The Secure CEO: How to Protect Your Computer Systems, Your Company, and Your Job
By Mike Foster
()
About this ebook
Viruses ... hackers ... malware ... identity theft ... IT security breaches. It's enough to make your head spin. As the company's CEO, owner, or key executive, you may think your network and company information are safe from prying eyes, but are they really? Maybe your network is running illegal programs (installed by criminals in other countries and without your knowledge) because you have fast servers and weak protection. Or perhaps your IT staff is overworked and over promising on results, all because they're under-trained or so busy fire-fighting that they can't possibly keep up with IT security issues. If you don't wear a pocket protector or horn-rimmed glasses, and even if you have limited understanding of how business technologies work, this book is for you. Now you can take control of your company's IT issues and rest assured that you really are protected. In this powerful yet easy-to-understand book, Mike Foster gives you the bottom-line information you need to effectively analyze your organization's current use of information technology, minimize IT security breaches, keep your company safe, and create a plan to keep your system secure and following industry best practices into the future. This is the plain English information you'll want to cover with your IT professionals to be sure your network and company are protected and that you are getting the most from your IT investment. Yes! IT can be an enjoyable and interesting topic (really!), even for technophobic executives. All company leaders and their IT staff can benefit from this book, written for you about one of the most important topics today. Cut through the confusion and intimidation and more effectively harness the power of technology for your company's advantage. This book will show you how. Never before in history has IT security been so important. Read this book and you'll sleep better at night knowing you are making smart IT decisions that enable your company to grow.
Related to The Secure CEO
Related ebooks
Cyber Security Awareness for Corporate Directors and Board Members Rating: 1 out of 5 stars1/5Making Passwords Secure Rating: 0 out of 5 stars0 ratings8 Steps to Better Security: A Simple Cyber Resilience Guide for Business Rating: 0 out of 5 stars0 ratingsBuild a Security Culture Rating: 0 out of 5 stars0 ratingsDigital Cop: A Digital Cop's Guide to Cyber Security Rating: 0 out of 5 stars0 ratings7 Rules to Influence Behaviour and Win at Cyber Security Awareness Rating: 5 out of 5 stars5/5Information Security A Practical Guide: Bridging the gap between IT and management Rating: 5 out of 5 stars5/5Building a Life and Career in Security Rating: 5 out of 5 stars5/5How to Define and Build an Effective Cyber Threat Intelligence Capability Rating: 4 out of 5 stars4/5Infosec Management Fundamentals Rating: 5 out of 5 stars5/5Building an Effective Cybersecurity Program, 2nd Edition Rating: 0 out of 5 stars0 ratingsA Practitioner's Guide to Adapting the NIST Cybersecurity Framework Rating: 0 out of 5 stars0 ratingsUse of Cyber Threat Intelligence in Security Operation Center Rating: 0 out of 5 stars0 ratingsSeven Deadliest Network Attacks Rating: 3 out of 5 stars3/5Social Engineering Penetration Testing: Executing Social Engineering Pen Tests, Assessments and Defense Rating: 0 out of 5 stars0 ratingsCyber Security Awareness for CEOs and Management Rating: 2 out of 5 stars2/5The Smartest Person in the Room: The Root Cause and New Solution for Cybersecurity Rating: 0 out of 5 stars0 ratingsCombat Ready IT and PIE: Cyber Security for Small Medium Business and Perpetual Improvement Everywhe Rating: 5 out of 5 stars5/5Botnets: The Killer Web Applications Rating: 5 out of 5 stars5/57 Rules To Become Exceptional At Cyber Security Rating: 5 out of 5 stars5/5Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors Rating: 0 out of 5 stars0 ratingsCybersecurity Incident Response: How to Contain, Eradicate, and Recover from Incidents Rating: 0 out of 5 stars0 ratingsWireless Operational Security Rating: 0 out of 5 stars0 ratingsSecurity Assessment: Case Studies for Implementing the NSA IAM Rating: 3 out of 5 stars3/5A Convenient Guide to Starting You on Threat Modeling Rating: 0 out of 5 stars0 ratingsManaging Cybersecurity Risk: Book 3 Rating: 0 out of 5 stars0 ratingsCybersecurity Risk Management A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsEasy Steps to Managing Cybersecurity Rating: 0 out of 5 stars0 ratingsSecurity Awareness Complete Self-Assessment Guide Rating: 0 out of 5 stars0 ratings
