As the world continues to adopt technology, hackers have started to shift the focus of cyberattacks from machines to people. Cybersecurity is an incredibly important topic for organizations of all sizes across all industries. With the worldwide transition to more digital information comes the added need for increased protection.
Don’t Overlook the Human Factor
Cybersecurity conversations in the boardroom often revolve around updated technology stacks, strong firewalls, and significantly involving the IT department. The element of these conversations that can easily be overlooked is the “human factor.” The majority of cybersecurity risk events occur at the desk of an employee. Phishing emails, fraudulent emails designed to extract valuable information from employees, account for 91% of successful hacking attempts. This becomes especially concerning when considering the often sensitive information board members work with daily.
Organizations rarely invest in and plan for the human component of cybersecurity until after a breach has occurred. For significant breaches, this can cost the organization millions of dollars, and the types of risks and methods of preventing them change almost daily. Instilling a culture of cyber interest and awareness equips an organization to better handle changing cybersecurity threats. Many executives have the mindset that cybersecurity is the responsibility of IT; instead, it is everyone’s responsibility. Employee awareness should be the first line for defense of an organization’s digital assets.
According to BakerHostetler’s Data Security Incident Report, human error accounted for 24% of cybersecurity incidents, finishing only second to Phishing/Malware at 31% (which still requires a human error to activate). Sharing of passwords, poor patch management, double-clicking on unsafe URLs, and organizational access through a personal device are just a few human errors that lead to a security threat, many of which could be mitigated.
But what about boards of directors? How can they minimize risk? They don’t fall under the category of employees, typically use an outside email address, and most aren’t experts in cyber threats. And yet, they handle/view some of the most sensitive information a company owns. In addition to ensuring that you are providing your board members with a secure way to receive information (emails and password protected pdfs do NOT fall into this category), setting expectations for the handling of this information is critical. At least once a year, a cybersecurity expert should speak to the board to keep data safe. These sessions should include helpful tips like checking the URL of a site asking for information, and turning on auto-logout.
Cybersecurity Training Plans
Training programs must include a cybersecurity policy covering device safety, communication security, document sharing, etc. Include annual updates to procedures and expectations to ensure that organizations stay compliant and protected against threats and cyber risks.
The standardization of cybersecurity policies can allow an organization to build a culture of security-conscious individuals. The following are a few programs that can help in pushing your organization to a more cyber-secure environment.
Compliance programs: Establishing compliance with your cybersecurity policy is more than writing a set of rules. Compliance is ensuring that people are indeed adhering to those policies. Create a system or team to manage and monitor compliance with the security measures outlined in your policy.
Rewards programs: Consider a rewards program to incentivize members to find ways to improve the organization’s cybersecurity. Small but significant tweaks to what the company is already doing can have a wide-spread effect.
Accountability programs: Rather than eroding trust by encouraging coworkers to turn each other in, create an environment that encourages team members to hold each other accountable, gently. Enforce the use of your chosen password manager, single-sign-on provider, and other security tools.
BoardBookit is on Top of Cybersecurity
Board portals like BoardBookit are the technology that all boards should utilize to enhance board cybersecurity practices without sacrificing security for convenience. All documents and data are stored in a highly encrypted, cloud-based platform. Redundant managed firewalls, SSAE-18 certification, and backup sites in disaster neutral areas ensure that information is protected. Data, including discussions, voting, and reporting, are all encrypted in transit and at rest for your peace of mind. In addition, our tamper-proof eSign function incorporates military-grade digital signature technology that creates a legal audit trail and immediately invalidates a contract or document if any changes are detected.
BoardBookit understands how critical board cybersecurity and encryption is for boards, so we incorporate 2-factor authentication (2FA) on our board portal. 2FA helps protect against phishing, social engineering, and password brute-force attacks and secures logins from attackers exploiting weak or stolen credentials. BoardBookit protects your boards’ information and always helps users take that extra step in board portal security.
BoardBookit also takes into consideration the importance of enterprise-wide risk management with internal granular permissions. Permissions can be set almost everywhere within the BoardBookit platform, including agenda items, document folders, polls, voting, and financials. We also included data retention features that allow admins to safely and securely purge documents, drafts, and notes. Remote wiping capabilities mitigate board cybersecurity risks if a device is lost, stolen, or compromised.
Boards must recognize their role in board cybersecurity for their organization and work to prevent catastrophic data breaches. Boards should also utilize board portal software to securely house and encrypt documents, data, and communication to keep sensitive information out of perpetrators’ hands.
BoardBookit was designed with the security needs of organizations in mind. By consolidating board best practices and communication tools, BoardBookit has created a space to protect our users’ cybersecurity without impeding productivity or connection. With the above industry-standard security practices, BoardBookit provides an additional layer of protection to your board.
Ready to get started?
Schedule a live demo and discover the BoardBookit Difference.
Interested in Learning More?
Read the latest board governance resources from our blog.