By now we have all been well immersed in the importance of cybersecurity.  The initial emphasis on technology itself was much needed as it introduced many advisors to best practices on topics like perimeter security and mobile device management.  As an IT provider, we welcomed the additional attention on the subject matter as the SEC provided us with a re-focused captive audience.  Okay, “welcomed” may be a bit of an overstatement.

As we reviewed more systems, we were pleased to find that the vast majority of recommended changes came at no cost to the advisor and merely required that policies and procedures be revised to reflect the new world order.

The area often overlooked was in the creation and communication of a corporate culture whereby anyone triggering a malware attack could comfortably come forward and blow the whistle on themselves knowing that they would still be employed and that they did the right thing in immediately bringing the breach to management’s attention.  Embarrassed, but employed.

There’s no use hiding. At the end of the day, your IT people will identify the origin of the attack anyway, so come clean knowing that you’ll still be going to work the next day and that your lack of hesitation will have been the first critical step towards a successful remediation.