Kaspersky: Five Main Lessons Cybersecurity For CEOs
JAKARTA - The Kaspersky survey shows that 62 percent of top managers in a company or organization admit that misunderstandings between information security departments (IT) and businesses have caused serious cyber incidents.
Support from the editorial board or C-Level is needed to change the way employees respond to information security, considering they are always busy and perhaps things related to the security of this information are missed.
Here are five simple keys from Kaspersky for top management so cybersecurity messages can be more easily understood.
Providing Cyber Team Security Training Starting From C-Level
The executives must master basic security lessons such as the use of two-factor authentication with USB or NFC tokens on all devices, the application of long and unique passwords for all work accounts, protecting all personal and company devices with appropriate software, and keeping personal and digital goods separate.
It's also important to re-check all suspicious emails and attachments. Some of them may need help from someone from the information security department to handle very suspicious links or files.
After that, the company's top brass then provided security training for all employees with different portions according to their job desk.
Integrate Cybersecurity Into Company Strategy And Process
It is important to remind top management that buying a protection system is not a panacea for all cyber problems. Because, according to various studies, between 46 and 77 percent of all cyber incidents are related to human factors.
For example, non-compliance with evil policies and insiders to the lack of transparency between IT and contractors. So that leaders in the fields of technology, humans, finance, law, and organization need to be involved in adapting the company's strategy and process.
Invest Properly
The budget for information security is always limited, while the problems to be solved in this area appear to be unbounded. The most mature approach to the security budget is the one based on risk and cost of actualization and minimization of attacks, but also the most labor-intensive one.
Consider all types of risks
Discussions on information security are usually too focused on hackers and software solutions to beat them. But many organizations are still facing other cyber risks related to information security. To that end, it is important for top-level managers to regularly monitor and increase company internal compliance with regulatory requirements in their departments.
Respond correctly
In general, cybersecurity incidents are almost unavoidable. If the scale of the attack is large enough to attract attention in the discussion room, it almost certainly means surgery disruption or data leakage is important. Not only information security, business units must also be ready to respond, ideally by participating in training.
At least, top management must know and follow security procedures. For that, there are three basic steps for CEOs:
Immediately inform key parties about an incident to investigate the incident, to take various actions in order to properly assess the scale and consequences of the attack
Formulate a communication schedule. Because, the company's common mistake is trying to hide or underestimate an incident.