When it comes to security breaches, CEOs stand in the crosshairs. More than their IT staffs, it’s a CEO who’ll take heat for a breach that exposes customer data or endangers relationships with business partners.
So, unlike plenty of other IT issues that don’t require C-level attention, information security ranks right up there alongside financial issues as something with which CEOs need to be familiar. Yes, information security can be daunting, but so are financial statements — and CEOs have to sign off on those.
Where to start? Here are three questions every CEO should be able to answer: Do you know who your security expert is? Do you have a security policy? Do you understand how it’s implemented, managed, enforced, monitored?
Getting answers to these sorts of general questions about how your company approaches its information security obligations is a good beginning — but your job isn’t done yet. Like corporate financial issues, company information security requires more. In finance, that means an audit. I suggest you apply that same process to your information security.
A good security review will reveal any issues and also produce recommendations.
When it comes to information security, there are no guarantees, but exposing vulnerabilities and developing a plan to address them, can help keep your corporate data — and your bottom line — safe.