1. Make it a boardroom conversation. If it isn’t already, add it to the agenda. If it is, are you just talking about compliance or IT spending? Consider cybersecurity as a cross-organizational, businesswide objective.
2. Put a target on your own back. Most businesses do not consider themselves at risk. I often hear the words, “I don’t have anything of interest to hackers,” or, “Luckily, we don’t have any sensitive data,” following a conversation about the latest breach to hit the news. Yet more and more businesses are disrupted by malware, loss of data and financial fraud.
3. Create a culture of accountability. Leading from the top is the only way to make sweeping improvements in risk posture. Promote security through the organization in all aspects of the business. In any business, transparency and communication regarding risk are critical.
4. Collaborate with your peers. Too few companies share information about cybersecurity-related issues today. Work with others inside and outside your field to improve your corporate understanding of cybersecurity.
5. Ignore the noise, and take action. Cybersecurity is a scorching hot industry right now with thousands of products, many of which over-promise and under-deliver. Consult a professional that specializes in security and risk management to help guide you through the process.