Enterprise Applications For You
The Ridiculously Simple Guide to Google Docs: A Practical Guide to Cloud-Based Word Processing Rating: 0 out of 5 stars0 ratingsCreating Online Courses with ChatGPT | A Step-by-Step Guide with Prompt Templates Rating: 4 out of 5 stars4/5Bitcoin For Dummies Rating: 4 out of 5 stars4/5QuickBooks 2023 All-in-One For Dummies Rating: 0 out of 5 stars0 ratingsThe New Email Revolution: Save Time, Make Money, and Write Emails People Actually Want to Read! Rating: 5 out of 5 stars5/5Excel Formulas and Functions 2020: Excel Academy, #1 Rating: 4 out of 5 stars4/5ChatGPT Ultimate User Guide - How to Make Money Online Faster and More Precise Using AI Technology Rating: 0 out of 5 stars0 ratingsExcel : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Excel Programming: 1 Rating: 5 out of 5 stars5/5MrExcel XL: The 40 Greatest Excel Tips of All Time Rating: 4 out of 5 stars4/5Scrivener For Dummies Rating: 4 out of 5 stars4/5Excel 2019 For Dummies Rating: 3 out of 5 stars3/5Systems Thinking: Managing Chaos and Complexity: A Platform for Designing Business Architecture Rating: 4 out of 5 stars4/550 Useful Excel Functions: Excel Essentials, #3 Rating: 5 out of 5 stars5/5QuickBooks Online For Dummies Rating: 0 out of 5 stars0 ratingsMicrosoft Power Platform A Deep Dive: Dig into Power Apps, Power Automate, Power BI, and Power Virtual Agents (English Edition) Rating: 0 out of 5 stars0 ratingsData Governance: How to Design, Deploy and Sustain an Effective Data Governance Program Rating: 4 out of 5 stars4/5Excel 2016 For Dummies Rating: 4 out of 5 stars4/5Excel Formulas That Automate Tasks You No Longer Have Time For Rating: 5 out of 5 stars5/5QuickBooks Online For Dummies Rating: 0 out of 5 stars0 ratingsQuickBooks 2021 For Dummies Rating: 0 out of 5 stars0 ratingsMastering QuickBooks 2020: The ultimate guide to bookkeeping and QuickBooks Online Rating: 0 out of 5 stars0 ratingsEnterprise AI For Dummies Rating: 3 out of 5 stars3/5Experts' Guide to OneNote Rating: 5 out of 5 stars5/5Evernote Essentials Guide (Boxed Set): Evernote Guide For Beginners for Organizing Your Life Rating: 3 out of 5 stars3/5101 Ready-to-Use Excel Formulas Rating: 4 out of 5 stars4/5
Reviews for The Secure CEO
0 ratings0 reviews
Book preview
The Secure CEO - Mike Foster
Acknowledgments
Thank you to my loving wife. You are an awesome partner in our highest calling—doing the best we can to empower our children with the best knowledge, health, feelings, and spirit. It is a team effort for sure. You are a phenomenal wife and mom. It is a great coincidence that you enjoy travelling tens of thousands of miles each year so our whole family can be together.
Thank you Mom and Dad for your upbringing and empowerment, through your fantastic and living examples. Thank you especially for teaching me that spending time watching a little TV each day adds up to a surprisingly large amount each week. Eliminating TV frees up so much time that can be used to learn and contribute to others’ wellbeing.
Thank you, Greg, for performing the technical review of this manuscript.
Thank you, Alan, for being so willing to share your in-depth knowledge, especially about VDI. You are always there at a moment’s notice and provide incredible value right away—even when it is 2 a.m.
Thank you, Stacey. You are fully involved in helping make the world a safer place to live and work. Your teamwork, communication skills, and ability to keep everything on track add so much as we all, together, help others even when technology and the threat landscape are in constant flux.
