Information Security Essentials for CEOs and Executives

In business there are several responsibilities that CEOs must own thought leadership of in their companies, and should not pass off to other employees, or risk peril. Peter Drucker identified these key executive decision-making areas as: (1) standard-bearer of the corporate vision and mission; (2) guardian of the treasury; (3) champion of sales; (4) nurturer and developer of the team. Close akin to these is the CEOs responsibility to safeguard the business operation from accidental and malicious release of proprietary and confidential information.

2014 set records for the size, scale, lengths, and proliferation of online viruses, Trojan horse programs, and other malware that disgruntled family members, employees, hackers, competitors, and nation-states will go to collect data and interfere with business operations.

Consider these top 10 breaches cited by fraud analytics firm "Rippleshot" from 2014:

  1. P.F. Chang's - In June some customer credit info was compromised at 33 restaurants; a waiter collusion racket; a man-in-the-middle scheme; did not need malware.

  2. Sally Beauty Supply - TX, was hacked by the same gang as Target; lost were 25,000 customer records containing credit cards; small stores vulnerable like large retailers.

  3. Acme Markets - (owned by Albertson's), discovered that malicious software installed on networks that processed credit cards; software was believed to be operating for a month prior to detection.

  4. Michaels Stores - acknowledged that about 3 million customer debit and credit cards were stolen at its subsidiary Aaron Brothers; again, the hackers used malware to hit the soft spot of the company; the remote operation and small stores.

  5. Goodwill Industries - the national charitable organization, said that 330 stores were compromised exposing data from 868,000 customer payment cards; the breach lasted six months before detection. Hackers hit soft targets and gained info useful in other market areas.

  6. Jimmy Johns's - announced that 216 locations had data breaches in 2014; the culprit, an intruder stole log-in credentials from their point-of-sale vendor, and used this info to attack the stores. Intrusion lasted 2.5 months before detection.

  7. Neiman Marcus - a luxury retailer, reported a breach involving 350,000 payment card records; of these, the company tracked that 9,200 were used fraudulent afterwards; malware was used to scrape payment card info; the intrusion lasted 2 months.

  8. Home Depot - was attacked and lost 56 million payment records through malware impacting their cash register systems.

  9. Target Corporation - reported a compromise of 70 million holiday shopper records; this large retail record heist, set off a wave of large breaches at other companies.

  10. JP Morgan Chase - reported the compromise of 76 million customer records (including personal data, addresses, phone numbers, etc), impacting 7 million households and small businesses. It was the largest reported breach in 2014.

And not on the list of top ten, but honorable mention was, Sony Corporation - hacked by the nation-state of Korea in apparent retaliation for making a movie. In my Vistage groups in January we brought in one of the nation's leading network security and data hacking prevention professionals to speak with our member CEOs and executives on modern essentials for data security. We were able to ask questions and gain insightful information on what works, and tools, tips, and practices to safeguard businesses and our homes. Here are a few takeaways from this month's speaker presentation:

  • Consider the estimated cost of a breach to your company? How much in dollars and reputation?

  • Are the data protection and network tools we used configured optimally?

  • Have are customers asked us to comply with any standards such as SAS 70, SSAE-16, SOC, ISO 27,000, PCI-DSS, HIPPA, etc? If yes, can you provide them with the necessary information assuring the safeguards and controls?

  • Have you considered that hackers don't need passwords when they use a computer that is already logged in?

  • What is the next step to implementing and testing your Business Continuity Plan?

  • If you use the Cloud, what are your risks, and what is your risk mitigation strategy?

  • When you terminate an employee, if they are disgruntled, can they hurt you? What is your strategy to prevent such risk?

  • Do you have a mobile device management strategy for your field users?

  • Do you have an independent 3rd party audit your systems and processes to optimize your investment?

  • Do you require long passwords, 14 characters or longer?

  • Do you use public WIFI at hotels, airports, and other hotspots? These are frequently honeypots and infected locations where systems are compromised.

  • Is your own company guest WIFI protected? Passwords? Different network connection?

And I could go on... there are many things to be concerned with today about network security, and the risks increase in 2015. If you would like a copy of my Speaker notes from this presentation, I would be happy to provide them to you on request. Further, To view a valuable 'infographic' on password security' go to: http://epraxis.com/?p=1416 In closing, as an executive coach and Vistage Chair, I encourage you to revisit your information security policies, procedure, and posture in your company; many small businesses and remote employees are at risk; you don't have to be a big business anymore to be a target of professional hackers. So make 2015 the year you improve your game in terms of protecting your business, home, and nest egg. In February 2015, our Vistage speaker topic is: The 360-Performance Appraisal -- A Deep Dive on what works, what does not work, a review of over 150 online tools, and how to lever this tools for your advantage. Finally, there is value in regularly working on your business, and meeting together monthly with a peer group of smart executives, processing real issues, and focusing on how to take advantage on large opportunities might be exciting and rewarding for you, your career, and business. I have a few seats left in my monthly peer executive Vistage groups, for individuals like yourself might who value getting briefed and engaging regularly from national experts on a range of business topics, who would benefit from the brain trust of 12-16 smart executives to work on business issues, and one-to-one coaching to improve business performance. If this sounds valuable to you, please contact me to arrange a 'free' test drive coaching session and to attend one of my Vistage meetings as my guest.