Why High-Access Employees Need Digital Executive Protection
At BlackCloak, we talk about the urgent need for businesses to protect the personal digital lives of executives, Board Members, and high-access employees.
For the most part, security teams have come to understand why digital executive protection is a necessity for the C-Suite. With the keys to the corporate kingdom at their disposal, it’s no surprise that 84% of C-level executives have been targeted by a cyberattack in the previous year.
Making matters worse for security teams, 76% of CEOs admit to bypassing security protocols to get something done faster, sacrificing security for speed, according to Forbes.
In addition, Board Members are also increasingly recognized as an insider threat to organizations. According to the Verizon Data Breach Investigations Report, Board Members are 12xs more likely to be targeted by a cyberattack than an organization’s employees.
A successful cyberattack on a Board Member could impact more than one company. That’s because 36% of Board seats are filled by individuals serving on more than one Board.
Who is a high-access employee?
The need to provide digital executive protection to the C-Suite and Board Members is increasingly a fait accompli. But what sometimes remains a point of debate is the need to protect the personal digital lives of high-access employees.
That’s because, for some organizations, there is ambiguity around who constitutes a high-access employee and why they present a unique risk to the company. This list is intended to bring clarity to security teams pondering these important questions.
High-access employees in need of digital executive protection include:
- Executive Assistants and Chief of Staffs – It can be argued that executive assistants and chiefs of staff have more access to confidential personal and proprietary business information than anyone in the organization outside of the C-Suite. They are often provided with passwords, given financial responsibilities, know the whereabouts of executives, and have insight into highly-sensitive initiatives, such as M&As, lawsuits, restructuring, etc. A compromise of an executive assistant or chief of staff could create a significant physical and digital crisis situation.
- Deputy C-Suite – Many large organizations have a leadership succession plan in which individuals are groomed for C-Suite positions. Such personnel have mostly the same visibility and access into confidential data and information as those currently in their future role. A compromise of these individuals can lead to unauthorized access that makes a data breach, fraud, or identity theft possible.
- R&D/Product/Engineering Leadership – There is perhaps no bigger disruption to an organization than if a cybercriminal were to compromise, extract, or publicize intellectual property, the product roadmap, or other proprietary information related to confidential research and development initiatives. Protecting the personal digital lives of personnel who are key to what the organization sells should be at the top of the list for digital executive protection.
- Information Technology Admins – Targeting system administrators, architects, and other key IT and cybersecurity posts could yield a weakness in their personal life. Such weaknesses could allow for access to a corporate VPN, a privileged account management solution, or other corporate backdoors that can then be further exploited.
- Accounts Payable/Accounts Receivable – Cybercriminals follow the money. And other than the CFO, nobody has more insight and access into company financials than those who run accounts payable and accounts receivable. It is common for hackers to try and social engineer AP/AR employees, and such cyberattacks are increasingly originating in personal email accounts.
Additional high-access employees may be identified on a per company basis. Such personnel can include high-profile or celebrity-like spokespersons, in-house counsel, senior marketers. Other high-access employees are specific to industry, product and target market.
Protecting personal lives with digital executive protection
Savvy cybercriminals now know that the path of least resistance into the enterprise is through the personal digital lives of company employees. Recent attacks on Twilio, Cloudflare, and Cisco confirm just that.
That’s why enterprise security teams must begin to look at high-access employees’ personal digital lives as a potential attack vector. They must protect these individuals with the same sense of urgency as they protect the C-Suite and Board Members.
Digital executive protection by BlackCloak ensures that the personal devices, personal accounts, home networks, and more of high-access employees are protected 24/7/365. Acting as an independent extension of corporate security teams, we harden the personal digital lives of an organization’s most at-risk personnel while keeping their privacy intact.