Telephone
517-372-5900

Get COVID-19 updates and resources.

Menu

Why Cyber Security is the CEO's Responsibility

This article appeared in the May 2020 issue of MiMfg Magazine. Read the full issue and find past issues online.

You have probably heard the term “cyber security” so many times you have become immune to it. Reports of data breaches and cyber attacks fill the news stations, warning us of what could happen if we aren’t prepared. In addition, being inundated with recommendations for tools and software that can help save the day can make it even more overwhelming — which just makes it easier to avoid.

While there are incredibly powerful tools available that can protect your business from a cyber attack, there is a bigger issue to address and there isn’t a tool out there that can fix it.

The issue doesn’t lie within the IT equipment in your facility. The issue lies behind the four walls of the executive offices. One of the biggest misconceptions about cyber security is that it is the responsibility of the IT department. Executives need to take responsibility for one of the greatest risks that face their business, its assets and its future.

Even though an executive could object to this by saying that cyber security is not an area they understand clearly, it does not mean they should not hold their team accountable. Executives need to ask their team the hard questions and not just assume that they have the proper security measures in place.

Often, business owners trust their IT team implicitly because — let’s be honest — technicians and systems engineers are wildly knowledgeable about their field. So, it is easier to just trust what their team says and trust that they are one step ahead.

The fact is that senior executives need to have two obligations and priorities:

  1. Protecting their business in every way, shape and form
  2. Holding their teams accountable

Executives don’t need to communicate fluidly with their IT team using the techno-jargon that we all innately fear. What they do need to understand though, is the level of risk their business is facing, what the company’s plan is to improve their security posture and how they are going to achieve it.

If you have even the slightest doubt that your business isn’t properly protected, then it is time to start asking your team the hard questions like:

  • Are we utilizing a SIEM or SOC?
  • What is our incident response plan?
  • What is our disaster recovery plan and when was it last updated?
  • How much are we spending on cyber security?
  • What are we doing to educate our staff about cyber security best practices?
  • Do we have a clearly defined Recovery Time Objective and Recovery Point Objective? Have we tested that we can meet them?

There are only two reasons why you would not be losing sleep over the state of your company’s cyber security. Either you have a clear understanding of your company’s current security posture and plan moving forward, or you haven’t even begun to think about it. If you haven’t started thinking about it or talking with your team, then know it is just a matter of time until it’s all you think about — and for all the wrong reasons.


Premium Associate MemberASK is an MMA Premium Member company and has been an MMA member since June 2016. Visit online: justask.net.

About the Author

Full NameMike Maddox is the president of ASK. He may be reached at 517-676-6633 or mmaddox@justask.net.

This article appeared in the May 2020 issue of MiMfg Magazine. Read the full issue and find past issues online.

You have probably heard the term “cyber security” so many times you have become immune to it. Reports of data breaches and cyber attacks fill the news stations, warning us of what could happen if we aren’t prepared. In addition, being inundated with recommendations for tools and software that can help save the day can make it even more overwhelming — which just makes it easier to avoid.

While there are incredibly powerful tools available that can protect your business from a cyber attack, there is a bigger issue to address and there isn’t a tool out there that can fix it.

The issue doesn’t lie within the IT equipment in your facility. The issue lies behind the four walls of the executive offices. One of the biggest misconceptions about cyber security is that it is the responsibility of the IT department. Executives need to take responsibility for one of the greatest risks that face their business, its assets and its future.

Even though an executive could object to this by saying that cyber security is not an area they understand clearly, it does not mean they should not hold their team accountable. Executives need to ask their team the hard questions and not just assume that they have the proper security measures in place.

Often, business owners trust their IT team implicitly because — let’s be honest — technicians and systems engineers are wildly knowledgeable about their field. So, it is easier to just trust what their team says and trust that they are one step ahead.

The fact is that senior executives need to have two obligations and priorities:

  1. Protecting their business in every way, shape and form
  2. Holding their teams accountable

Executives don’t need to communicate fluidly with their IT team using the techno-jargon that we all innately fear. What they do need to understand though, is the level of risk their business is facing, what the company’s plan is to improve their security posture and how they are going to achieve it.

If you have even the slightest doubt that your business isn’t properly protected, then it is time to start asking your team the hard questions like:

  • Are we utilizing a SIEM or SOC?
  • What is our incident response plan?
  • What is our disaster recovery plan and when was it last updated?
  • How much are we spending on cyber security?
  • What are we doing to educate our staff about cyber security best practices?
  • Do we have a clearly defined Recovery Time Objective and Recovery Point Objective? Have we tested that we can meet them?

There are only two reasons why you would not be losing sleep over the state of your company’s cyber security. Either you have a clear understanding of your company’s current security posture and plan moving forward, or you haven’t even begun to think about it. If you haven’t started thinking about it or talking with your team, then know it is just a matter of time until it’s all you think about — and for all the wrong reasons.


Premium Associate MemberASK is an MMA Premium Member company and has been an MMA member since June 2016. Visit online: justask.net.

About the Author

Full NameMike Maddox is the president of ASK. He may be reached at 517-676-6633 or mmaddox@justask.net.
MFG Forum 2017
Events
MFG Forum 2017
The 2017 MFG Forum will outline the threats, discuss best practices and provide resources for protecting valuable manufacturing assets from cyber attack.
Mfg Excellence Awards 2017
Events
Mfg Excellence Awards 2017
This program recognizes excellence in manufacturing by honoring those who make a positive impact in their community and in their industry.
MFG Forum 2018
Events
MFG Forum 2018
The MFG Forum guides industry leaders through emerging issues like Industry 4.0 and provide resources to maintain Michigan’s manufacturing advantage in the 21st century.
Insurance Forms
Insurance, Internal Page
Insurance Forms
Download and print the forms you need to manage your benefits program.
Manufacturers Recognize Vantage Plastics for Community Impact
News
Manufacturers Recognize Vantage Plastics for Community Impact
MMA is proud to announce that Standish’s Vantage Plastics has been selected as the 2017 recipient of the MFG Community Impact Award.
Manufacturing’s Plan for Michigan
Advocacy
Manufacturing’s Plan for Michigan
Michigan’s economy is growing — but more remains to be done. Discover the industry’s top priorities for the 2017-2018 Legislative Session and help keep manufacturing moving forward.
Lobby Day 2017
Events
Lobby Day 2017
An exclusive behind-the-scenes look at the legislative process led by MMA’s Government Affairs team.
Reduced UI Taxable Wage Base Available in 2018
Advocacy
Reduced UI Taxable Wage Base Available in 2018
Eligible employers will qualify for a reduced taxable wage base of $9,000 for calendar year 2018 thanks to MMA-supported legislation passed in 2011.