CEOs who want to actually have your people protect data should try this:
“To all employees, this company takes data protection very seriously. It has a material impact on our operations. The CIO and IT Director are in charge of those policies. If one of them comes to your business unit and gives you an instruction, take it as seriously as you would instructions from any other C-level, including myself. As of this date, know this: If you disregard or otherwise violate any IT instruction, you better pray that they are wrong. Because if they tell you that you are risking a major data disaster if you don’t do what they say — and you disregard that and what they predicted actually happens — it will be the heads of your group that will feel the financial pain. Bonuses, head count and everything else will be subject to financial penalties. Do what they say. That way, if something bad happens, you are off the hook. But if you disregard their messages , you now have skin in the game.”That one memo — assuming it is serious and will be backed up by the threatened actions — will likely do more to truly protect your data than almost any other single act.
The second thing aCEO or top-level IT decision-maker should do is tell the world what you have done. Signal to investors, regulators, potential customers and your competitors that you are now taking data safety seriously.
Read the full article here
