Here are some recommendations published on the blog of the INSEAD business school.
3 steps to take ownership of organisational cybersecurity
The difficulty of each step varies according to the sector but, generally speaking, the following three steps are valid for every organisation. It is important that all three be carried out.
- Understand the biggest risks for your company
- Carry out a "fire drill"
- Be aware of what you own
First step: Understanding the risks
Every board team needs a detailed discussion of the whole issue. The aim is to reach consensus and a clear commitment regarding what happens next. It is necessary to go beyond the obvious.
After this initial conversation, further discussions should be held, even if only on a semi-regular basis. Certainly they should not be omitted altogether.
What to focus on?
- Public profile of the company: If something surrounding the company profile is perceived as unethical (for example, it is believed that the company fires employees unjustly or does something that is morally wrong), this can increase the probability of a cyberattack.
- Your intellectual property: if your R&D is successful, competitors and hackers may try to steal your intellectual property.
- Your industry: healthcare, manufacturing and financial services are the top three industries that are most frequently subject to attacks.
The remaining two steps will appear in the second part of the article.
-jk-