Cybercrime Is The Other Guys Problem, Right CIO?

Do CIOs have to worry about the other guy when it comes to cybercrime?
Do CIOs have to worry about the other guy when it comes to cybercrime?
Image Credit

Whew! Your IT department staff who are in charge of securing the company’s network have just reported to you that all patches are up-to-date and so the latest worm / trojan / virus that everyone is talking about shouldn’t affect you. However, when you stop for a moment and think about all of the companies that you do business with, maybe it will affect you…

Why The Other Guys Really Do Matter

Just a little while ago, the headlines were full of stories about the credit card processing firm Global Payments who had suffered a massive data breech. It was estimated that this breech compromised between 1.5M and 10M MasterCard and Visa accounts.

These days everyone realizes that it’s not just the importance of information technology, but rather the importance of the customer data that your firm stores. What makes this cyber-attack so important is who the bad guys went after. They didn’t go after a bank – generally bank CIOs have done a good job of making sure that the bank’s network and therefore its customer data is well protected. Instead, the crooks went after one of the bank’s vendor partners and because the bank shares customer data with them, the cyber crooks were able to gain access to the data that they were looking for.

You may not be working in the finance industry, but the same rules apply to you: thieves may bypass your well protected network and may instead target your vendor partners whom they view as having less stringent security measures in place.

What A CIO Has To Do To Secure Everyone

Think for a moment about how many vendor partners your company does business with. They may not all have access to your entire customer data set, but many of them probably have enough access that a data breech could cause you great harm.

As the person with the CIO job you have three different steps that you need to take in order to ensure that your vendor partners will be able to protect your company’s customer data as well as you do. The first thing is to extend the controls over customer data that your company has implemented out to your vendors. This can be as simple as ensuring that only authorized employees have access to the systems that contain the data.

The next step is to ensure that your vendors are adequately protecting the customer data that they have. Once again, this may be as simple as ensuring that all employee laptops use encrypted hard drives just in case they are lost or stolen. The final step is to perform periodic audits of your vendors in order to ensure that your customer data is being protected within their IT systems.

What All Of This Means For You

All too often the person who is in the CIO position focuses only on making sure that their company’s networks are secure. The problem with this is that if one of your partners’ IT infrastructure becomes compromised, then your customer data may be at risk.

CIOs need to become proactive. They need to realize that the risk of a cybercrime exists outside of their enterprise network. Both the company’s data that has been shared with vendors and the company’s reputation are at risk. CIOs need to partner with vendors in order to ensure that their networks are just as secure as yours are.

The benefit of working with vendors to secure their networks is that the more secure their networks become, the less of a target that anyone with your customer data will appear to be. In a world with so many easy targets, the cyber criminals will most likely move on to easier targets. Work with your vendors and you’ll once again be able to sleep at night knowing that your customer data is secure no matter where it is.

– Dr. Jim Anderson
Blue Elephant Consulting –
Your Source For Real World IT Department Leadership Skills™

Question For You: What do you think that a CIO should do about a vendor who is unwilling or unable to secure their network?

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

P.S.: Free subscriptions to The Accidental Successful CIO Newsletter are now available. Learn what you need to know to do the job. Subscribe now: Click Here!

What We’ll Be Talking About Next Time

I’m not sure if you’ve heard, but it turns out that it’s time for all of the old school CIOs to get up and get out. I’m talking about those CIOs who are in love with technology for technology’s sake. Yep, their time is now officially up and they need to gather their things and get out.