Two questions your Board will ask the C-Suite about IT systems that your CIO must be prepared to answer:
1: Is our system secure?
2: If our system is breached, can we quickly get back up and running?
Eric Yuan, CEO and founder of Zoom Video Communications, knows firsthand the answers to these two questions after his video meeting platform was plagued with cyberattacks. Soon, “Zoombombing” became a common catchphrase, and the company raced to seal up security leaks, improve encryption, and destroy bugs in the software.Yuan accepted full responsibility, admitting on record to the Wall Street Journal that he “messed up as CEO,” and the security breaches “shouldn't have happened.” As for Zoom’s reputation with all the stakeholders, Yuan simply stated he needed “to win their trust back,” (1) words no C-suite officer ever wants to publicly utter. All-in-all, Zoom needed about a month and a half to recover from the security breaches, and recover they did, but not before several class-action lawsuits were filed against them. Yuan’s experience, along with many others’, remains a cautionary tale to leaders of companies who are adopting a digital-first mentality to accommodate our rapidly changing digital landscape.
How to Answer “Yes” to Question #1: “Is Our System Secure?”
First, modernize: To keep up with or outpace your competition, you need to increase the digital footprint of your business to better manage production and forecasts. But increasing your digital footprint also means increasing security. You can only do both by modernizing your current legacy system. An outdated system not only lacks the flexibility and scalability to handle updates, but more importantly, lacks the ability to seamlessly integrate the latest security and disaster recovery features.
Second, prioritize: Securing your data and your reputation should become priority one. Every other day we read news pertaining to cybersecurity threats such as ransomware, phishing, or IoT-based attacks. Unfortunately, legacy systems are almost always vulnerable to these threats. By adopting a modern ERP in a secure cloud framework, your IT staff can feel confident that your ERP partner incorporates the security protocols that will better safeguard all your data from external threats and internal security breaches.
Third, educate: Does your business have a cyber-focused mindset and cyber-conscious culture? Are these awareness programs tailored to address special considerations for high-risk employee groups handling sensitive intellectual property, Industrial Control Systems’ (ICS) assets, or connected products? If not, you need to add awareness and education programs to your Security Plan checklist.
Fourth, seek assistance: Third-party experts are equipped to help you with your modernization and your security protocols. By offering you a cloud-based ERP solution, complete with integrated back-up systems, an ERP partner such as Copley can help you guard against cyberattacks as well as help you minimize damage if one should ever occur. These solutions continuously ensure your data, whether the issue be a cyberattack, a natural disaster, or simple human error.
No matter how many security protocols are in place, you still must prepare for the worst. A data breach can cost your company millions in lost business and employee time, as well as your company’s long-standing reputation. A Deloitte study, titled Manufacturers Alliance for Productivity and Innovation (MAPI), discovered that 40 percent of manufacturing firms experienced a cyberattack in the last year. Of that 40, 38 percent suffered more than $1 million in damages(2). Given the odds, you should prepare for the chance that you will, at some point, be targeted.
How to Answer “Yes” to Question #2: “If our system is breached, can we quickly get back up and running?”
First, employ a recovery plan: Successful cyberattacks in 2020 show that most companies have neither a disaster recovery plan nor any back-ups for their software and data. You need to have a continuity plan, and a Cloud-based ERP solution provides one that will allow you to refresh your database with minimal downtime. And that’s what your Board wants to hear, that your company can be fully operational with minimal damage and minimal downtime.
Second, evaluate the effectiveness of your plan: It’s not enough to have a cyber risk plan in place; you should evaluate its effectiveness. Once you’ve modernized, adopted a secure cloud framework, and aligned your organization to your industry’s current security standards, it’s time to test any weaknesses. Assign a team of “white-hat” hackers, either from your IT department or from a third party, to see if your system can be breached. If it can, how extensive were the damages and how soon were you fully operational again? If you cannot assign a team, ensure that your cloud ERP provider can provide you with that service.
Finally, remember: If you are targeted, you can recover successfully. Zoom retaliated from its barrage of cyberattacks with a revenue growth of 169% from the previous year in its first-quarter earnings report (3). The meeting service also grew from 200 million meeting participants in March to 300 in April (4). Just remember that an effective plan not only includes cyber defense, but also includes an effective company, business partner, customer and public relations response strategy.
Having an effective cybersecurity plan ultimately gives you the confidence to field any question from your Board involving company security and risk. Partner with The Copley Consulting Group to ensure the security of your ERP system. Having implemented and maintained hundreds of cloud-based ERP solutions in the manufacturing industry, The Copley Consulting Group can help you ensure the safety of one of your most precious resources: your data.
1. https://www.wsj.com/articles/zoom-ceo-i-really-messed-up-on-security-as-coronavirus-drove-video-tools-appeal-11586031129 and https://www.cnet.com/news/zoom-wont-add-encryption-to-free-calls-so-it-can-work-with-law-enforcement/ and