Here is Tip #23 for National Cybersecurity Awareness Month: Factor cyber into business decisions
Good cybersecurity is more than an IT issue. Many strategic choices about how to run the business have cybersecurity implications.
- How should we connect online with our customers?
- What data should we collect via our app?
- Should we use a vendor?
Good cybersecurity is based on understanding the business model and business processes of the organization, and that requires direction and consultation with executive management.
Without sufficient executive involvement or oversight for cybersecurity, an organization might be taking on more risk than it understands and could be more exposed to attack.
Or the opposite could happen, and IT could overspend on security and put in safeguards the business doesn’t really need.
Steps you can take
Develop a culture of cybersecurity awareness at your organization to ensure it’s at the top of mind during decisions and that the right teams are involved.
- As a business owner or executive for oversight of IT, make sure business functions/departments and IT have alignment on cybersecurity risks and what cyber risks the business should avoid, accept or mitigate/control. Perform a risk assessment.
- Make sure there is executive awareness of cybersecurity risks and an ability to engage on discussions on cybersecurity matters with IT leadership.
- Involve IT early on in strategic projects to help evaluate cybersecurity implications of new initiatives.