Tag Archives: Facebook

Do You Know Where Your Critical Cyber Assets Are?

darkpurplecloudsThere’s a cautionary tale for association leaders and managers in the Wall Street Journal describing how “spies” have successfully penetrated the US electrical grid and other infrastructure systems in recent years.  Interestingly, many of the penetrations were not uncovered by the companies in charge of the infrastructure, but rather by the U.S. intelligence community.  WSJ writer Siobhan Gorman reports that U.S. National Director of Intelligence Dennis Blair has told Congress “over the past several years we have seen cyber attacks against critical  infrastructures abroad and many of our own infrastructures are as vulnerable as their foreign counterparts.”

Which led me to wondering about how many organizations in the non-profit community have taken the time to identify their own “critical cyber assets”?  And how many have created management structures and protocols to properly protect and test them from time to time?  No, I’m not talking about making sure you have a back-up of your computer database and critical files stored off site (it is stored off-site and tested for functionality time-to-time right?) although that’s important to be sure.  No, I was really pondering the notion of what might comprise the  “critical cyber assets” of your organization?   Perhaps databases, with suspects, prospects, customers and members. Check.  The financial data system, including system backups, accounts receivable, tax filings, and payroll records. Check.  Are the customer database and financial systems segregated by a firewall or other barrier?  If someone hacked your member database could they walk through your financial system too?  How about the inventory of periodicals, publications and articles that comprise the intellectual property of the organization? Check.  Convention, conference and seminar registration data, speaker resources, submissions, contracts, venue agreements, and planning documents?  Check.  Where’s the back-up for governance records of the organization such as Board and committee minutes, bylaws, articles of incorporation, IRS determination letters and related correspondence? Got it. Good. Check.  What’s your plan to assure your organization’s new social media assets such as FaceBook, Twitter, MySpace, LinkedIn or Plaxopages could be resurrected were they to be hacked or lost to some sort of cyber-glitch?

I’m sure you and your team can come up with a more comprehensive list than what’s here and that’s exactly my point.  If you haven’t already done so, now is a great time to get started and if you’ve already walked this path, now could be a great time to re-check your steps.  Have you overlooked anything?  Are your firewalls and external and internal intrusion detection systems up to date and secure?  Sure there may be bigger and juicier targets for hackers than your organization, but  the threat can arise from within, too.  The Wall Street Journal story describes an incident in 2000 when a disgruntled employee in Australia rigged a computerized water control system to let loose a stream of 200,000 gallons of sewage flooding parks, rivers and a local hotel.  So, about those critical cyber assets?

Say It Ain't So, Seth!

In a recent SpearTalks interview Seth Godin opined that “Trying to convince a CEO of anything is a little like trying to convince a cop not to give you a ticket. It’s possible, but rarely worth the effort, given the odds.”  Hmmm.

What truly caught my attention was his notion that it is “rarely worth the effort”.  I disagree.  While you may not win the day by pressing your point of view on the CEO, it is equally possible you will stir some sense of consciousness and at the very least spark some discomfort with those long held CEO notions of what works.

By the nature of my work, I engage with dozens of CEO’s on a regular basis.  While they are not easily persuadable, they are in my experience amenable to considering alternatives and with the leverage of solid information even likely to accept and adopt a new perspective.  A recent discussion with a CEO about the potential and value of social media illustrates the point.  Initially, she seemed to miss the value proposition of social media entirely.  Her basic position simplified was “who needs it!”  When I persisted by pointing out that the younger managers on her staff had likely been using Facebook to communicate with friends and colleagues since before their high school days, she seemed to grasp the idea.  Her questions flew fast and furious.  Who controls it?  Who operates these sites?  How much time does this require?  What resources do we need to implement it?  What are the risks?  Is there a measurable ROI? 

When I reminded her that that someone else could easily start up a company page if she didn’t, the lights went on and someone was now clearly at home in her decision tree.  Seth’s right in saying it doesn’t always work, but I’d argue given the right fight, it’s worth the rare effort still.