GUEST: Dorene Rettas, Managing Director of Cyber Security Hub
You already have enough to worry about in your business without adding the risk of public scandal, loss of customers, and potentially business-destroying civil liability.
We're talking security threats, and how your business needs to be proactive about this ongoing and constantly changing challenge.
Cybersecurity is constantly evolving, and so must you.
Nowhere is safe.
She's not an alarmist, but Rettas sees potential cyber dangers almost everywhere. Every single industry regardless of size has to address cyber security. Those who don't, do so at their peril. Because even if you don't think your data is valuable, hackers do.
Particularly vulnerable industries include: local, state, and federal governments, financial services, healthcare, manufacturing, and (ironically) technology.
If it can destroy your business with just a few mouse clicks, it needs to be an executive priority.
In order to be proactive and stay ahead of the criminals, companies need to take the threat much more seriously than most currently do. In larger firms, a Chief Information Security Officer needs a seat at the executive table.
"We're so past the point of being reactive, it's unacceptable. Risk-assessment and threat-intelligence are a must. When organizations focus on digital transformation, CISOs have to be involved in the process at the early stages."
This can be a thankless job.
"That old adage about IT being the enemy, if you speak to CISOs, it's not the case. They understand what the employees want, and what the optimal user experience should be, and they are trying to balance the two. They want to do the necessary digitization and still protect the assets," says Rettas.
You are now responsible for the security of your subcontractors and partners.
This process sometimes comes along with a learning curve and some growing pains, even within her own organization. They recently had to end a contract with a prospecting platform that the sales and marketing team really liked. "And they were appalled!" But compliance issues are serious business.
If you do business with the EU, not only do you have to be compliant with the General Data Protection Regulation (GDPR), it's critical that you be sure that your partners are, as well. If they are not, and you're interacting with their data, there's a risk that you could be penalized.
Cyber security can enhance your marketing segments' quality.
There is a lot of skepticism and fear in the enterprise trenches about cyber security threats and preventative measures, but Rettas points out that at least some of it is misplaced. There are even unexpected upsides.
For example, as a result of new security measures, more restrictions are being put in place for filtering email. This might make it difficult for some companies to do business, but for those who take the long view, it works in their favor.
Dorene states, "Look at double opt-in as an example. I'm not sure that it's going to drastically decrease engagement. What it will decrease are inflated numbers. But if the folks who really want to consume your content are checking the box, do you really care about those other [lost] people?"
Remember that cyber security is an ultra-marathon, not a sprint.
Rettas reassures folks that everything will shake out and be fine. It's simply a matter of teaching folks what they can and cannot do, and putting appropriate policies in place.
Are the cobbler's kids shoe-less?
How does Rettas grade the efforts of anticipating and countering cyber-treats within her own organization?
"We're fairly proactive. Because we've been writing about it and knew it was coming early on, we've been a little more proactive."
If you do not use iTunes, you can listen to every episode here.