Five Tips on How Boards Can Enhance Their Online Security
One study from Duke University shows that 80% of all US companies have been hacked in an attempt to steal or alter data. In 2019, breaches that damage a company’s image and shareholder value are an almost monthly occurrence.
It’s not that these organizations ignore cybersecurity. These risks are a top priority of many companies, evidenced by the $86.4 billion spent on security projects in 2018, according to one study.
Unfortunately, throwing money at the problem isn’t going to make much of a difference. Cybersecurity is too comprehensive for board members and executives just to write checks and move on. They need to get further involved and implement a well-crafted strategy.
Below, are five helpful tips for boards to enhance their online security:
1. Change the board’s perception of online security
Boards make the mistake of viewing online security as a technological issue when it’s really a core business issue.
Relying solely on the chief information security officer (CISO) isn’t a sufficient practice. Nor is viewing cybersecurity as a mere compliance issue to be managed with audit functions. Instead, boards must take measures to get involved in the process.
As such, cybersecurity necessitates a holistic and analytical approach from board members.
2. Simplifying Language
Many board members struggle to be proactive with cybersecurity – mainly due to a lack of technical understanding.
This inefficiency stems from boards passively listening to presentations from CISOs who speak in technical jargon that members could never comprehend.
These issues should be discussed with the following factors in mind, to keep the language direct and succinct:
- What is the cost/benefit of the company’s cybersecurity investments?
- What’s the company’s current status, and what’s the long-term goal?
- How are risks being measured?
3. Apply Decipherable Metrics
Like any business operation, measuring results is conducive to streamlined management.
Therefore, board members must track metrics and establish benchmarks. They also must consider the number, nature, and extent of online security risks.
4. Ask C-Level Board Members These Questions About Online Security:
- What was the company’s most notable online security incident in the past quarter?
- How did the company respond to the incident?
- Has the company experienced any near misses?
- How did the company find out about the near miss?
- What metrics are used to measure the security team’s performance?
- Has the company implemented a process to escalate severe issues and apply immediate solutions and full disclosure of cybersecurity discrepancies?
5. Use State-of-the-Art Tools
All the strategy in the world means nothing without the proper tools in place. For instance, using a board portal such as BoardMaps not only makes for fruitful meetings but enhances online security.
Messaging platforms inside of board portals are secured to ensure your crucial communications are completely confidential.
Board members and executives need to get further involved and implement a well-crafted strategy to remain secure online. Spending more and more money will only get you so far with this complex issue.