Cybersecurity questions CEOs must ask their business

Data breaches can be expensive and cause severe damage to your reputation. Do you know who is responsible for protecting your company's data?
2 May 2018

Cyber laws and data practices mean more pressure for C-suite executives. Source: Shutterstock

The buck stops with the C-suite executives when things go wrong, wouldn’t you agree?

Whether you consider Facebook, Twitter, or Google, it’s the CEO that the US Congress wants to question. After Zuckerberg, media reports suggest that the panel wants to discuss privacy with Jack Dorsey and Sundar Pichai.

But it’s not just the case with tech companies. Consider Equifax, a player in the financial services industry. Its CEO Richard Smith was forced to resign when the company’s massive data breach came to light.

Therefore, with so many new regulations coming up about data and privacy, and with cyberthreats on the rise, C-suite executives need to ask some key questions.

What will happen if there’s a data breach?

In the event of a data breach, provided information about the breach is made public, the company risks losing customers, market value, and business.

With the General Data Protection Regulations (GDPR) coming into effect later this month, hiding information about a data breach (for companies in the EU or dealing with EU citizens) will become a punishable offense. GDPR aside, the United States, Canada, and France have existing laws that make it mandatory for organizations to notify affected individuals of a data breach.

As a CEO, you’ll need to find out the potential impact of a data breach and formulate a plan to mitigate the impact of such an event.

How do you ensure that the business always follows strong user authentication protocols?

Simple passwords are weak and seldom protect user accounts. Check with your IT department about adaptive authentication, 2factor authentication, and biometric security.

If you don’t use such a system, consider investing in one. It’s what will help secure your business and protect it against simple data breaches and help you save face in the market in case you lose a cyberwar in the future.

Who in the company is responsible for preventing data breaches?

If you’re not sure about data security and data policies and aren’t confident about managing your company’s data, maybe you should focus on the things you’re best at – managing and growing your business – and leave cybersecurity to the specialists?

Companies with significant cybersecurity risks tend to hire a dedicated resource: a Chief Information Security Officer (CISO) who takes control of the information assets and technologies of your company.

What are the biggest threats to data security?

According to Verizon’s 2018 Data Breach Investigations Report, ransomware is the most prevalent variety of malicious software. However, the report also warns of phishing attacks and the human factor (which links back to secure authentication and passwords).

The bottom line is, as a company’s CEO, you must take charge of its data practices and get the right people to pay attention to revising your policies. Failing to do so might cause severe damage to your organization and your reputation.