Protecting online information


"Every company today is at huge risk of losing sensitive, privacy-protected information to hackers. Every company today … is susceptible to state actors attacking their systems to get very sensitive, proprietary business information. And every company today, to some extent or another, is at risk of having their public-facing systems taken down through denial of services attacks."

Michael Leiter, former director of the National Counterterrorism Center and a presidential advisor on cybersecurity, painted a sobering picture of the IT landscape in his recent Microsoft Virtual North America CIO Summit Q&A. "When I left government three years ago and I would talk to Fortune 500 CIOs, about a third to a half thought that cyber threats were really significant. I don't think that's the case today. I think 100 percent understand."

A CIO's job is to lead the charge for securing data. This effect means convincing the rest of the C-Suite to invest in and prioritize protection efforts. First, the CIO must engage with other executives to learn what information would give competitors a huge advantage—material that would be the most painful (or even fatal) to lose. Then Leiter advises finding "a set of case studies of other companies who are similarly situated [that outline] what they did and about how they were still penetrated." These real-world examples can act as a wake-up call for colleagues who are convinced that a little effort is good enough.


Careful monitoring of those often-under-
protected connections can help IT departments
 spot a problem before it turns into a nightmare.

Leiter reminded attendees that technology is only as good as the people who are using it, so the bigger problem can be educating employees about smart behaviors: "You can set up perfect technology, perfect defenses … [and] it's still going to turn out that if you have an employee that clicks on a PDF file [that] has a sophisticated, advanced persistent threat embedded in there, technology probably isn't going to save you."

In fact, Leiter says the two biggest mistakes a CIO can make are forgetting about internal risk and failing to carefully monitor those entities just outside the immediate corporation that still tap in to a company's IT environment (such as suppliers, lawyers, and equity firms). Spend time auditing the access levels and close open pathways that aren't regularly used. And although controlling the security of external partners is unrealistic, careful monitoring of those often-under-protected connections can help IT departments spot a problem before it turns into a nightmare.

Smaller companies aren't immune to these vulnerabilities, and cloud-based information storage can be a good avenue to explore. "The cloud doesn't solve every problem," Leiter said, "but I think, to smaller organizations and nonprofits, the cloud is a really, really valuable way of investing effectively in security." His reason? Large IT providers have the time, resources, and money to spend on advanced systems that the average small business simply can't afford.

Leiter returned to one notion several times: as the information game changes, storytelling is a critical skill for a successful CIO. A convincing narrative about potential dangers, best practices, and, yes, horror stories can persuade everyone—from the guy in the facilities department whose mom sends him email forwards to the executive who is reluctant to loosen the purse strings—keep information security top of mind.


Need insurance for You, Your Family or Your Business?
We can match you to a qualified, local insurance expert!
Further Reading
Individuals have more access to health information than they've ever had before. A simple Google search on a specific health topic can yield advice from hundreds of different sources. Although access to the information has improved with the inception...
Your customers entrust their personal data to you and your company. Your employees may easily share information, though, particularly if you operate an open office with little privacy. Protect your customers’ information and identities when you follo...
The majority of job applications today are completed online. It's easy to simply enter your information, upload your resume and hit send. What happens to your personal information, though? If someone accesses your full name, social security number, a...
Building information modeling (BIM) software provides a digital three-dimensional, real-time tool that contractors, building owners, architects, and engineers can use to develop an overall view of a building throughout the design and construction pro...
Top managers are more likely than rank-and-file workers to put their companies at risk for data breaches and theft of intellectual property, according to a recent nationwide study. "On the Pulse: Information Security Risk in American Business" a su...