Law firms can probably replace the phrase “C-level Executive” with partner, right?
“However, a rift exists in terms of cybersecurity accountability: 55% of IT professionals said they believed that C-level executives should lose their jobs if a breach is serious enough, yet 61% also said that C-level executives they work with expect more lenient security policies for themselves, the report found. This disparity in expectations results in more breaches 65% of the time, IT professionals reported.”
This has been going on for as long as there has been confidential information. It’s shifted into the IT realm over the years, and our infrastructure has gotten much more complicated, but it’s the same exact problem that existed in years past with printed documents. Inevitably, someone would want to take a copy of it home to read, out of the locked file cabinet, and leave it sitting in their car or forget it on the subway, in the cab, etc.
Security and convenience will always be about finding the right balance, but I do agree that the balance has to apply to everyone. IT teams can, and should, be trying to minimize the pain involved for users, while always keeping in mind the responsibility of keeping it secure, and those who wield power over the IT team need to understand that they are going to have to deal with pain sometimes too, in the name of security.
There is no magic that makes an executive, or partner, immune to being hacked or losing data. It’s everyone’s responsibility, and clearly if 61% of IT professionals have seen one where they currently work, we have a lot of work to do to get people to understand this. Maybe a few C-level executives getting fired would help get their attention?