It's hard to argue that there was a time when security was not at the top of an IT executive's to-do list, but there is a big difference between, say, 1990 and now.

It's hard to argue that there was a time when security was not at the top of an IT executive's to-do list, but there is a big difference between, say, 1990 and now. Of course, it all has to do with the Internet and, more specifically, doing business over it. This singular trend has magnified the opportunities for data compromise many times over and placed security at the top of concerns for managers at many companies.

These execs realise that no one is immune, and it's their job to protect their companies from the kind of costly and embarrassing misfortune that recently befell Microsoft, for example. Still, realistic CIOs understand that there's no such thing as absolute security. As one CIO told me about his site, "Common Web hacks are reviewed and managed, but I would guess we could easily get hit by experts if targeted. We don't have the budget to avoid it. ... Bottom line: Vulnerability has a direct linear relationship to an IT security budget and your company's visibility."

The fact that everyone is vulnerable to a greater or lesser extent hit us here at eWeek in a very direct manner recent ly when an eWeek eSeminar that I moderated was hacked while it was in progress. I suppose we should have expected as much since the seminar was about security vulnerability. As this goes to press, we've discovered that someone posed as a presenter and lurked silently until near the end of the presentation, when the hacker made his or her presence known. What's sobering is that the intruder could have been far more malicious than he or she was.

Some of the best advice in that eSeminar came from the U.S. Army's Robert Rosen, who said you must prepare a plan that covers what to do once you are hacked. Know who you will call - which law enforcement officials, which lawyers - when the worst happens. Although details of Microsoft's response are at this point a bit murky, it appears that the company didn't have a game plan in place and waited far too long before acting.

When a breach occurs, do not fire the IT manager in charge of security, except where gross negligence is obvious or if he or she colluded in the attack. We're in a new area of security. Hackers are emboldened and inspired. No one can know or foresee everything.

Microsoft is learning a hard lesson about public relations right now as a result of being hacked. Everyone knows that in the age of e-business, the importance of brand is huge. Anything that weakens it in any way can have long-lasting repercussions. As an IT manager, brand is your respon sibility, too.

If you don't know your company's public relations director, the time to make his or her acquaintance is now, not after your company has been hacked and it's damage-control time.

It's a lot easier to build and maintain a strong brand than it is to fix a broken one.

If the worst happens, what's your response plan? Let me know at stan_gibson@ziffdavis.com

Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved.
ZDNET is a registered service mark of CBS Interactive. ZDNET Logo is a service mark of CBS Interactive.