The introduction of enterprise social media, mobility and consumerization tools in SMBs is opening the proverbial door for potential data leaks. CIOs who can take the reins on IT security risk management are a highly sought-after commodity.
How prepared is your technology team for the IT security threats that lurk around every corner? Learn how CIOs can practice effective IT security and risk management by reviewing our recent news coverage, videos interviews, security definitions and quiz.
This guide to IT security risk management is part of SearchCIO-Midmarket.com's Midmarket CIO Briefings series, which is designed to give IT leaders strategic management and decision-making advice on important issues.
Table of contents:
Wise up and secure your social media
When most people hear the term social security, they think of retirement. As a forward-looking CIO, social security may have a different meaning -- the impact that social media has on your security policies.
Most midmarket companies are still small enough to have a flexible, organic organizational structure and policy architecture. This is absolutely necessary to facilitate the shifts you have to make in a competitive environment. It's also your primary advantage against larger, less-agile competitors. The drawback, however, comes from the security threats social media will present as the new generation moves into the workforce. Effective IT security risk management mandates that you have good process leadership and a strong policy architecture. While these are classic challenges for a CIO who is trying to stay flexible, they are imperative capabilities for building not only your midmarket company's protection, but also its competitive advantage.
Read the full tip from IT consultant John Weathington for advice on IT security policy management.
IT security and risk management videos for CIOs
These videos delve into IT security and risk management in the areas of data privacy, mobile device security and software development.
IT security risk management in a world of hacks and threats
Every CIO knows that tools like Google two-factor authentication are an easy, automated way to stop hackers, but not everyone follows security best practices -- particularly on our personal accounts. Unfortunately, the line between work and personal life has blurred, meaning that your business' data privacy is only as good as your users' best security practices.
Last Friday -- ironically, the very day people were urged to change their Dropbox and Yahoo passwords -- journalist Mat Honan was iHacked. Hackers were able to wipe his iPhone, iPad and MacBook remotely, while taking command of two Twitter accounts and wiping his hacked Gmail account and personal iCloud.
The important takeaway from the iHack hijinx is this: The hackers weren't using brute force, cracking algorithms, keystroke logging or stealing passwords from Dropbox and Yahoo. Honan was using strong passwords, but that didn't stop the hackers. They used good old-fashioned social engineering and exploited Apple and Amazon's own security weaknesses.
Using one or two email for most of our cloud services is extremely convenient, but it also gives hackers an easy access point to do a lot of damage in a short amount of time. In this situation, if Honan had activated Google two-factor authentication to stop hackers from accessing some of his cloud-based social life and accounts, he would have saved some of his data and accounts. His Apple devices and iCloud still would have been wiped, however.
Read more from site editor Wendy Schuchart in her column on protecting against hacks.
IT security and risk management: A glossary guide
Familiarize yourself with the risk management terms below to keep your IT security program up to snuff.
The evolution of IT security risk management responsibilities
Although many midmarket and SMB organizations have yet to dedicate a staff member solely to the information security role, the time to do so might have arrived. IT organizations are at a crossroads today, and the need for such an assignment is growing by leaps and bounds as organizations fall under ever more burdensome regulations. Security professionals will be in high demand as organizations branch out to leverage new trends and opportunities, such as bring-your-own-device and cloud services.
Here's what the role of a chief security officer (CSO) might look like in 2020.
Read IT expert Scott Lowe's full tip to see why your IT organization could benefit from hiring a CSO.
IT security issues quiz for CIOs: Test your knowledge
IT security risk management issues are a top priority for today's CIOs, with security and compliance knowledge among the most sought-after CIO skill sets. The safety of company data, transactional records and client information is of paramount importance, especially as open source software, cloud services and bring-your-own-device technologies gain more prominence in the enterprise. As a result, many organizations are taking another look at their IT security policies, detailing potential risks and planning for business continuity and disaster recovery.
Our CIO interviewees and expert IT contributors have brought you advice on how to avoid system failures, dodge site outages, protect data and more. So, what have you learned about IT security and risk management issues and -- most importantly -- what can you do to avoid the worst of them? Review some of our recent coverage and take this quiz to find out how much you know.