This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.
This Website Uses Cookies
By closing this message or continuing to use our site, you agree to our cookie policy. Learn More
This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • Home
  • News
    • Security Newswire
    • Technologies
    • Security Blog
    • Newsletter
    • Web Exclusives
  • Columns
    • Career Intelligence
    • Security Talk
    • The Corner Office
    • Leadership & Management
    • Cyber Tactics
    • Overseas and Secure
    • The Risk Matrix
  • Management
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • More
  • Physical
    • Access Management
    • Video Surveillance
    • Identity Management
    • More
  • Cyber
  • Sectors
    • Education: University
    • Hospitals & Medical Centers
    • Critical Infrastructure
    • More
  • Exclusives
    • Security 500 Report
    • Most Influential People in Security
    • Top Guard and Security Officer Companies
    • The Security Leadership Issue
    • Annual Innovations, Technology, & Services Report
  • Events
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
    • Security 500 West
  • Resources
    • The Magazine
      • This Month's Issue
      • Digital Edition
      • Archives
      • Professional Security Canada
    • Videos
      • ISC West 2019
    • Photo Galleries
    • Polls
    • Classifieds & Job Listings
    • White Papers
    • Mobile App
    • Store
    • Sponsor Insights
    • Continuing Education
  • InfoCenters
    • Building AppSec in Enterprises
  • Contact
    • Editorial Guidelines
  • Advertise
Home » Cybersecurity Tips for the Break Room and Boardroom
Cyber Security News

Cybersecurity Tips for the Break Room and Boardroom

board room
January 5, 2017
Joseph Carson
KEYWORDS C-suite security / cyber security awareness / cyber security education / cyber security leadership / security training
Reprints
No Comments

Every day we are updated about the latest cybersecurity breaches – whether it's Yahoo, Dropbox or LinkedIn, how many records have been stolen, or how much companies have paid in result from ransomware or financial fraud. 

However, are employees and executives aligned with cybersecurity awareness? Are the risks and top discussions that happen in the break room similar to those that happen in the boardroom? The topics and concerns are farther apart than you could ever imagine. 

 

The Break Room

As employees sit in the break room and discuss the latest cyber breaches in the news and how many records have been stolen, it’s not typically a major concern as they are not aware of the direct impact to their data or personal information. To them, it is just another cyber breach. 

As thousands of records are stolen daily, the lack of direct impact means that many employees are not clear on the risk or the value of the data being stolen. Many companies have failed to educate employees on cybersecurity. While it is common to see companies creating complex IT policies, ensuring their employees understand their role and responsibility when it comes to security within the company is a good place to start.

Share with your employees that even a bad link clicked on a smartphone can lead to a cyberattack throughout the organization.

Companies fail to treat external breaches as cyber incidents and therefore reduces the severity or impact. Employees bring their own devices, connect them to the company’s network, store corporate data on them and very few companies check those devices for security compliance or that security protocols are enabled.

Employees believe it is the government’s, technology companies’ and their company’s responsibility to protect them from cyberattacks. The cybersecurity topic at the break room is more likely to be about the cyberattacks that influence the presidential election, the possibility of cyber terrorism against the government and critical infrastructure, and “did you recently change your password?”

In all seriousness, you should probably update your passwords.  

 

The Boardroom

Now just down the corridor, the executives are having their monthly meeting in the executive boardroom and after numerous topics, cybersecurity eventually gets brought up.  The main concern for the CEO is to know the business is running smoothly. While sales and operations are top of mind, the security of the company needs the same awareness and care. While juggling many business functions, CEOs don’t have the time to worry about small intricacies.

Make cybersecurity a priority topic during meetings and define the business impact of a security breach.

New security breaches like ransomware make security a more pressing concern for enterprises now more than ever before. Most of the boardroom looks to the CISO for what the current state of the company’s cybersecurity is. However, many view it as a risk and therefore lack of business impact. The biggest topic that comes to the table is typically is whether the company is meeting government and industry regulatory compliance and will they pass the upcoming audit.