Thank you, Dawn. Your countless hours of editing have produced the content of this book. You eliminated grammatical errors, condensed parts of this manuscript that were too long, and helped expand where needed. You handled this whole project, from the first rough draft all the way to making sure the book arrives in people’s hands. You, too, are playing a big role in enhancing the use of technology to make the world a better and safer place to live and work.
Thank you, Rick, for accepting the request to be an accountability partner. Your determination to keep this book high on the list of priorities, combined with your business savvy recommendations and guidance, continue to make a huge difference in the increasing number of people who receive information to make the world more secure. You exemplify how to be a part of a global force for good.
Thank you to the many mentors who have imparted the technical information contained herein, and with timeless principles that make all the difference. You all help so much, whether we’ve met in person, remotely, or only through your works. Some have had more birthdays, some fewer, and some live on forever though their works. And most of all, thanks to The One who is always available.
Thank you also to the many clients whose executives and IT professionals alike have taken the time to explain your exact situation, how you are dealing with technologic challenges, what has worked, and what hasn't worked. Real-life solutions are often more valuable than anything written in books, especially as fast as technology progresses.
Thank you to the thousands of participants who’ve taken information from presentations who have increased their knowledge, and thank you especially if you go back to your offices and homes to implement the action steps you received.
Finally, thank you—the reader—who will absorb this information. You are encouraged to use this information to protect your organization and your job.
Contents
Dedication
Acknowledgments
Introduction
Chapter One: How Secure Are You?
Chapter Two: How Your IT Department Affects Security
Chapter Three: The Cost of Security Breaches
Chapter Four: The Great Disconnect
Chapter Five: The Pros and Cons of Outsourcing Your IT
Chapter Six: Identity Theft and Compliance
Chapter Seven: Encrypted Data
Chapter Eight: Mobile Device Security
Chapter Nine: Network Security
Chapter Ten: Who Are the Hackers?
Chapter Eleven: Update and Patch Your Operating Systems and Applications
Chapter Twelve: Update Your Firmware
Chapter Thirteen: WSUS
Chapter Fourteen: Patch Tuesday and Hacker Wednesday
Chapter Fifteen: Server Updates
Chapter Sixteen: Workstation Virtualization
Chapter Seventeen: Log Consolidation Tools
Chapter Eighteen: User Beware
Chapter Nineteen: Anti-Virus Programs
Chapter Twenty: Anti-Spyware Tools
Chapter Twenty-One: Tools to Keep Spyware Away from Your Machines
Chapter Twenty-Two: E-mail Security
Chapter Twenty-Three: Anti-Spam Tools
Chapter Twenty-Four: Trojan Horses
Chapter Twenty-Five: Rootkits
Chapter Twenty-Six: Firewalls
Chapter Twenty-Seven: Application Whitelisting
Chapter Twenty-Eight: Virtual Private Networks
Chapter Twenty-Nine: Bring Your Own Device
Chapter Thirty: Content Blocking and Internet Monitoring
Chapter Thirty-One: Policies to Prevent Internet Abuse
Chapter Thirty-Two: Group Policy Objects
Chapter Thirty-Three: Administrative Accounts and File & Folder Access Control
Chapter Thirty-Four: Don’t Let Users be Local Administrators on their Devices
Chapter Thirty-Five: Backup Strategies
Chapter Thirty-Six: Disaster Recovery Plans
Chapter Thirty-Seven: Physical Security
Chapter Thirty-Eight: Wireless security
Chapter Thirty-Nine: Endpoint Security
Chapter Forty: Make Sure Your Service Providers are Secure Too
Chapter Forty-One: Commit to IT Accountability
About the Author
About The Foster Institute
Introduction
Technology is a core part of business today, and IT is essential to many organizations.
Almost every business relies upon email, websites, and a myriad of applications. More and more The Cloud
is part of organizations. If your organization cannot access the Internet or some other component, and the users’ computers fails, business is seriously impacted.
Risk management is crucial in today’s world of storing so much sensitive information—some of it in The Cloud.
Cyber security helps prevent fraud. Many compliance programs include extensive, and often expensive, cyber security requirements.
