Cyber Security: Five Critical Questions Leaders Have to Ask

An organization leader, county judge, mayor, or company president does not have to know everything about cyber security, nor are they expected to unless you run a cyber security company. However, they should ensure their team can adequately answer some basic questions.

1. What do we have, and what needs to be protected? You cannot protect what you don’t know you have. Therefore, the first step in implementing a cyber security solution is to determine what your “crown jewels” are, that is, what data and operations are most valuable to your organization’s survival. Additionally, managers should be familiar with the basic “W’s.”
   • Who holds and is responsible for the data and operations? Who has access to the data?
   • What sensitive information do we hold (e.g., PII and credit card information)?
   • Why do we retain this information? Is it necessary for our operations?
   • Where do we store data, and is it encrypted? Is it physically safe from natural disasters, etc.?
2. What is our cyber risk, and what is our risk tolerance? This will help everyone on the team understand what you are willing to accept and what MUST be protected.
3. Are we allocating an adequate portion of our IT budget to security? While most organizations spend between 3% and 10% of their overall IT budget on security, managers should understand that there is an initial outlay for assessments, implementing technology, and developing policies before the monthly fee, which will be less and cover ongoing monitoring, scans, and training.
4. What is our plan if something were to happen? Having a continuity of operations plan is crucial for ensuring that you can continue operating or return to operations quickly. It is better to know what you will do ahead of time rather than trying to figure it out during a crisis. Additionally, managers will often be responsible for answering questions from the media, regulators, law enforcement, and other relevant parties.
5. How can I contribute to creating a culture of security within our organization? Relying solely on your IT or cyber security person or team to handle the security of your organization will fail if the leadership does not support and encourage the implementation of a cyber security solution throughout the organization. This includes everyone accepting the installed tools, following the procedures, and participating in security training.

Your organization doesn’t have to face these cyber security threats alone. Commonwealth Sentinel can assess your existing IT security and collaborate with your team to enhance it. We provide a wide range of cyber security services to help keep your organization running securely.  

At Commonwealth Sentinel, we stay focused on cyber security so you can focus on other things. Contact us today or sign up for a free consultation.