Cyber security is on the minds of most members of boards and the C-suite. However, there are still many other organizations that don’t know where to start, or leave it to the IT staff to figure it out. That’s a mistake because it’s vital to create a culture of cyber security, and that has to start at the top.
CompTIA, the computing industry’s trade and IT certification association, has issued a white paper for executives on how to build that culture. “Security can no longer be thought of as a technical problem with a technical solution,” says the paper.”It must be treated as a critical business concern.”
It outlines six guiding principles that will enable senior leaders to assess and improve their organization’s approach to cybersecurity:
— Integrate cybersecurity into your business strategy;
–The corporate structure should reinforce a culture of cybersecurity;
–Remember, your employees are your biggest risks;
–Detection first is vital: The longer it takes to detect a data breach, the more expensive the data breach becomes;
–Make it easy on yourself: Collect only the data you need, share only what you have to;
–Develop robust contingency plans, and test them;
“To transform your company culture so that it truly embraces cybersecurity, senior leadership must view it as part of the broader risk management process, rather than jettisoning it off as a technology problem with a technology solution,” the association advises.
“Instead of blaming individuals for issues, always look first to the corporate structure. Are employees encouraged to hide mistakes, or investigate and address issues? Is your cybersecurity department adequately resourced to address challenges, or is the team encouraged to cut corners and deliver at ever-increasing speeds with an ever-depleted budget? The most successful cybersecurity approaches are not necessarily the most expensive, but they do require persistence, attention, and prioritization.”