In today’s business world, there is no way any significant business could function without a CIO. The issues that kept CIOs awake at night 40 years ago are dramatically different from those doing so with present-day CIOs. Way at the top of that insomnia-inducing list is cybersecurity management.
There are many priorities when it comes to cybersecurity management. We sat down with our CIO, Philip Rogers, to discuss the top priorities that fellow CIOs need to be aware of as they pertain to people, processes and technology.
Q: What are the top cybersecurity priorities when it comes to managing people?
Rogers: Keeping people informed of what is going on is a key priority. It’s a constant struggle to make sure that the user bases are sufficiently educated. Threats change. There are always potential new threats and threat vectors.
Q: Why is this so critical?
Rogers: Traditionally, the threat that people are most worried about when it comes to the workplace is phishing, where a message that comes in puts a nefarious link out there – when people click on it, it sends them to a bad place that does bad things. That is something that people have become more and more aware of over the last decade or so – which is great. However, there are way more threats out there. They are constantly updating. We could have the absolute worst security bug that has been seen in years come in tomorrow, and we need to ensure that people are taking it seriously when it does.
Q: What are the risks when security is not taken seriously?
Rogers: Strangely, the biggest risk is false confidence of the user base. How many times have I heard, “Don’t worry, we’ve got the best IT folks, so I’m sure they would have caught this” before a cyberthreat gets through. Cybersecurity is not handled by some magical fix in the background. It is an ongoing process that continually needs to be updated and modified. This false sense of confidence (say, because someone attended a security class 3 years ago) is actually more problematic than if somebody was just completely oblivious.
Q: Any final thoughts on cybersecurity management in regards to managing people?
Rogers: Have you heard that old joke in politics: “It’s not the crime; it’s the cover up”? The same thing is true with cybersecurity. You’ll have that moment when somebody clicks on something, and then it is immediately obvious that they should not have done so, and in typical human-nature form, they just wish it away. They start closing things down. Maybe they turn off their laptop. That doesn’t help. Tell us when something happens – it’s okay, you’re not going to get fired for clicking on something. However, someone could potentially get fired if they clicked on something inappropriate, then turned the laptop off and went home and didn’t tell anybody for two weeks. Let us know, and let us know right away, so we can fix it.
Q: What are the top cybersecurity priorities when it comes to managing processes?
Rogers: Making sure that cybersecurity is included in discussions around business processes as early as possible. Making sure that when documenting processes, there is a section that allows for IT security.
Q: How often should processes be reviewed?
Rogers: If somebody documents a business process, and then doesn’t look at it for 7 years, that is not a documented business process. A documented and managed process is something that lives, breathes, changes and is looked at differently over the course of the entire lifecycle of that process.
Q: How does cybersecurity factor into process development?
Rogers: Organizations need to make sure that IT security is one of the questions being asked from the get-go. As the process grows and develops, as it expands or contracts, does this expose us to different security threats? Does this reduce some security threats? Should we be looking in different places? Should we be doing different things? Should we be using different software?
Q: What are the top cybersecurity priorities when it comes to managing technology?
Rogers: Humans are the weak point. That’s always going to be the case. The other aspect to managing technology is to be aware of change. When things change, that’s when gaps get exposed. Make sure that you’ve got the proper cybersecurity toolkit available to you.
Q: What should be in this cybersecurity toolkit?
Rogers: Cybersecurity is a mindset. It’s an understanding of what’s going on. It might include tools, like anti-virus or endpoint protection or log-monitoring software – things like that. Make sure you have a solid understanding of the tools and constantly be evaluating those tools. Just because something is the right solution for a company today doesn’t necessarily mean it will be the right solution later on. The same thing goes for relationships. You might have a very strong partnership for an organization that’s able to handle and provide services for you when you’re smaller, but they can’t necessarily grow with you. When it comes to cybersecurity, all of the components of your solution need to morph over time with you.
Contact Protocol Networks to Get the Best Cybersecurity Management in New England
The team of experts at Protocol Networks understand just how rapidly and drastically technology is changing. Founded in 2000 with just two employees serving the Rhode Island market, today Protocol Networks holds a spot on the Inc. 5000 list of fastest growing companies and supports organizations globally. Protocol Networks knows IT consulting. Let’s connect today to see how Protocol Networks can support your cybersecurity management needs.