a culture of compliance are critical to avoiding these catastrophic mistakes.
Empathy in a crisis
When a data breach happens, despite every effort to prevent it, clients and employees will be more forgiving if they believe top management was paying attention and making an effort.
Even when responsibility for a breach can be traced to an individual or external actor, clients and employees want to know that you were being vigilant.
The return on investment for cybersecurity is obscured. It is hard to measure how bad things could have been if you did not invest in something that prevents or reduces loss, but that does not mean it is impossible.
Risk management tools and techniques that have been adapted to cybersecurity can rationalize spending. Whether you report to yourself or another stakeholder in the company, you can invest with confidence when you can articulate the value.
We will not go deeply into tactical details that can be delegated to staff and vendors, although we will explain what they are and how they get used so you can manage them effectively.
Sharing is a core value of social media and a key reason for the wild growth and success of companies such as Facebook, Pinterest, Twitter, YouTube, and LinkedIn. For some of us, it’s fun to post comments, articles, photos, and videos for our friends and social media followers.
Suggested Read: 9 Top Cyber Attacks: Everything You Need to Know
Many people participate passively, watching, and reading others posts but rarely sharing their own. Never have humans had such open and easy access to tell their personal stories or share their ideas, experiences, and feelings.
But like much about the Internet, all this sharing can draw unwanted and dangerous attention. You don’t want the “bad guys” watching you.
And any social media platform you use potentially connects you to mind-boggling numbers of people. Over a billion people worldwide have a Facebook account2, 307 million people actively use Twitter, and the number of Instagram users exceeds 500 million.
That’s why you must exercise complete control over your digital life, and you do that on social media by keeping a sharp eye on your privacy settings. Nearly all social media sites let you control who sees your information. When you review your privacy controls regularly, you ensure that you have the strongest security in place.
Who Can See Your Profile?
Social media networks continue to grow and allow you to connect with family, friends, colleagues, and classmates, but sharing without thinking about who sees your information just invites trouble.
We often ask people we meet if they’ve checked their social media privacy settings lately many have no idea. That usually means the public can view their open profiles posts, photos, likes, friends, and other activities. You may be OK with that openness, but you should be concerned.
Scammers can “scrape” or copy your profile, learn more about you, and use that information to perpetrate any variety of scams, frauds, and hacks. For example, say you post a photo of your dog in your backyard and write a caption such as “Look at Buddy soaking up the sun.”
A scammer who reads that post now has a good chance of answering the password reset question on your email account if you selected: “What’s your pet’s name?”
An open profile gives hackers the important details they need to hack your life whether it’s seizing your email account, assuming your identity in credit-card fraud, or cracking your bank account. Strong privacy settings block hackers from seeing your profiles.
Know Your Privacy Settings and Your Friends
You can still enjoy social media and maintain good security; you just need to strike the right balance by knowing how privacy settings work at different sites.
A simple Google search on a website’s name and “privacy settings” will get you started. All social media sites will give you some measure of control over who sees your profile and activities. Your biggest decision will be selecting a security level that allows you to share with friends while keeping your privacy. Thankfully, it won’t involve much effort.
In addition to beefing up your privacy settings, you’ll also need to review your “friends” to make sure you still want them to see your social media activities.
For example, should the friend of a friend know when you are on vacation because they can see your photos? It’s important to remember that your posts have a larger audience than you realize. Also, social media companies frequently change their privacy policies and default settings.
Pay attention to privacy updates you receive from Facebook and other sites: They’re not just “fine print” and often contain important changes that need your attention if you want to keep strong privacy on social media.
We think most people should follow this rule: Do not leave your profile open for everyone to see. A study by antivirus firm Norton found that four in every ten social media users have suffered fraud.
Open profiles essentially hand over your personal information to scammers and hackers without much effort. Don’t make their job easy. Think twice about what you share and with whom a key rule to hack-proofing your life.