The cyber risk landscape is changing rapidly, and cyber breaches are becoming more frequent. Organizations have been slow to adapt to this new threat environment. The biggest threats today come from outside the network, including digital and social media, as well as third-party vendors. However, organizations are still mainly focused on traditional IT security risk management. They are not updating their processes and policies or investing in the tools and technologies needed to effectively tackle the latest and most urgent threats. As the cyber risk landscape changes, cyber risk management must also evolve to ensure security, privacy, and data protection. Additionally, public awareness of the importance of digital risk management is growing, along with scrutiny of how companies manage data and privacy. Digital risk management can impact consumer trust, customer loyalty, and even shareholder value.
As we begin the new year, it’s time to comprehensively rethink how to approach digital risk management and your digital governance. Here are some tips to get started:
• Educate senior leadership and the board on the evolving cyber risk landscape and the importance of including digital and social media risk management in cyber risk management.
Senior leaders and boards must gain a better grasp of the current digital risk landscape. The 2017 – 2018 National Association of Corporate Directors (NACD) Public Company Governance Survey shows that boards feel quite uneasy about managing cyber risks. Only 12% of board members think their boards have a strong understanding of cybersecurity, and just 37% are confident their companies are well-protected against cyberattacks. This was echoed in JEM’s 2018 State of Digital Risk Management study. One survey participant noted, “You need the C-suite on board. Ours faced issues a couple of years back, and that was the push we needed to make progress.”
• Invest in tools and technologies to proactively identify and manage advanced attacks delivered via email, social media and mobile apps.
Audit your digital landscape. Make sure you have an up-to-date and comprehensive audit of all digital assets to avoid domain fraud and account sprawl. Tools and technologies can proactively scan the web to identify rogue and fraudulent accounts and activity to help you protect your accounts and alert you to potential hacks. Monitor social media. Make sure that everyone who is responsible for monitoring social media is aware of the plans and workflow in the case of an attack. Run scenario-based exercises. And, audit your technology vendors to ensure that they comply with your security and data privacy policies and standards and are GDPR-compliant.
• Make digital and social media training for employees a priority.
Make sure to include instruction on how hacks like email phishing attacks happen, password best practices, etc. to best protect accounts. Be sure that your employee social media policy includes instructions about how to secure both branded and employee accounts. Make digital risk management training part of the new employee onboarding process.
Offer reverse mentoring for executives, pairing them with digital natives. and keep your training up-to-date to ensure that it’s keeping up with the ever-evolving threat landscape.
• Adopt a comprehensive organizational approach to cyber risk management through the creation of a Digital Center of Excellence.
Ensure cross-functional leadership of digital risk management through the creation of a Digital Center of Excellence (DCOE), which acts as a trusted strategic partner to help teams understand and embed new digital and social media technologies and programs safely and effectively. The DCOE provides digital leadership, oversight, training, best-in-class advice, communicate best practices. DCOEs provide frameworks to think and act comprehensively and collaborate and communicate across departments and functions. They are responsible for strategy/oversight/coordination across the organization. DCOEs set standards and best practices and oversee digital governance. Develop employee communications, training and enablement programs to help employees, management and senior leadership better understand, identify and manage these new risks.
To sum it all up, organizations can improve their digital risk management by focusing on people, process and technology. Senior leadership and boards need to better understand the evolving cyber risk landscape and the importance of protecting their organizations from digital and social media risks in addition to more ‘traditional’ cyber threats. Organizations must make training and education for employees a priority and consider creating a Digital Center of Excellence or Digital Governance Center to provide a framework to think and act comprehensively and collaborate and communicate across departments and functions. And organizations must make investments in new tools and technologies to proactively identify and manage advanced attacks delivered via email, social media and mobile apps. Organizations need to adopt a more comprehensive approach to risk management to address new threats coming from digital, social media and mobile. This can be accomplished through more effective collaboration between the growing number of departments and functions responsible for risk management, including not only IT, but also the digital and social media teams, compliance, marketing and others.
The growing number of cybersecurity risks and the expansion of responsibility for managing these risks beyond the IT department make it imperative that organizations rethink their approach to IT security for the digital age. Companies need to understand and address these new risks, including third-party, public and consumerized infrastructure, and internal and external threats.
Wishing you a successful, safe a secure 2019!
Read more: