Wake up before they put that executive title on your door! You do reach the executive level through good work, leadership skills, and management proficiency. But, your role in security probably sits low on your skills and priorities. That must change!
At the top of the organization, you have access to sensitive and complex corporate data for which you have accountability. But, Marketwired says, “Organizations have lost $2.3 billion to BEC attacks between October 2013 and February 2016, and wire transfer fraud is the most commonly reported exploit.”
Since such losses also mean professional embarrassment, legal action, and public scrutiny, your longevity as an executive or promising one requires you to learn how to implement some simple security measures as a busy executive.
Some security solutions are easier than others, but you should start with the advice of an overall strategy for measures and their implementation.
You must work with our in-house security and information technology officers to join the corporation’s in-place precautions. But, you must also press them to step up their governance. Be sure the current technology is state-of-the-art or get them what they need.
Then, you must review the organization’s policies and practices regarding security to confirm that there is universal compliance. Last, you should address your individual executive role and needs. You must, of course, comply with corporate policy, but you also should double down on your own behavior.
In small and mid-size businesses, without the benefit of sophisticated security oversight, you are on your own. But, you can still take very practical measures to protect your security and what it means to your business.
- Claim your Devices: Throw your weight around and get new hardware. You will need an office PC, laptop, tablet, and smartphone. These are for business purposes, and it’s in everyone’s best interest that you keep them for business use only.
In fact, you should invest in two smartphones, one for business and the other for personal use. And, provide access to the respective phone numbers and email addresses to a very select few. No one of your personal contacts should have access to your secure business phone or devices.
- Cell Phone: Smartphones are as smart as they can be, but iOS is a bit safer than Android. iOS phones encrypt everything as soon as you lock your screen, but Androids must be completely shut down.
- Limit Apps: When apps seek your permission to install, they will also ask permission to access your data, contacts, and so on. Either deny the permission or do without the app unless it is from a most trusted source. An executive life can be lived without free apps.
- Strong Passwords: If your phone or device system permits a password longer than six digits, make use of it. Strong passwords include upper and lower class letters and symbols like &, *, % and the like. In any case, set up your phone and devices to require password not your thumbprint or swipe.
Passwords should not resemble birthdays, anniversaries, holiday dates, addresses, zip codes, or anything vaguely familiar. Randomly assembled passwords are best, and you can use password generators to create them. Some security systems and password managers include such generators. Even randomly secured passwords are not that difficult to remember with a little effort.
- Change Passwords: If you keep the passwords for your main smartphone and for your dedicated business devices, you can change the passwords frequently without effort. Absolute security keeps means you cannot share these passwords with staff or family.
- Encrypt Messages: There are few protections against eavesdroppers and wire tappers. What you need is an end-to-end encrypted messenger service to protect your emails and data. Some of these apps include Signal, Surespot, Telegram, Wire, and WhatsApp.
“Securing messages is more than just a nice to have, it could be crucial to protecting customer data, competitive advantages and maintaining regulatory compliance,” said Hoala Greevy, Founder CEO of Paubox.
- Avoid Browsing: Your secure phone or device is no place for browsing. Leave that to other devices. Browsing wastes time, and the browsing history will follow you. You can even disable your browser or install apps that control your browsing.
- Avoid WiFi Hotspots: Except for convenience, open WiFi networks at coffee shops, public buildings, airports, and the like are literally open to anywhere wishing you ill. Your secure devices should not depend on such risky public convenience.
In “Improving Cyber Security Literacy in Boards & Executives,” David Bisson write, “most executives are nonetheless limited in their knowledge of security and do not know what to ask their security teams. It is therefore up to security professionals to help their executives become more cyber security literate and thereby assist in framing security considerations as an integral part of any risk/opportunity discussion, as well as a wider enterprise risk management strategy.
But, writing for FCW: The Business of Federal Technology, Brian Robinson said, “Security professionals traditionally focus on the systems that have been attacked, how and where the attack happened, what kind of attack it was, and so on. But high-level executives need to know more about how those attacks will affect the organization's overall business flows.”
In other words, the past may be a warning, but it does not solve present and future needs. So, as a rising executive, you must assume the responsibility yourself.
Executives can also step up their continuing education by checking into readings such as these:
This guest post is courtesy of Andre Bourque. He is a writer and commentator on a variety of issues, including technology, health care, entrepreneurism and business leadership, among many other thing. Based in Southern California, he covers trends of interest to companies and consumers alike.