Last updated at Wed, 03 Jan 2024 19:54:22 GMT

Hi, I'm Meredith Tufts. I recently joined Rapid7 and if you were on the live Oct. 30th's webcast, “CyberSecurity Awareness Panel: Taking to the C-Level and Beyond” – I was your moderator. It's nice to be here on SecurityStreet, and this week I'm here to provide you with the Top 3 Takeaways from our CyberSecurity Awareness month webcast where we were joined by a panel of experts:

Brian Betterton - Director, Security, Risk and Compliance at Reit Management & Research

Trey Ford - Global Security Strategist at Rapid7

Nicholas J Percoco - VP of Strategic Services at Rapid7

Key Takeaways on how to win the hearts and minds of your company's “C-Level and Beyond”:

  • Data Custodianship – Make the conversation personal. We know that there is the Holy Trinity of regulatory data (PCI, PHI, PII), but, as Brian Betterton explains, there is another type to be considered: EI (Executive Information). Executives are being targeted and now is a good time to make the conversation around custodianship, personal. Your executives could be targets of phishing, malware, etc. Do they want their valuable, personal information out in the world?
  • Policies – Nicholas J. Percoco shares how one company's policy on their IT department's maintenance/testing taking place during a very specific time of day, helped a sales clerk determine that the activity taking place on her POS system was malicious in nature. There can be huge pros to making your policies as specific and detailed as possible and ensuring that all employees are educated about these policies; policies are great to have, education is essential. Specifically outlining what each role within the company is responsible for as well as timelines for security activity can be the difference between detection and a full-fledged breach.
  • Crisis Communications – Making it personal, again! Rehearsing for a crisis is necessary, knowing who is going to write the press release, who will be the face of the company, who is the expert, who is going to communicate to the customers, etc. is a must. Brian also highly suggests that cyber insurance and Director & Officer Insurance be part of the crisis conversations. Talk about getting personal with your executives, getting sued with personal financial repercussions at stake can be about as personal as it gets!