Donna Seymour, CIO of the U.S. Office of Personnel Management, faces a lawsuit for her role in failing to protect the personal data of millions of past and present employees, and legal experts expect the trend to continue.
What can you do to protect yourself if you are the CIO or other IT executive charged with cyber security for your organization? These steps are key to a good defense:
1) Play an active role. Don’t delegate all cyber security decisions and responsibility because ignorance is not a valid defense.
2) Make sure your cyber security policy is adaptive to emerging threats, not “set it and forget it”.
3) Be methodical in your ongoing testing to check for new vulnerabilities and remediate them as you find them.
4) Monitor your network. This does not mean investing in a tool alone; you need trained eyes on glass 24/7/365 to watch for alerts and investigate them.
5) Involve the rest of your C-team. CIOs are not the only ones who may be held accountable in court. Don’t wait for a breach to bring your executives on board, be proactive in explaining the risks and gaining their support to follow cyber security best practice guidelines to reduce the risk of both a breach and costly legal action.