Mind Your P’s & Q’s… And Your Data Files Too…
Blog Post › Breakthrough Results
As a business leader in today’s digital world, you’re inundated with emails, app notifications and text messages on top of your already busy business responsibilities. So did you think twice about that email purportedly from your assistant oddly using their personal email that had a blank attachment you opened? What about that text message saying it’s from your credit card with a URL to click to verify a suspicious transaction? And are you still using that flash drive you found in the break room because it has 16GB of storage and that saved you buying a new one?
Of the leading business risks that entities are facing in today’s global marketplace, few are more damaging and irrecoverable than data breaches and the loss of information privacy. A single instance could cause severe financial losses, reputation erosion, and legal penalties, and yet many organizations and their leadership do not identify this as a daily threat and are unprepared to act in the event of a breach, further magnifying the potential effects of the risk.
Clearly the global marketplace is aware of this risk. Over the last few years, numerous data breaches have occurred in business and government leading to the financial and integrity downfall of corporations, non-profit organizations and public figures. In response, there have been many minimum-security requirements for various industries as well as standards mandated by governments like recently the General Data Protection Regulation (GDPR) for entities interacting in the European Union. These protection recontrols and mandated responsibilities however focus more on the automated protections and the required actions to minimize and report instances and do not fully shield against human responsibility for this risk.
I recently visited a demonstration in Boston at IBM’s security division where they simulate precursors and post events of a data breach. Although the participants had no control to prevent the breach in this exercise, they were directly responsible for the communication and actions that the rest of the demonstration took. Misspeaking to the fictitious executives or media that called into the center changed the scenarios and the success factors to control and mitigate the breach. Many individuals in the room – managers, executives, administrators – made fatal but easily preventable errors. The staff say these actions regularly occurs with all their visiting clients such as government leaders and Fortune executives, however these steps are not difficult to overcome with sufficient training and changed practices by individuals.
Many organizations complete internal phishing attempts with their employees, with the intention to determine if employees would complete actions such as opening unverified electronic attachments or transmitting internal data files to an unconventional location – all without physically verifying with other staff. Along with other security controls and training, a standard employee has had their risk limited, but what about at the executive level? Leadership has access to far more sensitive data and due to the nature of their position make fast decisions and likely have their own habits that can contradict policy. Enhanced training and controls as well as a conscious, understanding of the risk should be part of every executive’s daily work ethic.
Organizations need to place the risk of a data breach as a real possibility and need to understand how to control the prevention of it as well as the responsibility of the response. It’s another example of the importance of transformational leadership within an organization. As leaders, executives should be models and masters of this incredibly important business risk to build and improve a competent culture within their organizations, even if that means changing the way they operate as a professional.