Jim Berlin is the chief executive officer and founder of Logistics Plus, headquartered in Erie, Pennsylvania. The company provides freight transportation, warehousing, global logistics, and supply chain management solutions through its worldwide network of professionals. To learn more, visit www.logisticsplus.net.
I am neither an expert in the area, nor do I want to be one. But as the CEO of a company, I am ultimately responsible for everything related to it, and that nowadays certainly involves cyber safety – the safety of our customers’ business and information, our own, and, of course, our people’s safety.
I say business and information, though these two are very closely intertwined. It may not even be possible to draw a line between yours and your customers’ information and what you actually do for them.
There are many statistics on how much it costs to recover from a data breach. Google says (ok, IBM and Ponemon institute say) $3.79 million, on average. They list higher customer turnover, increased customer acquisition costs, and a hit to reputations and goodwill as the main factors – and that is for the company that suffered the breach. If you are deeply entrenched in another company’s supply chain, there may be a ripple effect that is not even mentioned here. Let’s be honest – small and mid-size companies offering services may never recover from the trust lost due to a bad data breach or prolonged system outage.
So what do we do, without the unlimited resources of the large corporations?
1. First, of course, is knowing what is at risk. What systems, what data, what processes make the company, and make the company (and the customers’ companies) tick.
2. Invest in prevention. Good IT teams have good systems and get the outside help they need. Get the systems that stop bad stuff before it gets to us, implement redundancies, and then test the results. I know of companies that invest a lot in technology and think they are safe, but never put it to a real life test. The people that built something can rarely break it because they test what they have put in place. Plus, ‘state of the art’ and ‘secure’ can be current, but never a permanent state. We bring outside consultants to review and test what we have (networks, servers, security, backups, failover systems, connectivity, even service pricing) once a year, then we work on their recommendations…and then repeat. It’s surprising how things that were ‘ahead’ last year can be ‘behind’ this year.
3. Educate and train your people. A company’s systems environment is as strong as its weakest link and sometimes it may not be a system. Employees who understand their role in safeguarding sensitive data and company resources and follow some good cyber practices and common sense are the ultimate cyber safety secret.
And have a plan B. Do your best on the three fronts above but be prepared to act and mitigate risks, if something doesn’t go as planned. Security and disaster recovery planning, together with testing them, are probably the least favorite of IT teams, but is necessary. Where are yours and when were they last tested?
Please share your ideas on cyber safety with your fellow CEOs on this secure, exclusive blog. This is MBA’s first CEO SoundOff blog – a medium intended to facilitate fast, confidential comments among our region’s business leaders. So please, SoundOff!
