This article appeared in the May 2020 issue of MiMfg Magazine. Read the full issue and find past issues online.

You have probably heard the term “cyber security” so many times you have become immune to it. Reports of data breaches and cyber attacks fill the news stations, warning us of what could happen if we aren’t prepared. In addition, being inundated with recommendations for tools and software that can help save the day can make it even more overwhelming — which just makes it easier to avoid.

While there are incredibly powerful tools available that can protect your business from a cyber attack, there is a bigger issue to address and there isn’t a tool out there that can fix it.

The issue doesn’t lie within the IT equipment in your facility. The issue lies behind the four walls of the executive offices. One of the biggest misconceptions about cyber security is that it is the responsibility of the IT department. Executives need to take responsibility for one of the greatest risks that face their business, its assets and its future.

Even though an executive could object to this by saying that cyber security is not an area they understand clearly, it does not mean they should not hold their team accountable. Executives need to ask their team the hard questions and not just assume that they have the proper security measures in place.

Often, business owners trust their IT team implicitly because — let’s be honest — technicians and systems engineers are wildly knowledgeable about their field. So, it is easier to just trust what their team says and trust that they are one step ahead.

The fact is that senior executives need to have two obligations and priorities:

1. Protecting their business in every way, shape and form
2. Holding their teams accountable

Executives don’t need to communicate fluidly with their IT team using the techno-jargon that we all innately fear. What they do need to understand though, is the level of risk their business is facing, what the company’s plan is to improve their security posture and how they are going to achieve it.

If you have even the slightest doubt that your business isn’t properly protected, then it is time to start asking your team the hard questions like:

• Are we utilizing a SIEM or SOC?
• What is our incident response plan?
• What is our disaster recovery plan and when was it last updated?
• How much are we spending on cyber security?
• What are we doing to educate our staff about cyber security best practices?
• Do we have a clearly defined Recovery Time Objective and Recovery Point Objective? Have we tested that we can meet them?

There are only two reasons why you would not be losing sleep over the state of your company’s cyber security. Either you have a clear understanding of your company’s current security posture and plan moving forward, or you haven’t even begun to think about it. If you haven’t started thinking about it or talking with your team, then know it is just a matter of time until it’s all you think about — and for all the wrong reasons.

ASK is an MMA Premium Member company and has been an MMA member since June 2016. Visit online: justask.net.

About the Author

Mike Maddox is the president of ASK. He may be reached at 517-676-6633 or mmaddox@justask.net.