Microsoft Security Chief Says Every Business Needs a Security Plan
Too many businesses wait until it's too late to think about their company's physical security and cybersecurity issues. That's not good for business, according to Mike Howard, chief security officer for Microsoft.
Howard, an ex-CIA officer who handles all physical security for the company's worldwide operations, says that integrating a security team or plan into your company's day-to-day operations is the key to getting the most value from it.
"Security is not something that should be thought of as 'break glass only in times of emergency,'" he told BusinessNewsDaily in an exclusive interview. "It affects a brand's reputation, can result in lawsuits, and requires initial investments up front."
If you don't want to spend money on security now, you'll surely pay more later, he said.
Howard should know. His security team is ultimately responsible for the safety and security of Microsoft's entire executive team, its 90,000 employees, roughly 90,000 contractors, 700 facilities in more than 100 countries worldwide and all of the visitors to those facilities. He's also responsible, of course, for all of their computers and hardware and the information it they contain.
Howard said it's understandable that businesses may not spend a lot of time focusing on security.
"Businesses rightly so are focused on making a profit and that's going to be their natural concentration," he said. "I understand a company's main emphasis is not on security."
It's a mistake, however, to underestimate the importance of security issues at a business of any size, Howard said.
"Companies don't take the time to understand the role of security in an organization," he said, referring to everything from employee safety to theft to cybersecurity. "When it comes time to carve out funds for security, there's a benign lack of knowledge or interest because there are higher priorities."
Howard has made it one of his top priorities to educate Microsoft's senior management about how important security is.
"Businesses are a microcosm of society and there is a tendency to be in denial about having a general security awareness. The mindset is, it's never going to happen to us."
He said that companies tend to want to spend money on what's most likely to give them a visible and timely return on investment.
"For a company like Microsoft, our biggest threats are cybersecurity because software is our bread and butter. Piracy is a threat to us, too," he said.
Howard offered a few suggestions on how businesses can better deploy security plans through their companies:
- Get senior leader buy-in from the beginning;
- Create education and awareness programs that socialize employees and vendors and encourage them to report suspicious employees;
- Keep people aware of travel security;
- Have a robust employee assistance program. In a bad economy, people are worried about their employment, their families, etc. Having someone to talk to is important in eliminating potential security threats from troubled employees.