Skip to Content

Cybersecurity is not an “IT thing”

November 7, 2016 Blog 3 min read
With so many serious cybersecurity threats making headlines, the issue is getting harder for business leaders to ignore. Here's a recap of our webcast, and real-time white-hat hack, with nationally recognized security experts.

Image of man working on computer 

It’s hard to go a day without learning about a serious cybersecurity threat, from breaches at Yahoo and major law firms to the large-scale denial of service attack that recently disrupted several popular, high-traffic websites. Hackers co-opted devices connected to the “internet of things,” including cameras and baby monitors, according to The New York Times, to carry out a very sophisticated assault.

While reports of hacks like these disturb me as much as they probably do you, I’m glad about one thing: The issue of cybersecurity is getting harder for business leaders to ignore.

Cybersecurity demands our attention. Recently, Plante Moran IT partner Joe Oleksak participated in a webcast hosted by Chicago’s WBBM News Radio on the subject, along with two other nationally recognized cybersecurity experts. During the webcast, Joe pointed out that we at Plante Moran sometimes see executive nonchalance within the business community that doesn’t serve companies well.

It’s all too easy to gain access to a business’s IT systems and data. To make the point, Joe performed a real-time hack. With a WiFi scanner, password cracking rig, and a poisoned website he created, he took control of a demo laptop in a matter of seconds.

And, as the other participants also pointed out, hackers don’t even have to write much code. We share so much information online — nicknames, pet names, birthdays, where we went to school — it’s pretty easy to guess others’ user names, passwords, and the answers to their security questions.

When Joe quickly deciphered the encrypted password hash and announced it was “September2016,” the audience laughed nervously. “Don’t tell me if I just guessed your password,” he chided.

Joe’s experience is representative of the situation many of our organizations face. People are the weakest link. At clients’ requests, we often test their IT network and the security of their data by trying to hack their systems. Recently, Joe’s team sent a fake e-card with an offer to receive a $50 gift card to staff of a client celebrating its 50th year in business. About 70 percent of recipients downloaded the file, effectively handing over remote access to their machines.

With BYOD (bring your own device), traveling staff connecting to wireless networks globally, and the dynamic nature of myriad cyber threats, we can’t afford to shrug off cybersecurity as “an IT thing.” Rather, education and change start with the board and C-suite. Leaders need to be talking often, and heading the necessary change in culture toward one in which information security is a top priority.

Top priority means organizations need to have a number of clear internal processes in place, including those to address instances when — not if — staff make mistakes, such as clicking on a bad link or downloading a poisoned file.

The security of your network and your data is a business issue, a mission-critical business issue. And it’s one we all need to be talking about — even on a slow news day.

Top priority means businesses must stay abreast of fixes and technologies to safeguard their data. Many companies are using technologies they previously invested in, and those technologies don’t always play nicely with the latest patches or upgrades. Joe shared that the average age of system vulnerabilities is seven years. Even simple things like keeping your browser plug-ins current are important for an organization’s security.

Finally, top priority means company leaders must understand that security is about more than technology. There’s no one simple solution, Joe noted. Gone are the days of building castle walls around your network. Cybersecurity calls for a layered approach that includes people (business leaders, staff, customers, and vendors), technology (firewalls and virtual private networks, for example), and processes (such as user training, incident response, and password management).

The security of your network and your data is a business issue, a mission-critical business issue. And it’s one we all need to be talking about — even on a slow news day.

What about you? Are you talking to your staff about cybersecurity? Is your technology up to date? And how easy would it be for a hacker to crack your password?

Related Thinking

2021 Executive Forum: Clarity and confidence, no matter what’s next

Webinar 3 hour watch

Centric Consulting’s Larry English on building a great remote organization

Article 7 min read

Keats CEO Matt Eggemeyer: Manufacturing a strong culture

Article 6 min read