4 Surprising Reasons Why The CEO is The Biggest Security Risk for a Company
Find out why and follow these 4 rules to avoid being compromised
If you are the CEO of any company in the size of 100-1.000 employees, this might just be the article for you. Maybe your CIO has even been kind enough to send it to you.
As a CEO, you really need to invest a lot of time and effort into your company, thinking about strategy, market movement, new products, market innovation and generally considering which way to take your company.
The last thing on your mind is low-level operational stuff like viruses, malware, domain controllers, APT’s, hacking and passwords.
However, four things stand out there, where you, as a CEO, actually often pose a problem.
1. High-end gear love
First of all, a lot of CEO’s love high-end gear like Apple computers, but an Apple Macbook is not able to work on a Windows Domain controller, unless you actually use Microsoft Windows on it anyway. If not everyone in a company is on a domain controller, it may be very hard for the CIO to enforce which PC’s gain access to your network with any given set of credentials.
That’s a security risk.
2. Security is not a priority
Secondly, CEOs tend to not have to follow corporate passwords rules. As an example, to make your life simpler, you dodge using long and complex passwords or using a password manager (as part of your password management must-haves), which is probably also recommended by your IT Department.
Again this poses a high security risk.
3. Everybody knows the CEO
Not only that, you also need to consider that, as a CEO, you are the front figure of the organization and therefore more likely to be the victim of phishing attacks or direct hacking attempts to gain access to your corporate network.
4. The CEO has access everywhere
On top of that, your credentials most likely give you access to all the information available in your organization, such as business intelligence, product designs, customer data or other corporate information, which are vital to your organization.
A recommendation to both the CEO and CIO could also be to use complex user account naming as well, combined with complex passwords, as that makes hacking accounts even harder.
As an example, you as CEO of LinkedIn, Jeff Weiner, shouldn’t use email@example.com as a log in, or firstname.lastname@example.org – you could, but then the password needs to be really complex or have user account blocking enabled if there are attempts to compromise it.
Please remember that this discussion is not a matter of assigning further funds to your CIO for security or tipping a fine balance in who decides what, but you simply need to do as much as you can to keep your account information safe from attacks and follow the guidelines issued by your IT Department.
To summarize, I would propose you follow 4 simple rules:
- Use complex and diversified passwords and maybe even complex user account naming (or use this password management guide);
- Make sure to lock your PC, whenever you leave it and possibly even run an encrypted harddrive (check out this encryption guide);
- Make sure your PC is up to date on antivirus, patches and a second layer of security (find out why antivirus is not enough).
- If you have a secretary or personal assistant accessing your account or email, make sure he or she complies with the same rules.
This post was originally published in August 2014. It was updated in May 2016.
I fully agree with the risk of a CEO with little concern about his data security issues.
Because the CEO, in theory anyway, has access to all critical business data, that makes them a key target for hackers. If they can get into the CEO’s accounts chances are they can get access to anything they want! The CEO has to be aware that they look like a meal tickets to many hackers and take the appropriate steps to protect their online actions.
Lastpass poses a security risk? I think you need to expound on that point.