Author:
Today, the board of directors is responsible for appointing tech-savvy members and protecting the organization from risk. It’s no easy task.
In an era of rapid innovation, organizations and associations are vulnerable to more avenues for cybersecurity threats than ever. The boardroom is no exception. Jeff Middlesworth, CEO of Boardable, explains why an organization’s governing body must now rely on virtual meetings and document exchanges to enhance board management.
Since data breaches increased by 15.1% in 2021 compared to the previous year, mitigating cybersecurity risks is more critical than ever. Cybersecurity worries have only grown since Russia invaded Ukraine. More than half of companies reported cybersecurity as the most impacted part of their business since the beginning of the conflict.
Today, the board of directors is responsible for appointing tech-savvy members and protecting the organization from risk. It’s no easy task. Boards must:
- Establish digital governance committees
- Understand which security features to look for in a tech stack
- Educate themselves with varying levels of technological know-how
- Implement approaches that combine policy and technology
- Leverage a fully secure virtual meeting platform
How Cybersecurity Flaws Affect Your Business
Cybersecurity flaws derive from competitors, foreign powers, hostile hackers and lack of security configuration. Yet as quickly as we develop new technologies to prevent hacking, cybercriminals find ways to exploit them via phishing, malware and ransomware attacks to gain access to sensitive, valuable data.
These threats increase a company’s odds of losing:
- Business plans
- Customer and employee data
- Financial records
- Intellectual property
- Money
- Product ideas
It takes an average of 287 days for businesses to detect a data breach. Companies should consider these threats and work with their board to develop defense plans.
How Boards Can Help Enhance Cybersecurity
While cybersecurity threats continue growing, so do effective solutions to prevent attacks. Boards can no longer sit by the wayside and let IT handle the brunt of the work. Maintaining cybersecurity is not just a technical problem but also an organizational issue. With the power to give companies the tools and guidance they need to prevent cyber risks, boards are now the first line of defense against online threats.
Mitigating cybersecurity risks now starts with board proactivity.
1. Digital governance committees
Establishing digital governance committees increases your company’s accountability and ultimately improves decision-making regarding maintaining cybersecurity. Digital governance committees must include individuals who understand the complexities of cyber risks and how to address them. Once boards recruit these digitally-savvy committee members, they should dig into the specifics of cybersecurity risks and — if necessary — how to manage them.
Establishing digital governance committees increases your company’s accountability and ultimately improves decision-making regarding maintaining cybersecurity. Digital governance committees must include individuals who understand the complexities of cyber risks and how to address them. Once boards recruit these digitally-savvy committee members, they should dig into the specifics of cybersecurity risks and — if necessary — how to manage them.
For example, the committee should prepare to answer the following questions:
- What does a data breach look like?
- What should we do in the event of a data breach?
- What steps need to be taken to build cybersecurity?
Holistically, your digital governance committee should be able to distinguish outside threats and how to address them.
2. Security features
It has become critical for boards to understand their company tech stack’s security features. With malware attacks increasing 358%, ransomware attacks increasing 435% and phishing attacks accounting for over 80% of security incidents, companies must prioritize effective cybersecurity technology, processes and protocols.
Perimeter security technology — a shield for your business — includes web application firewalls, spam filtering, content filtering and antivirus software. Authentication tools also keep unwanted guests from snooping on your business data. Multifactor authentication requires a secondary method or device to authenticate users. Other security measures, such as password management, need employees to update their passwords consistently.
Finally, boards must evangelize and encourage companies to implement backup and disaster recovery tech. This technology allows businesses to retrieve lost information compromised by data breaches.
3. Educated board members
Adding just one board member with cybersecurity knowledge helps colleagues disseminate crucial information about prevention and risk management.
During each meeting, boards should also allocate time to discuss current cybersecurity risks and preventative strategies. By dedicating time to discuss risks, board members have the opportunity to raise questions and carve out their role in helping address cybersecurity threats.
Lastly, companies should include boards in all cybersecurity training programs. Plenty of training programs exist designed to increase cybersecurity literacy. Your business’s security goals and the board’s current knowledge level can guide you in choosing the right one.
4. Combining policy and technology
Instead of scaring boards into preventing cybersecurity threats, enlighten them on the importance of protection. For example, boards should encourage IT departments to set strict employee password requirements and use password management technology to store and update passphrases.
Social media remains the king of the internet. Boards must also set social media limitations for those within the company. Restrictions include prohibiting employees from sharing sensitive business information online or using social media during work hours.
Despite the growing popularity of remote and hybrid work environments, boards must consider developing and implementing policies dictating how, where and when employees can access their business devices. Additionally, boards should set restrictions on removable devices — or, if required — IT departments must perform virus scans before devices connect to business systems.
Many companies are implementing a zero trust framework that requires all users to be authenticated and authorized before being given company data and app access. Boards should also consider a zero trust framework to prevent unauthorized access from unauthorized users.
5. Secure virtual meeting platforms
As more businesses communicate digitally, they must prioritize maintaining security across virtual meeting platforms. With tools like agenda builders, minutes makers, document centers, polls and voting, and messaging protected by robust security measures, the right virtual meeting technology allows companies to communicate effectively and securely.
When vetting a virtual meeting platform, boards must choose one with administrative, technical and physical safeguards to protect sensitive data. Also, ensure the platform complies with General Data Protection Regulations.
Data breaches cost companies an average of $4.35 million per breach. That number should raise eyebrows no matter how large or small the business. A multimillion-dollar data breach drains assets and puts companies on precarious financial footing.
But failure to prepare for these threats goes beyond monetary value. Businesses lose customer and employee confidence with each data breach – their sensitive data is at risk. Companies suffer significant reputational damage. It takes companies months – sometimes years – to recover from the consequences of cybercrime.
Prowling cybercriminals often remain undetected for months. Don’t wait to prioritize cybersecurity. The best time for boards to take the necessary steps to enhance their company’s security is now. The health and well-being of their company depend on proactive cybersecurity measures. Boards are pivotal in helping IT, and security teams build a protective layer around their digital assets and set security standards for the entire organization.