Can The CEO Be Fired If His Company Is Hacked?
Why a CEO should take responsibility for securing his company’s data
Very simply put, yes.
There is no doubt that in today’s market huge amounts of data are quite valuable if used correctly. Usage means access and access means that there is a risk of abuse.
Whether you are a CEO or CIO, you are responsible for the fact that your company’s data is secure. Naturally, some data is much more crucial than others. Whether you lose your customers’ data to a hacker, a virus or an advanced threat such as Cryptolocker or Zeus P2P is irrelevant.
You lost, or were unable to secure, some of the most vital parts of your company’s market value.
A recent and very good example of data is the firing of the CEO and CIO of Target, but off the record there are a lot more examples of the same.
Small businesses, large companies and even global corporations have data breaches as a daily occurrence, but most of them don’t hit the public, unless a hacker brags about it or an employee gets caught. These breaches will vary in size and frequency, based on the scale of your company, and can happen from either the inside by employees or from the outside of the company by hackers.
Both are equally dangerous to your corporate integrity.
Using both global and local references, we could mention the Sony, JP Morgan and Orange Data breaches or the Danish NETS payment provider scandal. To keep data valuable, whether corporate or personal, it must be kept away from those who want to maliciously capitalize on it.
With that said, what are the current problems to consider in a modern data based company? In my view, it’s simple, really. You want to have as much data as possible, which you can use to commercialize your company. In order to do that commercialization it means that someone needs to have access to that data in order to analyze it.
How would I recommend that you approach the problem of keeping your company’s data safe?
Well without going into operational details, I would recommend that you take a healthy discussion with the CIO on how your company should operate with your data.
Some of my straightforward advice is to make sure that anyone below C-level has to be approved to access customer or intellectual data in your company.
This means that if a manager tries to access your Business Intelligence center or data, they will put in a “pull request” for data. This “pull request” will then have to be approved, before your data center start extracting the data. Whether it is a C-level approval or just a colleague at similar level is irrelevant in my book.
As you move down your organization, you might want to make sure that at least 2 colleagues approve pull requests or a different manager than the one in direct relation.
If you are thinking about protecting your customers’ data from outside abuse on user account level, I would recommend using 2-step verification on all user accounts. In terms of your data center make sure you split up your data, thus ensuring that customer data is split over different locations and make sure you encrypt as much as you can. Your options here will vary, depending on your current setup, but enabling internal approval processes and 2-step verification on user accounts will not require that much work and is a very good start.
What are your recommendations?