Technology Services • Published 10/30/2019 How to Talk to Your Executive Team About Updating IT Security

Cybersecurity Awareness Month is drawing to a close, and if you have been following our month-long content series, you may have learned a bit more about risks that every organization faces and what should be done to address them. However, if you’re not the ultimate decision-maker, you’re probably facing a new dilemma: How do you communicate the importance of cybersecurity to the people who can actually approve the necessary changes? In this article, we cover a few common hurdles you might face in those conversations and how to reply.

“Cybersecurity isn’t a priority right now.”

With so many pressing responsibilities, cybersecurity may not seem to be a top priority. Fortunately, a solid IT infrastructure can positively impact other areas of the company. Keeping your organization current with cybersecurity best practices can improve trust with current and potential clients and vendors who are seeing data breaches in the headlines, and who have likely been targeted by phishing attempts themselves. On the other hand, inadequate data security may affect your organization’s compliance with certain regulations (such as PCI, HIPAA, HITECH, FISMA, GDPR, or SOX).

“What we have has always worked.”

Remember that times have changed drastically in the past few years. The evolution of technology and cyber threats shows no signs of slowing down, and new vulnerabilities are identified all the time. Multi-faceted protection is necessary for organizations of every size because transactions and communications are increasingly digital. “The way we’ve always done it” is not an option when it comes to securing your systems, customer information, and even employee records.

“We can’t afford it.”

Acknowledge that prevention measures cost time and money, but point out that falling victim to a breach risks much more. Today’s cyber attacks can compromise a wide range of personal information, run undetected for months or years at a time, and undermine the trust your clients place in your brand. Recovery from an incident often includes significant costs and disruption to normal business operations. Small and medium-sized businesses often struggle to absorb the consequences and continue business without proper safeguards in place to facilitate recovery.

“We don’t need all this.”

Paint the picture. Even if you live in a seemingly safe neighborhood, do you lock your house at night? Having a formal IT policy, educating your employees, and testing for vulnerabilities at least annually are important steps toward locking your organization’s figurative “front door.”

“We don’t have the staff or experience.”

Point out that help is available. Many IT departments have strong internal teams to manage desktop and business-specific responsibilities, but they may not have expertise in cybersecurity. P&N’s cybersecurity professionals can help answer questions, train your employees, implement or update your written IT policy, manage a multilevel cybersecurity program, identify breaches, respond to incidents, and recover your data. From communicating the risk to creating a customized plan to address vulnerabilities, we can help strengthen your organization’s security posture so that you can focus on business.