Are you cyber secure?


Cyber Security

How do threats to cyber security impact enterprise families?  The challenges of living in a digitized world include both personal and business threats because significant financial, human and social capital resources are interwoven and consequently at higher risk than if the family had no business or the business had no family owners and managers.

Enterprise families have historically valued their privacy and guarded it vigilantly.  That is becoming more difficult in today’s digitized world where global networks of hackers and government agencies access individual and business records with increasing ease and frequency.  [See Harvard Business Review’s cautionary article “Beware Trading Privacy for Convenience”.]

Due to their linked business and family assets, using social media carelessly may also lead to heightened risks for kidnapping, assault or robbery when sharing photos or tweeting specifics about schedules and activities, by providing too much specific information about family members’ physical appearance, habits, travel and location.  Companies should review the risks of BYOD (bring your own device) as employees are increasingly using their own smart phones and tablets to access business information.  Developing policies around employees’ use of their own devices will both help develop awareness and provide additional safeguards to sensitive information.

Clever TV ads and movies like Identity Thief have heightened awareness about personal threats like thieves using credit cards for unauthorized purchases, the risk of bank and credit fraud and dangers social media create for tracking and exploiting the affluent.  See “Chilling ad shows how easy it is to steal your online identity” and “Parents Warned over Children’s Online Saftey”  for additional threats related to identity theft, sexting and cyberbullying, and blog postings “How to Lock Down Facebook Privacy” and“You Aren’t Using These 10 Simple Security Settings”  identify ways to implement protective tools like two-step verification on Facebook, Linked In, Twitter, Evernote and Google.

Expect some resistance to two-step verification.  It adds an additional step to logging in, for example, texting a code to your phone that you have to enter after you enter your password to open any of these programs.  Part of your analysis is to determine whether the short-term increase in complexity and time is worth the additional protection.

Research shows that for businesses, especially those in retail or in heavily regulated industries such as health care, financial services, pharmaceuticals, transportation, and communications, the cost of malicious attacks is on the rise and is far greater than systems glitches or negligence (“The Escalating Cost of Software Malice” ). See “How Criminals Use Botnets”  to learn more about how individuals may inadvertently expose their family business to risks when downloading apps or software onto individual devices like phones, tablets or laptops.  “How to Protect PC privacy and IP Address”  gives you suggestions about reducing those risks.

What can family business leaders do to assess threats to their business and family?  Proactive education is the first line of defense.  Researching articles to assess the applicability of suggestions in  “How to Protect PC privacy and IP Address”  and “15 Ways to Protects Your Business e-commerce Site From Hacking and Fraud”  will help you identify options that might help you protect your family business. See the following articles for examples of what others have done to protect business assets and reputation: MIT tool to understand your own metadata, “I hired someone to spy on me.  Here’s what they found.”  and “Why I Phished My Own Company” .

We use customized Fire Drills to identify challenges and develop action plans for responding to a variety of threats like kidnapping, identity theft, website hacking, business data breaches and commercial espionage. Fire Drill teams may include members of the Board of Directors, key management, shareholder and family leaders and an outside expert.  We look for next gen members who are already sophisticated users of social media, software, apps, phones and tablets. Each team member represents a constituency in the enterprise family system.  Team members gather information from and report back to their constituencies throughout the process of identifying challenges and threats to your family business’s cyber security and opportunities to improve it.

The net outcome of effective Fire Drills is action plan development and implementation combined with improved oversight of the system.  If, for example, you want to develop protocols for managing cyber attacks in your family business, consider the following “Ten Steps to Planning an Effective Cyber-Incident Response”  specifies ten principles to guide companies in creating — and implementing — incident-response plans:

  1. Assign an executive to take on responsibility for the plan and for integrating incident-response efforts across business units and geographies.
  2. Develop a taxonomy of risks, threats, and potential failure modes. Refresh them continually on the basis of changes in the threat environment.
  3. Develop easily accessible quick-response guides for likely scenarios.
  4. Establish processes for making major decisions, such as when to isolate compromised areas of the network.
  5. Maintain relationships with key external stakeholders, such as law enforcement.
  6. Maintain service-level agreements and relationships with external breach-remediation providers and experts.
  7. Ensure that documentation of response plans is available to the entire organization and is routinely refreshed.
  8. Ensure that all staff members understand their roles and responsibilities in the event of a cyber incident.
  9. Identify the individuals who are critical to incident response and ensure redundancy.
  10. Train, practice, and run simulated breaches to develop response “muscle memory.” The best-prepared organizations routinely conduct war games to stress-test their plans, increasing managers’ awareness and fine-tuning their response capabilities.

The links in this blog can also all be found in our Flipboard emagazine “CyberSecurity” available on iOS (iPad and iPhone) and Android tablets. Use these resources to design your own cyber security Fire Drill.