Ubiquitous social and business networks, and the wide range of interconnected sensors and devices make it much more difficult to firewall an executive.
The C-suite is a favorite target for cyber and identity thieves. They have the most valuable credentials in the enterprise when combining the value of the information and assets to which they have access, along with their own value to the company.
While Jane Doe’s credentials go for some dollars in the identify theft marketplace, executive credentials for a Global 1000 enterprise can go for hundreds of thousands of dollars. Combine this with an executive’s aversion to security policies, and you have the kind of triangulation that makes for successful exploitation.
Modern executives have grown up with technology and it’s hard to separate them from it (more bait). There is also a growing expectation of hyper-connectivity; to go faster, go smarter, and outperform the competition. This just expands the waters and seasons to bag a trophy fish.
Here are five suggestions for executives and their organizations to reduce executive risk:
Leave no trace
Well, try at least. Ideally executives would behave as if they were in a natural preserve and leave no trace. While corporations may leave a pretty big carbon footprint, it is not necessarily the case that executives have to do the same in cyberspace.
It is critical to develop a practice of personal information hygiene and set in place a privacy design style that benefits any individual and organization. Why not practice global privacy best practice and greatly reduce the executive — and organizational — risk profile? In other words, you must see a big fish to catch it.
Offer personal training
Executives respond to challenges, and top performers accept being pushed by a coach, which is where fitness is obtained by regular workouts. Keeping your executives and te protection systems operating at high levels of performance matters. It’s better to make your C-suite sweat than someone with criminal intent. The fitter your internal systems are, the tougher the target is!
Executives expect perks and typically belong to airline, hotel, car rental, and other travel clubs. Each of these brings its own set of network and connectivity challenges.
Secure device, burner device, VPN by default, and white-listed access are all things that need to be in place, particularly for executives on the go. Be careful when you are in unfamiliar waters.
To be clear, the biggest risk is the human one. No firewall, biometric multi-factor authentication, or AI super protector can overcome bad human decisions, and depending on an executive’s personality, some version of compulsion, excitement, fear, greed, and even charity and empathy can be exploited.
If you can identify a person’s vulnerability, you will greatly reduce the executive risk. Know what may work as bait.
Usable and invisible
The best security and privacy are never felt or seen. Find the path that makes it easy for executives to work cooperatively with business, security, privacy, legal, and information technology staffs, and create as little user friction as possible while maximizing protection. Drive this to where security and privacy are operational by default.
Salvatore D’Agostino, CEO, IDmachines; IT Security Council Member, ASIS; Co-Founder, OpenConsent, [email protected]