The IT director and the board must be aligned on cyber protection (video)
Communication between the board and IT cannot be solely one way
SMEs are often called the ‘low-hanging fruit' of the security world, with less protection and threat awareness than regulated enterprise firms. To combat this, the aims of the board and the IT director must be in agreement, but that isn't always easy, Neil Sinclair of the London Digital Security Centre told us in a recent interview (video)
London DSC works with SMEs to help them stay safe online. Although many of their clients are aware of the threats, they often don't think put as much thought into protection as they should. Sinclair (who will discuss ‘The view from the board' at Computing's Enterprise Security and Risk Management Live! event next week) says that the board is responsible for fixing this - but they might not always be aware of that.
A lack of communication between the board and the IT director can stymie security: "There's definitely a disconnect between what the board thinks the IT director is doing and what the IT director thinks the board wants him to do," said Sinclair, speaking about a situation that he has encountered many times.
"The IT director tells us, ‘Oh my goodness, I thought I was just keeping the website up and the emails flowing and making sure that the internet was working. I didn't realise that the whole basket of security was mine as well.'"
Board support can be vital for an IT team, especially when it comes to securing investment, but many of the people who sit at the helm of modern business will have grown up before the cyber revolution. They might not fully understand the threats they face, and Sinclair says that they need to be educated on the benefits of a "good and thorough" resilience programme: "Cyber resilience should be treated exactly the same as physical resilience."
The other step is a cultural one. Opening lines of communication will empower the IT team, giving them the confidence they need to rely on their expertise and demonstrate the benefits of strong security when presenting to the board.
Watch the entire interview now, and don't forget to register for Enterprise Security and Risk Management Live!
IT security failings are, increasingly, costing CIOs and CEOs their jobs. With business utterly dependent on IT, it's not enough for senior executives to dismiss security as ‘techie stuff'. At Computing's Enterprise Security & Risk Management Live event, hear from the National Crime Agency, ex-hackers and big-business CISOs to learn about how they are tackling cyber security. For more information, check out the dedicated event website. Attendance is FREE to IT leaders and senior IT pros.