How to Stop Worrying about Cybersecurity and Compliance: Part I

The first in our two-part report that will help busy CEOs mitigate the stress of cyber security and compliance.

It’s not an exaggeration to say that most days we hear from companies who have been hacked. Their reputations are damaged, they’ve lost money, and they’re not sure what to do next.

Freeman Clarke CIOs, CTOs and IT Directors have deep experience in helping clients navigate these dangerous waters. But the uncertainty can begin much earlier: we’ve also seen how even the threat of a cyber attack makes many CEOs of mid-market companies feel exposed and uncertain.

Another stress is the related issue of compliance. Many companies are at risk of huge contractual penalties from their customers in the event of a data breach or the like. And the law is tighter than ever, with big government fines making headlines.

For business in heavily regulated industries, security standards and good practice are part of the corporate culture. But for businesses in other markets, the situation is fuzzier.

These are complex issues. And a CEO’s time is short. It can be tough to find a simple, affordable strategy for security and compliance. It can be even harder to get someone in the boardroom with the necessary technical knowledge, experience, and sensible attitude to lead the approach.

That’s why we’ve prepared this two-part report: to provide busy CEOs with a template for mitigating the stresses and risks of cyber security and compliance.

Why It’s Hard to Get Started

In our experience the underlying issue is a simple lack of expertise. The IT team understands the technical issues; business teams understand the commercial issues. But there may not be someone at the executive level with a firm grasp of all sides of the problem.

Meanwhile, external advisors are typically selling expensive products like AI-based intrusion detection, data loss prevention software, or advanced malware protection. But they’re often more concerned with making a sale than helping your company.

Often the starting points should be relatively inexpensive training sessions that will cultivate a culture of compliance in your staff. At the same time, there are simple steps to reduce threats and to minimize impact in the event of a breach.

The ideas are straightforward, but their execution can be complicated. The executive team needs to accept that secure practices might not be as convenient or simple as the status quo. But keeping your business secure is worth the investment of effort, and, when done well, the positive impact enormously outweighs the negatives.

But, above all, given the real risks and regulatory environment, there is no longer any alternative to taking action!

The Basics of Security and Compliance

You may have heard that there’s no such thing as being truly secure. Well, that’s true — when it comes to cyber security, there is no finish line. But there are a set of basic, practical steps that every business should put in place.

Consultants, product vendors, and the media would have you believe that it’s much more complicated. But based on our years of experience with hundreds of mid-market companies, nearly every single hack or breach were a result of basic errors — mistakes due to carelessness, lack of training or lack of expertise.

Yes, sophisticated attacks do happen. But they’re very rare. And even when sophisticated attacks have occurred, basic measures have allowed our clients to recover quickly with limited damage.

Our follow-up article provides a clear roadmap to help you rest easier when it comes to security and compliance. In the meantime, for more straightforward advice about cyber security, see our article on the 13 Strategic Steps to Cyber-Security for Non-technical Board Members.

And here is Part II of How to Stop Worrying about Cyber security and Compliance.

Visit our Knowledge Center, which includes all content related to this topic.

Freeman Clarke is the UK’s largest and most experienced team of part-time (we call it “fractional”) IT leaders. We work exclusively with ambitious organizations, and we frequently help our clients use IT to beat their competition. Contact Us and we’ll be in touch for an informal conversation.