4 Data Security Tips For CIOs - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IT Leadership // Security & Risk Strategy
08:06 AM
Connect Directly

4 Data Security Tips For CIOs

Security challenges facing CIOs will continue to escalate because the payoffs are high for perpetrators, and risks are relatively low. Here are four tips to help turn your organization -- and your data -- into less appealing targets for the bad guys.

Insider Threats: 10 Ways To Protect Your Data
Insider Threats: 10 Ways To Protect Your Data
(Click image for larger view and slideshow.)

Several high-profile data breach cases from last year have put security front-and-center for many CIOs and IT professionals I work with on a daily basis. It's also the one area CIOs tend to lose the most sleep over.

While no organization can be completely protected, strategies can be put in motion to significantly reduce the potential of a data breach -- or at least minimize the impact when a breach does occur. Here are four ways CIOs can prepare to handle security threats in the next 12 months and beyond.

1. Get a Handle on Endpoint Devices.

BYOD is mainstream. The number of connected Internet of Things (IoT) devices in use is expected to surge beginning early this year. It's key that your IT organization is able to actively identify, monitor, and control any device that attempts to access corporate resources.

Adding in technologies such as identity and access management should be at the forefront of most CIO to-do lists this year. Visibility out to the edge is no longer a nice-to-have capability, it's an absolute necessity.

2. Data Extortion: What's your plan?

According to research from TrendMicro, data theft for the purpose of extortion is likely to be on the rise. In such situations, time is not on your side.

[What's in your career improvement plan? Read 10 Skills CIOs Need to Survive, Thrive in 2016.]

Work with your counterparts in information security, governance and compliance, HR, and legal to develop plans of action that specifically address different types of extortion scenarios. Consult with law enforcement groups and security experts to make sure you're covering all your bases and minimizing your risk as much as possible.

3. Social Engineering Training

It may seem absurd that in 2016, CIOs still must train employees against social engineering attempts. But social engineering attacks are growing increasingly sophisticated and can fool even the savviest of employees.

(Image: MF3d/iStockphoto)

(Image: MF3d/iStockphoto)

Younger employees may be your greatest risk, as they're already accustomed to different views about personal privacy, leading them to expose your organization by openly sharing on social media all manner of details about their professional lives and the places they work. Such information can be easily mined to form a tailor-made spear-phishing email that will gain the trust of an employee. Once that's done, it's game over.

Don't wait to start training your employees in how to avoid becoming a victim of social engineering.

4. Hire a Data Protection Officer.

If 2015 taught us anything in the world of data security, it's that it can't be quarterbacked by the CIO alone. In 2016, one of the fastest growing IT security management roles is likely to that of a Data Protection Officer (DPO).

The role is a regulatory requirement for enterprise organizations in some parts of the world. A DPO is responsible for the legal and technical details behind your data security strategy. From there, the guidance can percolate up to the CIO and be put into action throughout the organization.

Security challenges facing CIOs will continue to escalate because the payoffs are high for perpetrators, and risks are relatively low. Until something changes to level the playing field, CIOs are going to have to do whatever they can to turn their organizations -- and their data -- into less appealing targets for the bad guys.

**Elite 100 2016: DEADLINE EXTENDED TO JAN. 15, 2016** There's still time to be a part of the prestigious InformationWeek Elite 100! Submit your company's application by Jan. 15, 2016. You'll find instructions and a submission form here: InformationWeek's Elite 100 2016.

Andrew has well over a decade of enterprise networking under his belt through his consulting practice, which specializes in enterprise network architectures and datacenter build-outs and prior experience at organizations such as State Farm Insurance, United Airlines and the ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Becoming a Self-Taught Cybersecurity Pro
Jessica Davis, Senior Editor, Enterprise Apps,  6/9/2021
Ancestry's DevOps Strategy to Control Its CI/CD Pipeline
Joao-Pierre S. Ruth, Senior Writer,  6/4/2021
IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll