7 Cyber Security Actions CEOs Can Take Right Now to Protect Their Data and Networks

cyber cybersecurity information protection network security
When it comes to cyber security, we're all bankers now.

Did you know Lloyd’s of London estimates cyber attacks cost businesses as much as $400 billion a year? Some forecasts put the figure as high as $500 billion and more.  

Ever notice the physical security at a bank?

Additionally, consider the bank’s policies for access to the vault. My guess is it’s tough for anyone to get in there. In the information age, we can learn from bankers when it comes to security.  

Just like a bank manager is responsible for the bank’s vault, CEOs are accountable for safeguarding their company’s data and their network.

We’re all bankers now.

Here are 7 actions CEOs can take right now to protect their data and their networks: 

Implement a culture of tight cybersecurity.

Good bank managers consistently emphasize the bank’s security policies; CEOs can do the same. In many companies this will represent a true cultural shift and it will be hard. It must begin at the top and must be enforced at every level within the organization.

Don’t take it from me.

According to PriceWaterhouseCoopers’ July, 2015 report, Key Findings from The 2015 U.S. State of Cybercrime Survey almost half of Boards still view cybersecurity as an IT matter, rather than an enterprise-wide risk issue. The report ends with this ominous warning:

“The time for change is now. Organizations must summon the vision, determination, skills and resources to build a risk-based cybersecurity program that can quickly detect, respond to and limit fast-moving threats. Those that do not risk becoming tomorrow’s front page news.”

Ban USB flash drives.

But isn’t this too hard to do? Not really. The Department of Defense has banned them for years. Not only has the DoD banned flash drives; they have alarm systems in place and track and report use violations.

These ubiquitous devices can carry viruses and other malware. Additionally, because they are easy to conceal and can store huge amounts of data they are great tools for cybercriminals.

I’ve lived without flash drives for the past 7 years and it’s hard for me to imagine they’re still around.

Get serious about passwords.

Here are the top seven passwords according to lifehacker:

  1. 123456
  2. password
  3. 12345
  4. 12345678
  5. qwerty
  6. 123456789
  7. 1234


Implement a password policy, inspect it, and enforce it. Passwords should be 12 characters, upper and lowercase letters, numbers and special characters. There’s a plethora of websites devoted to how to build a strong password and, just as importantly, how to remember them.

Re-certify every email account.

Require it be done in person and with a valid ID. Pick a date 30 days from now and lock uncertified accounts after that date. An additional 30 days later, delete uncertified accounts. Simple, and closes avenues of approach from cyber criminals.

Implement mandatory information assurance training.

OK, I don’t like this one any more than you do, but cyber security training works and more importantly it helps establish the culture. Be the first to take the training and mandate your senior executives do the same. Lock accounts of those that don’t complete the training in a timely manner.

Track and monitor software patch implementation.

Software patches are more than fixing glitches in the software; they’re designed to protect you from the latest malware. Get’em done.

Limit access to your most valuable data.

Make it hard to see. Did Private Manning really need access to hundreds of thousands of U.S. diplomatic cables? Was it essential Edward Snowden have access to a million classified files? True, history and human nature indicate we may never eliminate the insider threat, but we do have the ability to limit what’s taken.

Implement these policies.


Got more ideas? Join the conversation and let’s hear them.


Paul McGillicuddy has over 10 years of executive-level leadership experience and is working as an independent consultant.  

Want to discuss ideas or connect?

Phone: 916-899-7348


Twitter @phmcgillicuddy 

LinkedIn: https://www.linkedin.com/in/paulmcgillicuddypresidentcoo

In collaboration with Julia Nash: Julia is an IT professional in the area of technical sales for IBM cloud services. In her spare time, she’s into cybersecurity and front-end programming for application and game developments.

Write a comment

Comments: 2
  • #1

    Michael Edward Kohlman (Friday, 29 January 2016 20:31)

    Implement regular 3rd party penetration tests, at minimum annually (if you are a B2B or B2C, every 6 months would be better).

    Ideally this test Internal as well as External, with a social-engineering component as well.

    And MOST IMPORTANT (because I have personally seen it happen). Create a team with the power and authority to ensure that reported vulnerabilities are reviewed and become actionable items.

  • #2

    Michael Edward Kohlman (Friday, 29 January 2016 20:38)

    Conduct a full-audit with complete documentation of all 3rd party access (Vendors, Maintenance, Consultants, that brother-in-law who needed VPN for a week) and what networks and systems can be "touched" by that access. Review at least Annually.

    Remember, Target was taken down by a HVAC Vendor Account.