This brings new and exciting benefits. It also brings risks—risks that we read about in news headlines. About those cybersecurity risks: what questions do you want to ask? What does a business manager who is not in IT need to know?
In the wake of recent breaches of consumer data, articles with good information on how to respond are readily available for individuals: on-line from the Consumer Financial Services Bureau and state Attorneys General, in letters and messages from financial service companies, as well as from news sources such as the New York Times, Wall Street Journal, and CNN.
In the aftermath of business-focused scams, such as this year’s WannaCry and Petya ransomware attacks, and following FBI warnings of “spoofing” attacks that mimic internal executives’ instructions, it’s time to talk about the role and responsibilities for all managers and executives in an organization.
What should executives do to keep their companies, their data, their customers safe from cyber-attacks? What, that is besides tell employees to follow IT’s direction to change passwords regularly and don’t click on unknown links?
We’ve started a list of questions from non-IT business managers. Send me the questions you have always wanted to ask, and then join us on November 9, at Manhattanville School of Business, to hear the answers.
· What are current best practices and successful strategies for employee use of personal devices in the workplace, routing business emails to employee phones, ensuring security of confidential business information?
· After the Equifax breach, consumers are advised to “freeze” their credit bureau accounts. What should business managers, treasury managers, and business owners learn from the Equifax experience?
· If the nature of cyber threats are changing rapidly, how can any organization be certain that it’s insurance will cover the breach, hack, ransom or other attack?
· Let’s talk about the “Internet of things.” In terms of risks, what does that mean to a business organization – whether for-profit or not-for-profit?
· Who should be in charge of cyber security in any organization (for-profit, not-for profit, governmental): Head of IT (e.g., CIO, CTO), head of enterprise risk (e.g., CRO), COO, or someone else?
· Large cyber breaches or breaches that reveal confidential information can bring bad press. Realistically, though, how significant is a few days of negative publicity for a company or public agency – when those headlines will soon fade and be forgotten?
· Why does it take years for companies to assess the extent of cyber hacks? I’m thinking of Yahoo, which in October 2017 raised the number of accounts exposed in 2013 from 1 billion to 3 billion. Why is it so hard to figure this out?
What can/should a non-technical manager do improve readiness for and recovery from a cyber-attack?
Send your additional questions to firstname.lastname@example.org and introduce yourself that evening so we can talk further.
Join the Institute for Managing Risk, the Women’s Leadership Institute, and our panel of experts on November 9 to discuss Cybersecurity: Readiness, Response, Recovery: Protecting Your Company’s Assets and Reputation. More information and to register see this link.
Director, Institute for Managing Risk
Manhattanville School of Business