Cyber risk is a major issue for corporations and businesses everywhere. The internet has created a whole new level of risk, as businesses need to protect themselves from cybercrime and boardroom cyber-attacks. This article discusses the common threat vectors that business owners should be aware of, as well as the preventative measures they can take to ensure their business stays safe from remote boardroom attacks.
To guarantee that their members properly accomplish their tasks, boards must entrust sensitive data to them.
A data breach including sensitive board information, on the other hand, can result in expensive lawsuits and ruin an organization’s reputation.
When COVID-19 hit, companies turned to remote work, Zoom meetings and distributed IT. These measures bolstered health and safety, but also invited increased cybersecurity and identity-based attacks. In April 2020, the FBI’s Cyber Division reported receiving about 400% more cybersecurity complaints daily.
While recent research shows that 100% of senior IT and IT security leaders say they are more focused on security than in the past, OnBoard’s latest survey found that only 57% of board directors, administrators and staff members see cybersecurity as an important issue.
The average data breach in the United States costs $8.64 million, according to IBM’s 2020 Cost of a Data Breach report.
The cost climbs for businesses in highly regulated areas, like as healthcare, where the average cost of a data breach is the highest.
The Sources Of Cybersecurity Threats In The Boardroom
According to Verizon’s 2020 Data Breach Investigations Report, 70 percent of all breaches were carried out by third parties. Human error, compromised passwords, or malicious assaults on known weaknesses in software such as remote meeting tools are all examples of breaches.
Because they have access to a lot of sensitive information, cybercriminals frequently target CEOs and professionals who sit on boards. IBM Security X-Force discovered a global phishing effort targeting over 100 high-ranking executives in 2020.
Best Practices to Prevent Board Cyberattacks
While boardroom cyberattacks always remain a threat, the recent increase in remote meetings and electronically-shared information require organizations to take action. Below are five ways to reduce risk:
- Securely manage all board materials digitally: Many boards still rely heavily on printed versions of board books, disclosures and other important materials. But printed materials can easily get into the wrong hands, especially now, as more boards meet virtually or send documents in the mail. Some institutions choose cloud-based services like Google Drive and Dropbox to share materials. But these solutions offer inadequate security to prevent cybercriminals from stealing sensitive data, including personally identifiable information (PII). A secure, digital solution can prevent such attacks. It also gives board members access to relevant documents from a single portal. Security measures for a board portal include encryption, two-factor authentication, and biometric scanning devices, such as voice, fingerprint, facial or iris recognition. Additionally, tracking which documents each board member accesses and shares give boards the power to thwart insider attacks, and more quickly contain them if they happen.
- Set appropriate permissions: Board members need access to the right information to fulfill their roles, but not all board members need the same level of access. For example, board members in many industries complete an annual questionnaire disclosing any personal conflicts of interest. A conflict of interest might limit a member’s access to information on certain topics. Assign appropriate positions to board members to give them access to what they need to succeed—no more and no less.
- Protect meeting minutes: Meeting minutes represent the official record of a board meeting, offer protection against liability, provide evidence of decisions, and create a clear list of actions and next steps. Board administrators often distribute meeting minutes via email or online, but minutes delivered this way can inadvertently expose confidential information, resulting in litigation, expense, and reputation damage. Make it a priority to protect meeting minutes. Prepare minutes quickly and destroy notes used to compile them, make minutes available to board members in a read-only format, and consider limiting how long a member can access them digitally.
- Require board members to use company email addresses: Personal email accounts lack adequate security for sensitive information. Provide board members with a company email address and require that they use it for all board-related communication.
- Wipe vulnerable devices: Board members often access information on a number of electronic devices. While it is important to ensure they can work while on the go, it is also critical to insist that board business be conducted only on safe, trusted devices. Board members may lose or replace their personal device for whatever reason. According to Statista, consumers replace smartphones about every three years, and enterprise devices are replaced more frequently. Consider wiping all locally stored information from devices that have not connected to the internet within an established period, such as 90 days.
Making Board Cybersecurity a Priority
Cyberattacks in the boardroom can lead to costly consequences. Take action now to mitigate board cybersecurity risk, while ensuring that board members can access the information they need to be successful in their essential roles.