26
MiMfg Magazine
Premium
Associate
Member
May 2020
Why Cyber Security is the
CEO’s Responsibility
By Mike Maddox• ASK
You have probably heard the term “cyber security”
so many times you have become immune to it.
Reports of data breaches and cyber attacks fill the
news stations, warning us of what could happen if
we aren’t prepared. In addition, being inundated with
recommendations for tools and software that can
help save the day can make it even more over-
whelming — which just makes it easier to avoid.
While there are incredibly powerful tools
available that can protect your business from a cyber
attack, there is a bigger issue to address and there
isn’t a tool out there that can fix it.
The issue doesn’t lie within the IT equipment in
your facility. The issue lies behind the four walls of the
executive offices. One of the biggest misconceptions
about cyber security is that it is the responsibility
of the IT department. Executives need to take
responsibility for one of the greatest risks that face
their business, its assets and its future.
Even though an executive could object to this
by saying that cyber security is not an area they
understand clearly, it does not mean they should not
hold their team accountable. Executives need to ask
their team the hard questions and not just assume
that they have the proper security measures in place.
Often, business owners trust their IT team
implicitly because — let’s be honest — technicians
and systems engineers are wildly knowledgeable about
their field. So, it is easier to just trust what their
team says and trust that they are one step ahead.
The fact is that senior executives need to have
two obligations and priorities:
• What is our disaster recovery plan and when
was it last updated?
• How much are we spending on cyber security?
• What are we doing to educate our staff about
cyber security best practices?
• Do we have a clearly defined Recovery Time
Objective and Recovery Point Objective?
Have we tested that we can meet them?
There are only two reasons why you would not
be losing sleep over the state of your company’s
cyber security. Either you have a clear understanding
of your company’s current security posture and plan
moving forward, or you haven’t even begun to think
about it. If you haven’t started thinking about it or
talking with your team, then know it is just a matter
of time until it’s all you think about — and for all
the wrong reasons.
6
1. Protecting their business in every way,
shape and form Mike Maddoxis the president of ASK. He may be
reached at 517-676-6633 or [email protected].
2. Holding their teams accountable ASK is an MMA Premium Member company and
has been an MMA member since June 2016.
Visit online: www.justask.net.
Executives don’t need to communicate fluidly
with their IT team using the techno-jargon that we
all innately fear. What they do need to understand
though, is the level of risk their business is facing,
what the company’s plan is to improve their security
posture and how they are going to achieve it.
If you have even the slightest doubt that your
business isn’t properly protected, then it is time to
start asking your team the hard questions like:
• Are we utilizing a SIEM or SOC?
• What is our incident response plan?
Learn more about Maddox and ASK on page 8.
Get More!
Take the first steps to protect your company by
checking out member-exclusive webinars and the
member-discounted and customizable MMA Cyber
Threat Protection, powered by ASK at mimfg.org .