Are your C-suite executives playing fast and loose with your company's cybersecurity policies?
Austin IT services professional, Jason Simons from ICS shares three important steps to help change your execs' behavior.
C-Suite Executives Risk Cybersecurity For All
Over the past few years, just being online is getting to be an even more dangerous place. In 2018 alone, the FBI reported that monetary losses due to cybercrimes in the US nearly doubled over the previous year to $2.7 billion. The total reported losses in 2019 are expected to be even higher, as internet-based crime becomes the fastest-growing category of criminal activity in the nation. The situation is bleaker on a global scale with cybersecurity experts predicting losses to individuals and businesses from online crimes will reach as high as $6 trillion annually by 2021.
Even with this clear indication of the need for companies to do better when it comes to their cybersecurity, C-suite executives continue to engage in high-risk online activities. From a recent survey conducted by Nominet of 400 C-suite executives in the US and the UK concerning cybersecurity issues, it is clear that companies are not doing enough to train their high-level executives about the dangers they face online.
Reducing Online Risks Created By Senior Executives’ Behavior
Although there is no quick solution for eliminating all risks associated with high-level executives interacting online, there are three steps your company can take to start to correct their behavior.
The first step is to make all executives aware of existing cybersecurity dangers. While most senior executives already have a basic understanding when it comes to online pitfalls, executives readily acknowledge that they lack complete comprehension of the extent of these dangers. In the same Nominet survey from above, three out of four executives admitted they wanted to know more about malware, and over two-thirds of the respondents did not feel confident when it came to their knowledge of phishing scams or ransomware attacks.
The second step is to address the knowledge gaps of C-suite executives when it comes to cybersecurity. High-level executives are popular targets because hackers knowing taking control of one of their online accounts will give them the greatest amount of access. Therefore, executives need to understand how to handle a range of scenarios from cyberstalking to online identity theft that ordinary employees are less likely to encounter. While many companies already have a cybersecurity training program in place for mid and low-level employees, senior executives require an all-together different training program highlighting problems relating to data protection, “whaling,” and social engineering precautions. If your HR or training department doesn’t have experience training C-suite executives in cybersecurity, it is best to bring in an outside expert.
The final step is ensuring high-level executives adhere to all cybersecurity policies already in place. Even after learning about online dangers and how to protect against them, some C-suite executives are the most likely employees not to stick to policies meant to protect the company from cybercrimes. Typical issues involve using personal devices and computers for work-related activities or keeping confidential information secure while traveling. Help keep senior executives on track by periodically reminding them of the importance and the reasoning behind the company’s policies.
Maintaining exceptional cybersecurity at your company is the responsibility of everyone, even the C-suite executives.