Becoming headline news for a data breach has caused more than one CEO to wake up in the middle of the night in a cold sweat. It's not an unfounded fear. A spate of recent high-profile corporate breaches should be a wake-up call for executives. CEOs are tasked with overseeing the elements that contribute to their organisation's success; in today's high-risk world, that includes taking an active role in data security strategy. Failing to do so could affect company data, and the executive's tenure.
The CEO's role in data security
It is good to have confidence in the IT security team – to a point. It would be easy to assume that the IT and security team leads have everything covered. However, the second a breach occurs, the entire business suffers the fallout, ranging anywhere from damaged brand reputation to loss of customer and shareholder confidence. Responsible CEOs don't assume that IT has it handled. Instead they must take steps to document and understand exactly how assets are being protected.
Without looming over IT's shoulder, micromanaging every decision, CEOs do need to ensure that their companies are actively taking steps to protect corporate integrity while keeping an eye on the bottom line. After all, if the company is breached, it is the CEO who will have to answer uncomfortable questions from the media.
Breaches can cost an organisation millions of pounds and loss of reputation as critical data is stolen or damaged. CEOs need to actively ensure the safety of customer information assets. They must also ensure adherence to corporate goals by developing and executing strategies that increase profit margins and drive down the costs of doing business.
Creating a vision for security
It's easy to emphasise corporate leadership as the most important role played by a CEO, whether by maximising shareholder value or creating the best product or service possible. Yet security is a vital component of business success as well, and change comes from the top. If upper management doesn't prioritise security in a serious way, IT departments will address security perfunctorily, focusing instead on the projects tied to performance reviews.
Compensate to protect
Money talks. One of the most effective ways to ensure that security becomes a priority is to create meaningful incentives for its deployment and management. IT and security teams should be compensated and recognised based on how airtight the network is.
Part of the plan must take into account the need to protect brand reputation and trust. This necessitates including a multi-factor authentication strategy. Such a strategy will mitigate attacks that threaten user confidence, such as identity theft. Total cost of ownership (TCO) must be taken into account, as well as the ease of integration with remote access systems and cloud applications. The ideal strategy will take into consideration factors that include a low footprint, high security, high automation and high value.
Eight points in support of multi-factor authentication
Multi-factor authentication is a best practice for securing user data. The following stats highlight its need in enterprises today.
1. 1.6 million records were exposed by hackers each day in 2013.
2. Forty-four percent of all fraud incidents in 2013 involved an online transaction.
3. Identity theft is the fastest-growing type of crime, now more profitable than drug-related crimes.
4. Online service providers use SMS-based tools to authenticate users. If it's important to them, it should be important to your business as well.
5. The common myth is that hackers focus only on enterprises and stay in the retail and banking industries. While breaches affected 22 percent of retail and 38 percent of financial institutions, 20 percent of manufacturing, transportation and utilities were breached as well. And only 38 percent of the breaches in 2013 impacted large organisations.
6. Cyber attackers not only steal information, but they often destroy data and change programs or services. They also use servers to transmit propaganda, spam or malicious code.
7. Malicious actors use phishing, pharming, keyloggers and other methods to constantly improve their effectiveness in stealing passwords.
8. Even if an organisation employs vulnerability tests, anti-virus systems and advanced firewalls, lack of user authentication puts out the welcome mat for hackers.
Authentication for your reputation
The role of the CEO is expanding just as threats to an organisation's reputation and data are growing more prevalent. Attacks are occurring more often, and it falls to executives to set IT priorities as one of the organisation's business mandates. Weak or stolen user credentials remain the primary entry point for hackers, which is why authentication must be included in the overall security plan. Multi-factor authentication is a best-practice approach to help keep user data secure and keep your organisation out of the headlines.
Contributed by Torben Andersen, chief commercial officer, SMS Passcode