The title alone will elicit a snicker from some security professionals. I can count on one hand the number of CEOs I have met that have a sincere interest in information security. This is not to say that CEOs do not care about information security, but for many it does not make the top 10 list. With the pressure placed on bank CEOs by regulators, shareholders, and even customers who can blame them. But as a CEO you should care about information security and here’s why. Your bank is an information organization. Think about it, your bank has multiple databases and files with private customer information. Included within these databases and files is a treasure trove of information the bad guys would love to have. What’s a CEO to do?
Information Security Should be a Boardroom Issue
First, recognize the value and importance of the information within your bank. Information security should be a boardroom issue and not something you try to comply with to make examiners happy. Do you spend time in the monthly board meeting discussing information security? Do you know where customer information is stored within the network? How about paper files? How is customer information transported and disposed? Who uses your customer information? Do you know if your information security controls are working? These are just some of the basic questions that you should be able to answer right now.
Identify Threats and Implement a Protection Plan
So now that I have your attention what are the next steps? Should you follow the recommendations from the outside information security consultant that make every missing software patch or update sound like the greatest security threat there is or do you educate yourself and put into place an information security program that is right for your bank? Begin with educating yourself on where customer information is stored and transmitted; then identify the practical threats against this information. Once you understand where the information is and what the threats are you can create a protection plan that is beneficial for your customers and your bank’s reputation. Make the boardroom discussion of information security as common as discussions about at risk loans or the latest regulatory changes. Take the steps to become the CEO of Information Security at your bank.