Do you know the answers to these questions?

5 Key Questions CEOs Must Ask About Data Security in 2020

As a litany of high profile data breaches continues to make headlines, CEOs are being held accountable for the security of their business data and the integrity of their internal networks.

While data breaches are certainly not a new phenomenon, this year has seen a dramatic increase in the number and scope of cyberattacks. Even “unsinkable” systems, such as Apple's iOS, have been fair game. As a result, a growing number of consumer advocates, government entities, board members, and investors now want to know what steps businesses are taking to protect their sensitive data and respond to a breach when it happens.

As key business leaders, even non-technical CEOs can no longer passively sit back and let their IT teams handle data security. These days, CEOs and their board members must have an overall understanding of the data security threats facing their business. They must also be familiar with the policies and systems put in place to both thwart and contain such cyberattacks. In particular, CEOs should know how these procedures and platforms are structured, recognize which individuals have been tasked with determining if the risk is being managed appropriately and be clear about where monetary investments are needed the most.

Above all, CEOs need to make data security a part of the business conversation right up there with sales figures, operational expenses, and market share. They can do this by educating themselves and other stakeholders about data security and by ensuring that data security programs are adequately prepared to prevent, detect, and respond to any breach. CEOs must also set the tone and actively work to cultivate a culture of data security.

It is thus critically important for CEOs to know the answers to the five questions listed below and ensure that their organization can provide adequate data protection regularly:

1. What are the top five data security risks facing business today?

This is a question that CEOs must return to every few months. Cybercriminals are becoming increasingly sophisticated, equipped with an ever-growing toolbox of tactics and tools. This coincides with the fact that the devices, platforms, and systems that power business operations are also evolving, creating new exposures and weaknesses for hackers to exploit.

2. What critical data needs to be protected?

After working to identify the key data security risks and potential system weaknesses, CEOs must be clear about the nature and scope of the data that needs to be protected. Some key areas of consideration include:

·       Human Resources related data. This includes personal records, contact information, and internal communications.

·       Sensitive data in the cloud. Just because it's in the cloud doesn't mean it's protected from hackers. Sensitive data that is managed, accessed, and stored in the cloud is at risk and needs adequate protection, such as data encryption. 

·       Internal communications. Many large corporations have in-house communication and data management systems that often contain confidential information.

·       Data accessed via personal devices. Companies need a plan to protect sensitive business data obtained from personal employee smartphones, tablets, laptops, flash drives, memory cards, and the like. Corrupted devices can also carry malware that can then infiltrate the company's internal network.

·       Third-party data. This is the data created, managed, and stored in third-party software platforms and services. While many enterprise-level solutions provide data protection, it doesn't mean that they cannot be compromised. In fact, they often are.  

3. How is the business managing data security risk? CEOs need to lay out a map of their data security initiatives. This starts with the designation of a special cybersecurity team that typically reports to the company's CTO or CISO. This team would include professionals skilled and trained in various areas, including software development, threat intelligence, risk mitigation, intrusion detection, and incident management. 

There also needs to be appropriate data security systems in place that can operate as a front line defense. With the continued development of data security platforms powered by artificial intelligence and machine learning, companies can now integrate smart, automated solutions.

Finally, CEOs need to foster a culture of data security within the company. This starts with the development of data security procedures and best practices. But it doesn't end there. Organizations need to also put significant resources into training their employees on data security policies and monitor compliance.

4. What is the company's data security budget?

A company's true commitment to data security will show up in the amount of money and other resources that are allotted for its data security initiatives. Proper data security systems don't come cheap. Still, they will pay for themselves many times over by preventing or at least containing, the costly, reputation-damaging data breaches that have been gracing the headlines lately.

CEOs need to determine their cybersecurity needs and then make sure these needs are getting adequate funding and staffing.

5. How will the company ensure continuous assessment and improvement of data security initiatives?

As mentioned above, cybersecurity is an on-going, evolving process, and as such, it needs constant monitoring, data collection, and analysis combined with up-to-date industry research. Much of this monitoring and analysis can be carried out by the members of the cybersecurity team backed by big data collection and analytical tools. But, their findings must be clearly and regularly communicated to CEOs and other business leaders as well as board members.

In short, while many CEOs may recognize that data security is a key component in modern business operations, it is not a set-it-and-forget-it process. Just as business leaders are careful to manage their cash flow, they must exercise as much, if not more, caution when it comes to the flow of data to, from, and within their systems.    

Robert Moment is a Personal Branding Strategist and Executive Leadership Coach who specializes in teaching CEOs, Executives, Professionals, and Entrepreneurs how to unlock their potential to succeed and be the “Go-to” leader in their industry.

Robert is the author of the following books:

·       Executive Leadership Coaching Guide

·       Principles of Leadership Development

Visit www.WhatMakesYouStandOut.com to download FREE chapters of Principles of Leadership Development.