Everyone’s information deserves to be protected. However, this need is a lot more critical for some company employees – mainly executives, board members and other VIPs. Yet many companies with limited resources are failing to prioritize the securing of critical data for these people. This is a crucial mistake that can turn an isolated data breach into one that causes undue financial risks and long-term ramifications for both companies and individuals.
No one blinks when a huge amount of money is spent on better physical security for executives. But physical security is no longer enough. If an executive’s information is leaked, it can wreak havoc on an organization. And the leaking of crazy personal emails – like those from Sony’s executives that were recently made public – isn’t even the half of it.
An executive’s or VIP’s information is a high-payoff target for any hacker – and steps must be taken to make a higher-payoff target much more difficult to exploit. (Note: VIPs include your Jedi developers and scientists – not just the guy and / or gal that smiles for the camera!)
VIPs and executives are absolutely reliant on the public’s perception of them. When good – or sometimes even bad – information gets out about a VIP, it can boost their careers. But what about VIP information you do not want to get out, such as jokes, stupid comments, arguments or anything that will look bad in the public eye? These things, if leaked, can put your brand and whomever you represent at risk if you don’t have someone properly protecting your information.
Executives have huge responsibilities. They are, in a way, the face of the company or brand and therefore do well when the brand is doing well. But they are also easily hung by the public when things go wrong. Excellent executives are often crucified for breaches they had little control over.
The point is that if you rely on your public persona to ensure your brands success, then you need to get very serious about your own personal cyber security. Your defensive strategy shouldn’t be to just hire a high-profile lawyer to sue everyone who reposts your information online. Instead, you need to be proactive. You need to ask your IT and cyber security staff what they are doing to ensure that executive data and email is protected. You should also make sure your organization is taking the following precautions to ensure that your executives’ and VIPs’ information is safe.
- Airgap your personal cell phones, tablets, USB, and other devices from your work computers. Do not plug anything your wife, husband, or child has been using for their personal use into your work laptop or peripherals – this includes just to charge them. Good hackers will try to get you through well-crafted emails with attachments – if that does not work – they will try to get jump points into your system thru friends and family.
- Ask for an approved mobile hot spot for your system. Do not use any public wireless if at all possible.
- Limit the type of applications and number of applications you are running on your devices. The more you can reduce your attack surface the better off you will be.
- Set up logically segmented VLANs for VIPs and executives that restrict what ports, protocols, and services are enabled. VIPs’ and executives’ machines should also be isolated on the network so that attacks against an organization’s lower levels do not impact the executive suite.
- Encrypt executives’ and VIPs’ data at rest and in-transit as much as possible. Set up encrypted drives and file shares, and transparently encrypt and decrypt their data.
- Have an experienced expert continuously watch their devices and accounts – 24-7, 365 days of the year. And if an incident happens – and it will – make sure you have a staff that is trained to isolate the incident immediately. This keeps day-to-day breaches from landing on the front page of USA Today.
- Have someone conduct ongoing pen tests on your systems and devices – annual tests just don’t cut it anymore. An experienced pen-tester should constantly be checking the doors and adjusting the locks.
- Train everyone in your company on security awareness – not just your cyber security staff.
Safeguarding all of an organization’s employees is always recommended if you have the resources. But your executives and VIPs should always be your top priority — because the loss of their information can result in major, and sometimes fatal, losses for your organization.
To learn more about protecting your executives’ and VIPs’ information from hackers, talk to a cyber Jedi at Lunarline.