As a CIO you have to spend a lot of time thinking about how to protect the company’s IT department. You think about hackers, viruses, Trojans, social engineering, and all of the other threats that we find in the modern definition of information technology. You buy firewalls and virus scanners and anything else that is sold to the IT sector to protect you. However, it turns out that the foe that you are trying to defend the company against may more likely be an insider. Considering the importance of information technology, what’s a CIO to do now?
Understand What You Have To Defend
Let’s face it – as CIO you are not going to be able to protect all of the company’s data. What this means is that you are going to have to take the time to identify what the really important stuff is – that’s what you’re going to have to protect.
Once you’ve identified this, you need to take steps to make sure that it’s not going to fall into the wrong hands. This can start out with making sure that the important data is encrypted. That’s not enough. You also have to create a system to limit access to the valuable data and to keep track of just who does access it and when they touch it.
Become A Student Of Security
When you read the trade rags, you will often encounter stories that document how thieves broke into various companies. How clever they are never ceases to amaze me. However, the reality of real life is much different.
More often than not, when an insider decides to do something wrong they’ll just be doing the exact same thing that someone else has done in the past. What this means for you as CIO is that once you detect someone doing something that they shouldn’t, then you need to put measures in place to ensure that nobody will ever do that again.
Trust No One – Including Vendors
When we think about the insider threat that the company is facing, we often spend our time thinking about employees. However, it turns out that the number of people that we need to consider is actually much larger – often times your vendors are almost like employees.
What this means is that your vendors may have access to sensitive company data. It’s what they do with this information that really matters. Since they operate both at your company as well as at your competition, you need to take steps to ensure that they don’t have access to anything that you wouldn’t want your competition to see.
What All Of This Means For You
Nobody ever said that the job of CIO was going to be easy, but man – they never told you that it was going to be this hard! Keeping the company safe from IT threats could be a full time job in of itself. It turns out that your greatest threat may not come from outside, but rather may come from the inside…
As the CIO you need to make sure that you fully understand what assets you need protect. You can’t protect everything, so make sure that what you do protect is the most important. Take the time to learn from past attacks. If you don’t, you’ll be forced to repeat the learning over and over again. Finally, realize that your vendors may open a door to your IT systems that could end up costing you a great deal.
It actually is possible to keep your company secure. As CIO you need to understand that internal threats are much more likely to cause you harm than any outside threats. This means that inside threats are what you need to spend your time taking care of…
Question For You: If data is the most important thing that your company owns, what is the best way to protect it?
P.S.: Free subscriptions to The Accidental Successful CIO Newsletter are now available. Learn what you need to know to do the job. Subscribe now: Click Here!
What We’ll Be Talking About Next Time
As CIO the rest of the company is relying on you to keep them safe. They expect you to lead the IT team in defending the corporate castle from hackers and attackers. The importance of information technology requires us to spend time doing this – it’s really part of the CIO job. However, it turns out that no matter how thick you make the virtual fences that you put around the company’s IT assets, you may be dealing with an even bigger threat from within your own IT department.