Establish a culture of cybersecurity responsibility throughout the C-Suite, not just the CISO.

The challenge in the past is that it is difficult to measure cybersecurity risk for many organizations and this has put the CISO in a tough situation as how to show business value. It was about keeping the existing security controls working, making continuous improvements where possible, and placing security on previously adopted technologies. Security has always been an afterthought and sometimes not possible to keep the same high level when security and privacy were not implemented by design. This means the risk always continues to get greater, making the CISO’s already tough job more challenging. 

Since cybersecurity is a growing topic in the boardroom and the breakroom, the education in the boardroom needs to continue on the business impact of cybersecurity, clear metrics, cyber insurance and a clear recovery plan. Educating employees of the importance of security with BYOD and their own workstations will greatly mitigate the risk of a cyberattack.

Subscribe to Security Magazine

Recent Articles by Joseph Carson

5 Security Risks Professionals Face While Working on Vacation

Debunking the 5 Myths of Sophisticated Cyber Attacks

Joseph Carson is a UK-based Certified Information Systems Security Professional (CISSP) with 20+ years of experience in enterprise security & infrastructure. An active member of the global cyber security community, Carson is the Chief Security Scientist at Thycotic, a leading provider of password management to more than 7,500 organizations.  

Related Articles

Debunking the 5 Myths of Sophisticated Cyber Attacks

5 Security Risks Professionals Face While Working on Vacation

Related Products

The Database Hacker's Handbook: Defending Database Servers

Related Events

AXIS P85 Network Camera Series

You must login or register in order to post a comment.

Report Abusive Comment

Subscribe For Free!
  • Print & Digital Edition Subscriptions
  • Security eNewsletter & Other eNews Alerts
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Popular Stories

cybersecurity breach

The Top 12 Data Breaches of 2019

ransomware-enews

British American Tobacco Suffers Data Breach and Ransomware Attack

Dispelling the Dangerous Myth of Data Breach Fatigue; cyber security news

Major Retailer Macy's Is Hacked

server room, cybersecurity, penetration testing,

Explained: Firewalls, Vulnerability Scans and Penetration Tests

SEC1219-Cover-Feat-slide1_900px

Contracted vs. In-House Guarding: No Universal Right Answer

SEC2019_Everbridge_1119_360x184customcontent

Events

December 17, 2019

Conducting a Workplace Violence Threat Analysis and Developing a Response Plan

There are few situations a security professional will face that is more serious than a potential workplace violence threat. Every security professional knows and understands that all employers have a legal, ethical and moral duty to take reasonable steps to prevent and respond to threats of violence in their workplace.
January 23, 2020

The Value of a Unified Approach to Critical Event Management

From extreme weather to cyberattacks to workplace violence, every organization will experience at least one, if not multiple, critical events per year. And in today’s interconnected digital and physical world, the cascading safety, brand, and revenue impacts of critical events are more severe. Organizations need to be prepared through a unified and rapid response to these events.
View All Submit An Event

Poll

Emergency Communications

What does your enterprise use to communicate emergencies to company employees?
View Results Poll Archive

Products

Effective Security Management, 6th Edition

Effective Security Management, 6th Edition

 Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics. 

See More Products
SEC500_250x180 clear

Security Magazine

SEC-December-2019-Cover_144px

2019 December

This month, Security magazine brings you the 2019 Guarding Report, featuring David Komendat, Boeing CSO, and many other public safety leaders to discuss threats and solutions for 2020 and security officer training. Also, we highlight Hector Rodriguez, Director of Public Safety and Security at Marymount California University, CCPA regulations, NIST standards, VMS and much more.

View More Create Account
  • More
    • Market Research
    • Custom Content & Marketing Services
    • Security Group
    • Editorial Guidelines
    • Privacy Policy
    • Survey And Sample
  • Want More
    • Subscribe
    • Connect
    • Partners

Copyright ©2019. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing