When considering the consequences of a data breach, plummeting stock prices, deserting customers and diminishing brand reputations immediately come to mind. These damaging and costly repercussions impact the livelihood of a company. However, a cybersecurity incident can also adversely affect individuals within an organization, costing an employee their job, career and possibly their future.
For examples of post-data breach job casualties, look no further than recent news headlines: Equifax CEO Richard Smith suddenly “
The problem is that today’s security and compliance professionals are extremely busy people, with high-priority projects coming in from all different departments. At the same time, they must attempt to keep abreast of constantly evolving cyberthreats and industry regulations, while devising and implementing a security strategy that addresses these ever-changing elements. In spite of this fast-paced work environment, it’s easy to allow the seemingly less-pressing tasks fall off a “to-do” list. From there, it’s even easier to justify procrastination. “We’ve never been breached, so we must be doing everything right. We can put off our compliance audit a couple more months, or worry about our software security patch next week.”
Alas, many professionals put off security and compliance initiatives for these reasons and others, often with catastrophic results. Take Equifax, again, for example: the company allegedly
Are you a security procrastinator?
No matter how long their “to do” lists, security and compliance professionals must take a proactive approach to safeguarding data, thereby protecting their company’s reputation and their own careers. Yet many continue to put off the company’s most crucial security and compliance efforts. The primary reasons I hear in the field, include:
- Lack of internal expertise:
- Seemingly low odds of a data breach
- Urgency exceeds importance:
Many or all of these circumstances may ring true to you and your company. In the future, it doesn’t always have to.
Why wait? How to convey urgency for data protection
Of course, not every company is guilty of playing the waiting game for strengthening data security. Even the biggest brands, with large budgets and robust security systems are vulnerable to data breaches. Regardless of where you and your company stand in your security and compliance initiatives, take heed of the following advice to convey a sense of urgency for protecting your most sensitive data:
- Share your vision:
- Talk costs to the C-suite:
- Stress compliance as an ongoing initiative:
- Remove sensitive data from your business infrastructure:
No matter what your industry, compliance and security are not something you can put off until next year, next month, or even tomorrow. It takes just a single incident to not only adversely impact your organization, but also your current job and future career. Act now and act decisively. Once you’ve acted, understand that the work still isn’t done. Take an ongoing, proactive approach to security. Make compliance a living and breathing part of your organization, and you’ll have both greater data security and increased job security.
About the author:
Source: infosec island