Don’t Take The Blame For A Security Breach

Saturday, January 16, 2016 9:15 am, Posted by Absolute Destruction

The aftermath of a data breach is never pretty. Once a corporation realizes its security has been the victim of a targeted attack, chaos can ensue. The priority for the CEO, Chief Information Officer, Board of Directors, and IT team is united in determining the extent of the breach, to understand what and who was affected. They need to establish what part of the company’s defences allowed such an attack to successfully occur.  The affected clients have to be notified, the press has to be alerted, and negotiations over compensation have to ensue. New security measures have to be enacted, to prevent another breach from happening again, and finally, blame has to be laid.

Even for the smallest enterprises, plenty of personnel are responsible for the company’s security policy and measures. For a large corporation, the number of people involved creating and enforcing security policies can be in the hundreds, from the highest in management to the lowest in new hires. When there can be this many individuals implicated in a policy that ultimately failed the company and exposed client information, it may seem like it would be difficult to determine who exactly should be held accountable. Unfortunately, in the world of business, there is almost always only one answer – the CEO.

As the person who authorized every act, section, and subsection of the corporation’s security policy, the CEO is answerable for any flaw in the procedure he or she signed off on. Even though it was the combined efforts of the CIO, Board of Directors, and IT team that ultimately failed only he (or she) who signed on the dotted line is culpable for the security breach.

In the past, this culpability almost always prefigures termination, even if the CEO in question was a long-time leader whose efforts benefited the company. Take, for example, Gregg Steinhafel, CEO, President, and Chairmen of Target. In 2014, a data breach exposed the personal information over more than 110 million of Target’s customers. The data heist involved the retailer’s point-of-sale terminals, which released the names and credit card information of those who used them. In a magnanimous public letter, Steinhafel wrote that he felt personally responsible for the breach and that, in addition to an overhaul of the company’s security measures, the best course of action would involve his resignation.

You’ll more likely remember the data breach that released the members of the website, AshleyMadison.com earlier this year. President and CEO of Avid Life Media Inc, the parent company of the infidelity website, has resigned from his position after news of this breach went global. Though this hack has a different set of consequences for those whose information was exposed, the same kind of data, including names and credit card information, was released.

If you’re the CEO, president, or founder of any company, a flaw in your business’ security policy can lead to your downfall. In order to safeguard your position, it’s important that you do your due diligence as leader, ensuring the appropriate steps are taken to protect your company and its clients. Incorporating our secure document destruction services is just one of the ways you can do that, as it eliminates any possible breaches stemming from improperly disposed of paper and digital material. Confirming your security specialists, CIO, and Board of Directors are working to create a comprehensive in-house and cyber security plan is another way to guarantee the confidence of your policies.

When the consequences of security breach are so dire, there is no reason to postpone a meeting with us. Don’t delay strengthening your security policies, so give us a call today. We’ll help you protect all of your physical and digital documents.

© 2018 Absolute Destruction. All rights Reserved.