The unstable geopolitical climate has put cybersecurity at the top of every CEO's agenda. When Russian tanks stormed into Ukraine, we entered a new world order. While the short-term global effects of this new era are a marked increase in global inflation and societal anxiety, the most profound consequence of the new world order on our daily lives is arguably the onset of a global cyberwar. Confrontation amongst the top three global superpowers (the US, China, and Russia) is now at its highest point in more than 30 years.
Over the past two decades, the US has suffered a surge in cyberattacks perpetrated by foreign forces. According to the FBI, “The counterintelligence and economic espionage efforts emanating from the government of China are a grave threat to the economic well-being and democratic values of the United States.” In August 2021, the Biden administration accused the Chinese government of breaching Microsoft email systems. The US Secretary of State said China “has fostered an ecosystem of criminal contract hackers who carry out both state-sponsored activities and cybercrime for their own financial gain.”
Cyberattacks in the US sponsored by antagonistic foreign regimes will likely spike throughout 2022. Disputes between the US and China and between the US and Russia are growing in number and intensity. The areas of contention include:
Bilateral trade relations.
The Russian invasion of Ukraine.
The expansion of NATO.
China's territorial claims over Taiwan.
The human rights of political protesters.
The scramble for natural resources.
Strategies to prevent global warming; and
Protocols to tackle future pandemics.
Consequently, it came as no surprise when President Biden urged American business leaders to prepare for cyberattacks proactively, and the SBA launched the Cybersecurity for Small Business Pilot Program grants of up to $3 million for companies to strengthen their cybersecurity infrastructure. Funding for the program comes from the Infrastructure Bill passed by Congress in 2021 with strong bipartisan support. So, how can CEOs bolster the cybersecurity of their businesses now? Here is a roadmap to help you navigate the cybersecurity pandemic.
1. Increase Your Company’s Cybersecurity Defenses
Western companies would be wise to source their computers from US manufacturers and our global allies. In March 2021, the US Federal Communications Commission (FCC) designated five Chinese tech companies as posing an "unacceptable risk" to national security.
Companies with old computers can bolster their security by replacing them with newer computers that have better protections and can run the latest software and apps. Apple is widely recognized to offer the highest level of cybersecurity protection for all its devices and has the added benefit that iPhones and iPads, which lead the American phone and tablet markets, run very similar software and apps as its computers and desktops. Other leading American computer manufacturers that offer strong cybersecurity guarantees are Microsoft, IBM, and HP.
But hardware security is not enough. Corporations must also have secure software systems. CEOs should be asking their heads of IT for continuous recommendations about software updates to bolster cybersecurity. In small businesses, hiring an external IT vendor with a solid track record in cybersecurity is essential. CEOs need to invest time to find the right IT lead — whether in-house or contracted — to oversee cybersecurity.
It's also essential for CEOs to confirm that the recommended security software solutions are effective company-wide solutions, protecting all operating systems, including your CRM and ERP. Cyber software solutions should be cloud-based as more businesses migrate to the cloud. Traditional antivirus software is not comprehensive enough to protect companies in cloud and hybrid environments. Finally, company software needs to be updated regularly to ensure protection against the continuous onslaught of new threats.
A critical best practice is limiting access to your company's most sensitive information to essential employees. If you forget to change access codes, an unhappy outgoing employee might vengefully jeopardize sensitive documents.
2. Upgrade and Diversify Your Data Backup Strategy
When a cyberattack hits your business, it often deprives the company of its ability to operate. Hackers freeze the entire tech infrastructure, holding the company hostage until it fulfills monetary demands. While the company's tech is frozen, your daily operations come to a standstill.
CEOs can minimize the harm caused by a cyberattack by ensuring their data is backed up regularly, and their backups are working correctly. Adopting cloud software in every area is a smart move. Cloud software solutions such as Microsoft Office, Amazon Web Services, Google Cloud, QuickBooks Online, Oracle NetSuite, Salesforce, or HubSpot significantly reduce the risk of a company losing its backup in a ransomware attack. These tech giants have ample storage capacity in their data centers and processes to back up your data constantly. When businesses operate outside the cloud, they rarely back up their data successfully on an ongoing basis.
Businesses should back up all critical data in at least two different places. Back up your company's data in a hard disk or, better yet, in an external hard drive, so you are protected if the cloud software you use malfunctions or is hit by a cyber-attack. An additional benefit of using a hard disk or external hard drive is that it gives CEOs more control over their backups, allowing you to monitor if the backups are working correctly.
3. Empower Your Team to Build Cybersecurity into Corporate Culture
Your company's cybersecurity strongly relies on your team's ability to identify and prevent threats. Train your team to identify phishing emails before they open them and explain how to report them to your IT team. Everyone on your team needs to know whom to turn to if they suspect a virus, if a hacker has accessed their computer, or if they receive a suspicious email, text, or phone call.
Businesses can provide cybersecurity awareness training and implement company-wide policies either through their in-house IT team or with the help of a specialized contracted vendor. The most effective cybersecurity training for general staff is short, frequent, and engaging to keep everyone current on the evolving strategies that creative hackers use to penetrate security systems.
Remind your team members to use different passwords for each of their software accounts and store their passwords in a secure vault. Instruct your team to use two-factor verification in their software accounts containing sensitive data. Training should also remind employees not to download any software unless their IT team requests that they do. If your company employs external contractors that use their computers and have access to your software, remind them regularly to only download software that they fully trust. Finally, teach your team that the sooner cyberattacks are detected, the greater your chances of mitigating company-wide harm.
In these unprecedented times, business leaders need to be crucially aware that society may come to a halt if malicious hackers compromise our computer systems. All CEOs must handle cybersecurity as a critical priority. The best way to avoid a cyber-societal panic is to now plan for the worst and deploy essential security measures. You must prepare your company for the cybersecurity pandemic era, which unfortunately does not have an end in sight and may well be here to stay indefinitely.