Lessons Learned From The Fortune 500
One of my BKM Sowan Horan partners asked me to discuss a topic that many of our clients have had to deal with, a few with serious financial impacts. With all we have to worry about now – COVID, cash flow, our employees, PPP, the election – why add something else? Because now is a time when you may see data breaches increase: when business owners are focused elsewhere, IT staff is working from home (or having their budgets cut) and more of us are using unfamiliar technology to enable a remote work environment. What could go wrong, right?
It’s important to understand exactly what a “data breach” means. It’s an incident that exposes confidential or protected information:
- Only 45% or so involve hacking
-Meaning 55% were caused by our own employees, processes or policies
- 70% were perpetrated by external actors
-Meaning 30% were caused by either our own people or a trusted partner, whether intentionally or unintentionally
One of my favorite notable technology guru’s is Mary Meeker and she publishes an annual “Internet Trends” report. For your convenience, I’ve combed through her latest release and summarized her top cybersecurity takeaways:
- Cyber-attack sophistication is rising.
- Sensitive data is increasingly at risk, primarily from a rise in use of SaaS applications.
- Online system weaknesses are creating open doors, through misconfiguration, social engineering and use of internal tools.
- Encrypted web traffic is increasing, as more people and companies are paying attention.
- Two-factor authentication usage is lagging, and there is a lack of multi-factor authentication available for internal corporate applications.
- State-sponsored information warfare is on the rise.
Given all this, should we go back to doing business on Big Chief tablets? I don’t think so, but I do think security should be intentionally considered as we design our organizations, processes and technical architecture. Quick question: how many of you have employee handbooks or codes of conduct that communicate your expectations for security and data privacy to your employees?
From my experience with Fortune 500 companies, Cybersecurity was often a Board-level issue, given the damage that could be quickly done to a company’s market cap. The key question from Boards was:
- Who on the management team is responsible?
- What have you done?
- Where is the risk?
- How are we mitigating?
- What are our contingency plans?
We’ll take a look at Cybersecurity in more detail in the coming weeks.
Enjoy your Labor Day weekend!