Guest post by Rebecca Gray

Today, the most valuable commodity many companies have is not a product, but information – proprietary systems, processes, patents, or financial information, and the damage inflicted by a security breach goes far beyond its immediate costs. Top management sets the tone – and the potential effectiveness – of the company’s security practices. The following represent some of the critical aspects of what you as a company leader must do in order to maintain effective security programs:

Awareness – Adequate security includes awareness of potential threats, as well as the means for protecting against those threats:

• In-house or contracted security? – Depending upon the size of the company, dealing with security issues might be beyond in-house capacities, with leaders forced to rely upon security experts to determine risks, to craft, and to implement policies. The challenge is to understand security liabilities well enough to deploy the security solution that best addresses risk and exposure.
• You don’t need to reinvent the wheel – But you do need to understand how it works. There are excellent books, white papers, workshops, and websites available to help company leaders understand modern security measures.
• Keep your legal counsel in the loop – Like security issues, privacy laws are constantly changing, and you don’t want your security measures to leave your company vulnerable to litigation. Your legal representatives should review security plans before they are put into play.

Commitment – Once you have decided upon your company’s general requirements and capabilities, you will need to formulate and implement a viable security plan. This will involve:

• Authorizing appropriate security staffing or submitting, reviewing, and approving bid requests for contract security services
• Learning and understanding the proposed policies and procedures
• Supporting policies and procedures once they are developed and approved.

Follow-through – Merely implementing a security policy isn’t enough. Corporate leaders must endorse security efforts wholeheartedly. To ensure that there is ongoing engagement from both sides of the table, consider these ideas:

• Stay up to date on security trends, news, and issues –Leaders must stay abreast of major changes and how they might affect their organization.
• Include security news and updates in regular employee communications – Update all affected employees when security changes occur.
• Seek employees’ feedback – Employees are most familiar with daily operations, so they furnish the best feedback about security policies.

You need to recognize that a breach in your company’s security – even a seemingly minor one – poses a significant threat to the vitality of your company. Preventative policies and efficient responses to security problems set the tone for success within your company, supporting employees and customers’ safety and security as well as the company’s profitability

Rebecca Gray writes about criminal background check for Backgroundchecks.org. She welcomes your comments at her email id: GrayRebecca14 [at] gmail [dot] com.

—
The Product Management Perspective: Typically product managers have little to no involvement in company security. However, they do have the responsibility to make sure their products comply with the company’s security policies, and more important, that they comply with the security needs and concerns of their customers.