One essential component to an organization’s internal controls is a entity-wide cyber security policy. Although the policy itself is essential, often there is a wide gap between the policy and reality. When is the last time you updated your policy to reflect current changes in technology? How often do you have an experienced firm do an updated analysis of your complete cyber security environment? Do you have 24/7 monitoring to see if any of your data is going out the door, or if your servers are under attack at this moment?
Many IT professionals can tell you the ten most essential bits of confidential data that are on an organization’s servers. They can tell you the potential holes in the security that keep them up at night. However often times, this information and these related concerns are not shared with key executives. In addition, many times other confidential data is laying out in the open on employees’ desks or in unlocked file cabinets. Does your organization spend an adequate amount of resources on the protection of cyber data… but when it comes to paper documents, do you leave the office door wide open?
I recently spoke with a CEO at a cyber-security consulting firm who told me the story of a rather large organization who had gone through multiple acquisitions. They had an elaborate system for cyber security. However, they had somehow forgotten about an old legacy system containing highly sensitive data. During the analysis of their entire cyber security environment, they discovered that that old legacy server not only had its data pilfered, but it was being used by hackers to distribute data that had been stolen from other organizations.
As a business owner or CEO, are you confident that all of your internal controls are properly in place and being tested? Do you have any sensitive data, trade secrets, customer information, etc. that has already left the barn without your knowledge and under your watch? Although it is never too late to close the barn door when you have prize possessions inside… don’t wait to make sure you have the proper controls in place. One of your prize horses may have already left the barn.