Skip to main content

Cybersecurity Questions from Business Leaders


We live and work in a cyber-connected world that keeps businesses in touch with customers, clients, suppliers, marketers, financial resources.  This brings new and exciting benefits.  It also brings risks—risks that we read about in news headlines.  About those cybersecurity risks:  what questions do you want to ask?  What does a business manager who is not in IT need to know?

In the wake of recent breaches of consumer data, articles with good information on how to respond are readily available for individuals:  on-line from the Consumer Financial Services Bureau and state Attorneys General, in letters and messages from financial service companies, as well as from news sources such as the New York Times, Wall Street Journal, and CNN.  

In the aftermath of business-focused scams, such as this year’s WannaCry and Petya ransomware attacks, and following FBI warnings of “spoofing” attacks that mimic internal executives’ instructions, it’s time to talk about the role and responsibilities for all managers and executives in an organization.

What should executives do to keep their companies, their data, their customers safe from cyber-attacks?  What, that is besides tell employees to follow IT’s direction to change passwords regularly and don’t click on unknown links?

We’ve started a list of questions from non-IT business managers.  Send me the questions you have always wanted to ask, and then join us on November 9, at Manhattanville School of Business, to hear the answers.

·         What are current best practices and successful strategies for employee use of personal devices in the workplace, routing business emails to employee phones, ensuring security of confidential business information?

·         After the Equifax breach, consumers are advised to “freeze” their credit bureau accounts.  What should business managers, treasury managers, and business owners learn from the Equifax experience?

·         If the nature of cyber threats are changing rapidly, how can any organization be certain that it’s insurance will cover the breach, hack, ransom or other attack?

·         Let’s talk about the “Internet of things.”  In terms of risks, what does that mean to a business organization – whether for-profit or not-for-profit?

·         Who should be in charge of cyber security in any organization (for-profit, not-for profit, governmental):  Head of IT (e.g., CIO, CTO), head of enterprise risk (e.g., CRO), COO, or someone else?

·         Large cyber breaches or breaches that reveal confidential information can bring bad press.  Realistically, though, how significant is a few days of negative publicity for a company or public agency – when those headlines will soon fade and be forgotten?

·         Why does it take years for companies to assess the extent of cyber hacks?  I’m thinking of Yahoo, which in October 2017 raised the number of accounts exposed in 2013 from 1 billion to 3 billion.  Why is it so hard to figure this out?

What can/should a non-technical manager do improve readiness for and recovery from a cyber-attack?

Send your additional questions to michele.braun@mville.edu and introduce yourself that evening so we can talk further.

Join the Institute for Managing Risk, the Women’s Leadership Institute, and our panel of experts on November 9 to discuss Cybersecurity: Readiness, Response, Recovery: Protecting Your Company’s Assets and Reputation.  More information and to register see this link.   



Michele Braun
Director, Institute for Managing Risk
Manhattanville School of Business

Comments

Popular posts from this blog

The Marketing Success of Mailchimp

Today in the October 5th New York Times there was a wonderful article published about the success of a small business called MailChimp and how they accomplished this while taking the road less traveled. According to the article there are two ways to create a business.  The first is the typical way a business gets started; a young entrepreneur comes up with an innovative idea, next is the creation of a prototype along with participating in a start-up boot camp. This then leads to small investors hopping on board; which leads to the creation of a Kickstarter. If everything works out and the product is successful it’s time for the founders to enter the haphazard mode called expansion. This usually translates to selling off the company piece by piece for huge chunks of money from venture capitalists. Then, once a few years have passed, if all goes well, the founders hit it big time and then BANG their set.  The second and less well known option is just ...

Why Study Risk Management?

As I read the newspapers, listen to news radio, watch TV news, stream business and general news, one of the words that shows up most frequently is “risk.”   Risky decisions, risk-weighted analyses, risk-focused audit, cyber risk, climate change risk, to name a few examples.   Several business people have told me they just want to run their enterprises and, unless risk taking is explicitly part of the business model (as for an investment fund or insurance firm), they just don’t have time to worry about risk.   This preference, while understandable, appears to be at odds with the frequent media references, so I decided to consult some experts.   The 2018 International Standard on Risk Management ( ISO 31000 ) says that t he purpose of risk management is “the creation and protection of value.   It improves performance, encourages innovation and supports the achievement of objectives.” Another widely recognized industry initiative ( COSO 201...

Communicating Organizational Change

Organizational change is a common occurrence in today’s work environment.   In your career, you will probably have to lead the organization through changes such as mergers and acquisition, restructuring and layoffs and new management and strategy implementation. One of the key ingredients for successful leadership during periods of organizational change is a well-planned and executed communication strategy.   The change will not be successful if it is not communicated effectively. Carefully consider the following six steps when communicating an organizational change: 1.     Consider the audience. Gilda Bonanno As with any communication, first you have to consider your audience.   Who will be on the receiving end of this communication?   In most cases, you will have several groups, including the managers, individual contributors, support staff and others impacted by the change.   Each group has its own needs and you have t...