As an Owner / President / and any C-Level Executive, you may feel overwhelmed by all of the technical jargon. Indeed, cyber security concepts can be complicated. Some executives observe that cyber security is, in some respects, analogous to experiencing a chess-match against someone who has mastered the game.
Some people tasked with risk management assume that, If we have a firewall, a VPN, and an anti-virus, we are safe!
Remember, this is like chess. Guess which three technologies that hackers have learned to circumvent? If you said firewall, VPN, and anti-virus, you are right. And they didn’t stop there. This is, in many ways, a cat and mouse game.
Related to risk management, fraud prevention, and protecting sensitive data, who do you suppose is always one step ahead? The attackers or the technology to protect your organization? In spite of what advertising will lead you to believe, the attackers are almost always many steps ahead. Bugs such as Heartbleed and Shellshock are examples of vulnerabilities that were exploitable for many years before the good guys
learned of the exploit. Yes, controls were put into place, but how many exploits occurred before the problem was identified?
How is an executive supposed to make informed decisions about IT when it is so difficult to understand the underlying concepts of cyber security? Turning IT over to an IT professional, without being any part of the decision process (other than approving the budget), can be disastrous. The news is full of stories demonstrating such.
You are now reading a definitive guide to understand, in plain English, some advanced concepts. This material is designed to facilitate your being able to make those important informed strategic decisions that will help provide you with the best results in the long term.
When I speak to audiences about technology, I see a lot of people wince and groan. So I know that technology isn’t always a fun topic. One of my audience members summed it up perfectly one time when he said, You know what, Mike? Technology is amazing. It lets me solve all kinds of problems I’ve never even had before.
And yes, that’s how we feel a lot of the time. That’s why my goal of this book is to help you understand and embrace best practices so you can use technology for the benefit it was meant to give you.
The good news is that you don’t have to be a Techie
to understand technology.
Anyone, yes anyone, can become more aware of IT issues.
When I go into companies, especially small ones with 700 or fewer computers, I see some common IT problems. One company that comes to mind is a wonderful firm in the Midwest. They started out small and over time grew quite substantially. When I met with them and looked over their IT department, they were in the midst of their growth spurt. The executives claimed to hate computers,
and their attitude filtered down to all of the end-users too. It showed. I looked at the network, and sure enough, the configuration was totally inadequate. In the back of my mind I thought, No wonder this network isn’t working for them.
So I pulled the IT person aside and asked him, By the way, where did you get your IT training? Who taught you this stuff?
He looked at me with a puzzled look and said, No one. I went to college and studied music. I’m a concert pianist.
I then asked him how he got into IT, and he said, I started out when the company was really small. We got our first computer, and I was the only one here who even knew how to use the mouse. So the owner said that I was now in charge of IT. I’ve been here ever since.
I hear similar statements a lot.
He had managed to study and learn along the way, but the biggest problem was that he was lacking some important information. Additionally, along the way, some less-than-adequate IT consultants he hired had fed him erroneous information. Fortunately, I was able to mentor him and coach him, and he learned a lot of important things about changing the network around. The information I gave him would have been simple to people who’ve had extensive formal IT training, but to him, it was all new information. As such, their network got a lot better.
The point of this story is that even if someone started out in the mailroom, if he or she now has to interact with technology in any way, offer that person some training. Let your people get certified in the technology that your organization utilizes.
As an executive, you are already aware that technology is useful; however, creativity and relationships are what got you where you are today. And those are the two things that will keep you successful in the future. Realize that technology is a powerful tool to help with your focus on creativity and relationships.
Your customers trust you to provide for them. Not only do they trust you with their sensitive information, but they also trust you to be there for them when they need you. Data breaches and downtime are two of the many problems you want to avoid. Risk management programs address these issues with cyber security and DRP (Disaster Recovery Planning).
That’s why the information in this book will not only teach you what you need to know to keep your company safe from IT breaches, but it will also help you better relate to your IT professionals so you can work together as a team to keep the company moving forward.
My goal with this book is to give you a lot of tools and strategies you can start using right now. Throughout this book I’m going to give you websites to go to and products to investigate.
