A Their Story conversation with Sean Martin, Marco Ciappelli, BlackCloak executives, industry thought leaders, and security/risk practitioners
Balancing protection, responsibility, and liability for the employees' safety and the safeguarding of company assets.
It may seem obvious and straightforward that there are clear lines between work time and personal time — work devices and personal devices — work networks and personal networks … and so on. It was never that simple before the work-from-home phenomenon, and it's only gotten even more complicated since.
In this three-part conversation, we'll be looking at what it means to protect the employee as a means to protect the business. We will look at what may not be evident for most organizations: how and where companies draw their lines of protection between their business and their employees matter. Get the responsibility lines drawn correctly, and the business revenue and growth can be protected. Draw the protection line(s) incorrectly, and you could be introducing liability that can be added to the overall corporate risk profile.
This is a 3-part podcast series that will cover three different perspectives across these 3 episodes: EXECUTIVES | EMPLOYEES | OPERATIONS
Bookmark this page to catch all of the episodes as they become available.
Listen and start protecting what matters using the best model possible for your executives, employees, operations team, and business.
Note: This story contains promotional content. Learn more.
Episode 1: Executive Staff and High Profile Company Leaders
We Can No Longer Draw Lines In The Sand: Executive Cyber Protections At Home Are Not A Question
Guests:
Malcolm Harkins, Chief Security and Trust Officer, Cymatic
Chris Pierson, CEO, BlackCloak
Most organizations recognize the importance of keeping their executive staff healthy and safe to protect the business from exposure and risk. However, many limit their understanding of the physical world, providing healthcare and personal security as the company's two standard services.
Those that have matured to a point where they also look at this from a cyber perspective — providing cybersecurity protections for their executives while at home, on personal time — may not realize that they are blurring the lines between individual responsibility and corporate liability.
In this episode, we explore the role the organization should — and shouldn't — play when it comes to protecting their executive team from cyber threats and attacks, which could have a catastrophic impact on the business of the cybercriminals succeed in their endeavors.
The answer to this challenge isn't as easy as removing the lines altogether or drawing a hard line and then setting controls, responsibility, and liability on one side. This said, the answer doesn't have to be hard either — it just requires a clear understanding of the problem and helping the organization achieve its risk management objectives while relieving them of the responsibility — and the liability.
At this point is not a matter of if, but how.
“I think many executives get it, the question just becomes, is there risk lense somehow minimizing it because they don’t fully comprehend the implications? And if that’s the case, then I think it’s incumbent upon the CISO to give them the scenarios and the data.”
“I think that last point is critical, absolutely critical. You want this solved, but you don’t want the company employees directly solving it for the executive team.”
Additional Resources
Episode 2: Every Function In The Business Has A Role To Play In Protecting The Business
Executive Team Special Privileges Can Introduce Unnecessary Business Risk
Guests:
Simone Petrella, CEO and Founder at CyberVista (@simonepetrella on Twitter)
James Shreve, Partner and Head of Cybersecurity, Thompson Coburn, LLP
Dr. Chris Pierson, Founder & CEO at BlackCloak (@DrChrisPierson on Twitter)
Think about it as a sports team — or any team really; if one player doesn’t play for the whole, it weakens the defense and makes it vulnerable. No matter how good or how important any one individuals seems to be, everyone has a role to play.
Executive leadership team members are unique and get treated like VIPs. They get special compensation packages, have unique and sometimes unusual contracts with the company—some aren’t even allowed to drive a car and must be chauffeured everywhere. Many also also experience a slough of “exceptions to the rules” when using IT devices and services.
Some of these benefits are designed to reduce the risk for the company. Others are designed to keep the executive happy and vested in the company’s interests while providing them with the freedom they need to do their job well. However, some of these “perks” could go against what the company is trying to accomplish; they might actually put their systems, data, and even their executive at risk of a cyber compromise.
As discussed in the first chapter of this BlackCloak story, exceptions are indeed a fact of life—a point within the business—and must be dealt with accordingly. While it’s easy to recognize the top-level risk that C-level executives introduce to the company when they go home and work outside of the traditional IT boundaries, it may be less evident for some specific roles and functions such as HR, legal, and finance. Furthermore, the agreement between the executive and the organization may or may not clearly define where the lines of “monitor and control” are drawn.
We got the big picture in chapter 1. Join us now for chapter 2 as we get into the functional view for the challenges businesses face; how do you engage in those really tough conversations with executive-level team members when their “perks” get in the way of securely running the business?
We have views from many angles to help pave the way.
Episode 3: Redefining And Operationalizing Executive And Employee Cyber Protections
coming soon…
Guests:
TBA…
