"More than IT"          951-732-7401     Subscribe to Cyber Security Bulletin

Cybersecurity has historically been treated as a technology issue. However, cyber-risk must be managed at the most senior level in the same manner as other major corporate risks. The CEO must fully understand the company’s cyber risks, its plan to manage those risks, and the response plan when the inevitable breach occurs. CEOs also must consider the risk to the company’s reputation and the legal exposure that could result from a cyber incident. CEO fraud must be part of the risk management assessment.

While this assessment is of a technical nature, it is more about organizational procedures. Executive leadership must be well informed about the current level of risk and its potential business impact. This is rarely the case within organizations inflicted with phishing and CEO fraud. Management must know the volume of cyber incidents detected each week and of what type. A policy should be established as to thresholds and types of incident that requires reporting to management.

In the event of an outbreak, a plan must be in place to address identified risks. This is another weak point in many organizations. Yet it is an essential element of preserving the integrity of data on the network. Best practices and industry standards should be gathered up and used to review the existing cybersecurity program. Revise the program based on a thorough evaluation. One aspect of this is regular testing of the cyber incident response plan. Run a test of a simulated breach to see how well the organization performs. Augment the plan based on results.

Lastly, call your insurance company and go over the fine print regarding your coverage. If no cyber insurance exists, acquire some rapidly. Go over the details of cybersecurity insurance to ensure it covers the various type of data breaches.

Source: https://www.knowbe4.com/ceo-fraud