At the end of each chapter you’ll see Action Items. These are specific things for you to do to help you implement the information in the chapter. We all know that information is useless if you don’t implement it, and I created these Action Items to give you a head start on your cyber security issues.
Put a timeline on your action items. Set a date. Too many times we put important things on the back burner
so we can put out fires. But putting out fires is an inefficient use of anyone’s time. You’re better off putting the practices in place that will keep the fires from starting in the first place. Empower your IT professionals with simple concepts, addressed within this book, such as Gantt Charts, PERT Charts, Work Breakdown Structures, and other project management tools.
Realize that I am very much an IT professional,
but I have also functioned in executive roles. Today, I enjoy being able to give executives a window into the IT professional’s world
and vice-versa. The world of IT isn’t just about pocket protectors and glasses with tape in the middle.
When I visit with IT professionals, I talk about having them seem like they are the Maytag Man in those old TV commercials, meaning that as far as IT goes, it would be wonderful if they could just be sitting there with nothing to do because the network is taking care of itself. One of the most rewarding parts of my job, as an IT partner, is to watch IT professionals who are completely overwhelmed, eventually (sometimes several years later) make all the necessary changes in technology that do enable them to sit back and relax, to take a vacation, and perhaps work a four-day workweek. Their happiness and physical health change accordingly.
So why is this important for an executive? Because, to some degree, your hands need to be on the steering wheel too. At the very least, you need to be the GPS that is providing strategic guidance. When you are informed in the basic concepts of technology, your GPS map becomes more accurate.
One problem is that far too many IT professionals are forced to spend their time putting out fires most of their days. This busy-ness rarely feels comfortable to an IT professional; they want to feel like they’ve accomplished more than just keeping things from getting worse. It is important to provide an environment that will allow him or her to feel some fulfillment
at the end of the day. It may even impress the boss to see the IT professionals getting so much done.
The reality is, they—the IT professionals—are stealing from themselves and the company. There is little time for the IT professional to invest in important learning, researching, and strategizing.
Many IT professionals are very good at showing people how a computer can make their job easier. Sometimes, though, they limit themselves and don’t always use best practices in their own utilization of technology. Maybe they need to look into the mirror and say, Hey, here’s what you could do as an IT professional to make your own job easier.
An example of when some IT professionals don’t take advantage of technology is when they only have one or two monitors. That may be enough. When I lived in Napa, CA, after the devastating earthquake in 2014, as part of the cleanup process, an engineer came to inspect my office. Upon entering my office, the first thing he said was, Wow, you have three big monitors! That is crazy, man!
Usually there are four monitors and sometimes more. For some IT professionals, that would be way too many monitors.
The point for executives is to know that IT professionals need to utilize IT effectively. If more monitors will help, then buy them more monitors. Personally, I find that it is easier to have everything open in front of me without needing to rearrange and flip windows. I have had so many birthdays that I would need to strain to see a bunch of small windows on fewer monitors. With 27" monitors being so inexpensive and the wide availability of USB to video adapters, if people need to have many applications open simultaneously, the time savings can pay for the monitors quickly.
In order to help you effectively manage risks and prevent fraud, one goal of this book is to get your network to the point where it can, to a large degree, take care of itself. Then, your IT professional will be able to be proactive and do things that help your network, streamline it, and make it better. This then enables your IT staff to flourish and protect your company instead of running around and putting out fires.
But to get to that point, you as an executive need to be involved at some level. No, you certainly do NOT need to become an IT guru. In fact, you may not need to know much technology at all. But what you do need is a basic understanding of the concepts related to the building blocks for cyber security, risk management, and network reliability so that you can make informed decisions that define and affect the success of your company, not just IT initiatives.
You, the executive, will benefit when you know about technology and IT issues. You can:
• Understand enough to provide crucial input to the IT decision making process
• Free up your IT professionals’ time by reducing the need for firefighting
• Better handle risk management
• Address cyber security to protect the sensitive data entrusted to your company
• Create a mature disaster recovery plan
• Implement the strategic goals that support your organization’s future
As you read this book, feel free to hop around, skim some chapters, skip others, and only drill down into what interests you the most. Do NOT