Most CEOs are certainly interested in their company’s security. That’s why they install security systems in their office, keep valuable documents in a fireproof safe or at a secure offsite location, and do thorough background checks on all new hires. But what about IT security? What about all that proprietary and confidential data stored on the company’s computers? How safe is that? For most CEOs, the answer is “not very.”
Why is IT security so important these days? Consider this: Recently, the University of Southern California had a problem where 270,000 records were lost. Then, in December 2006, UCLA announced that they lost 800,000 records. The records that were lost contained not just students’ names, but also their social security numbers.
In another example, a major credit card processing company had a security breach that exposed 40 million credit card numbers to hackers. Chances are high that one of your credit card numbers was among the lot.
So what’s the big deal with these kinds of security breaches? Problems include identity theft, corporate and executive liability, lawsuits and compliance issues. We’ll talk more about identity theft later. For now just realize that having your identity stolen is no laughing matter, and neither is going through litigation because your organization had a breach.
From a business perspective, imagine what it would be like for the University of Southern California and UCLA to have to notify everyone about the security breach. Imagine having to be one of the call center reps at the credit card processing company after the notification of the security breach went out to customers. That would not be a fun task for any company.
Now, think about your own company for a moment. How would it be if you had to notify your customers, your employees, and maybe even your vendors that you had a security breach? Most CEOs cringe at the idea.
To complicate matters, some companies use outside services to help them keep up with day-to-day functions, such as accounting or payroll. If that outside service provider has a security breach and they notify you of the problem, then it’s your responsibility to notify your customers, employees, and vendors that their information may have been compromised. And even though it wasn’t your company that had the breach, but rather a company you relied on for a particular service, who do you think your customers, employees, and/or vendors will be upset with? That’s right…you. People tend to “shoot the messenger.”
That’s why you need to make sure that whoever is processing any of your data has ample IT security measures in place.
Realize that depending on your unique combination of federal, state, and local laws, you may be mandated to report any kind of IT security breaches to the people involved. Additionally, you may be subject to some form of liability, such as needing to provide credit protection services and/or needing to pay for damages if someone does suffer any problems from the security breach.
It’s no wonder then that some companies purposely choose not to report security breaches. Those who have gone this route say they do so hoping that no one finds out, because the negative publicity would kill their company. Others have even revealed that their legal advisors told them to withhold the information, again stating that if they announced it like they should, it would devastate their business and force them to close.
Going back to our credit card processing company and university examples, do you suppose that the heads of these organizations thought their information was secure? Of course they did. I highly doubt any business leader would knowingly allow a security breach to happen. Yet, thinking you’re secure is not the same as actually being secure. This book will help you bridge the gap.
I’d hate for your company to end up like the credit card processing company example. After they notified their customers of the breach, they lost every single one of their clients-not one stayed with them. Few companies can survive such a setback.
Furthermore, larger companies can rebound better and quicker from major setbacks, such as a data breech. Smaller companies, however, have a much more difficult time rebounding because they often lack the resources required to see them through the troubled times.
To get started on the road to better security, ask yourself the following questions:
1. When was the last time you audited your security?
2. When was the last time you talked with your IT support people, in-house or outsourced, about your IT security exposure?
3. Does your organization have a strong password policy, or is the culture so relaxed that more than one person might know a specific password to a user’s account?
4. If you carry a laptop with you, how secure are you when you connect at the hotels and airports during your travels?
5. How big a deal would it be if hackers managed to shut down your network for three days? For a week? For even longer?
6. Do you have any company secrets, such as your formula for doing business and/or pricing information, that you want to protect?
7. Have you or has anyone you know ever been affected by a data security breach of some kind?
8. Are you in complete compliance with the data security regulations that apply to your organization? Do you know which regulations apply to you?
Finally, and this is a big one, are your computers “earning their keep”? By that I mean, are they adequate for today’s needs. One way to have computers earn their keep is to have them increase productivity. These days, one of the best ways to increase the speed of a computer is to add chip memory, commonly referred to as RAM. Too many companies have older computers that are running slowly. When you add the security tools mentioned in this book, the computers may run even slower unless you provide them with enough memory. As your IT professional will tell you, these days 512 Meg is a bare minimum and 1 Gig of RAM is a much better amount of RAM for existing PCs. It is a good idea to order 2 Gigs of RAM with new machines. Those are fairly standard RAM sizes as of the printing of this book and will work well for the majority of companies.
Be honest with your answers. The more honest you are with yourself and your company’s state of security, the better protected you can be in the future.