What Every Board of Directors Needs to Know to Avoid Being Hacked
Experts predict that a ransomware attack occurred every 11 seconds in 2021.
This disconcerting statistic does not exclude board members. In fact, those who are part of a board of directors may be even more prone to cyberattacks. Board members are privy to particularly sensitive information relating to the companies they work with, which means hackers may have more to gain by targeting their accounts.
Board members have the responsibility of protecting the private information they access and share. In fact, the National Association of Corporate Directors (NACD) recently updated its “Director’s Handbook on Cyber-Risk Oversight” in response to the rise in cyberattacks launched on boards of directors.
Board directors must be proactive in protecting information and preventing cyber risks for their organizations. Below are six actions that the NACD recommends board members take:
5 Core Principles of Cybersecurity For Board of Directors
-
Understand and approach cybersecurity as an enterprise-wide risk management issue, not just an IT issue.
-
Understand the legal implications of cyber risks as they relate to the company’s specific circumstances.
-
Have adequate access to cybersecurity expertise and give cyber risk management regular and adequate time on board meeting agendas.
-
Set the expectation that management will establish an enterprise-wide risk management framework with adequate staffing and budget.
-
Management discussions should include identification of which risks to avoid, which to accept, and which to mitigate or transfer through insurance.
Create Strong and Unique Passwords
Setting ironclad passwords on your accounts is one of the best (and simplest) ways to protect sensitive information, but it’s a step many people continue to neglect. In the short-term, it appears easier to reuse memorable passwords across multiple sites. But when all of a person’s accounts are hacked at once, that’s when people realize that reusing passwords is not a good long-term security practice.
Best practice is to create unique passwords that don’t include your personal information (your address, names of family members or pets, or birth dates). You can sign up for a secure password manager in order to track all of your passwords.
Unique passwords should be a particular priority for online banking accounts and file storage sites.
Use Enterprise-Level Security For File Sharing
Some of the most sensitive information board members access and share is located within files and documents. Boards of directors need to be able to share board materials with other board members, but also restrict access to those outside the organization.
There are a handful of file sharing apps that are low-cost or free, but they are not the most secure platforms on the market. In order to safely share board materials and other highly sensitive materials, board members should use a board portal that meets or exceeds industry security standards.
Common security features include:
-
Encryption in transit and at rest
-
Data and site back-up
-
Firewalls
-
Board management permissions
Separate Business and Personal Files
Board members should never share personal and business data through the same file storage or email account.
Separating the two accounts helps ensure that personal information is kept personal, and vice versa, for board-related information.
This is particularly important in the event of a litigation. During litigation, business emails may be delivered to the other party. If any correspondence between the attorney and client took place with the business email, the communications may be released to the other party.
Monitor Accounts Regularly for Suspicious Activity
All members of an organization, including the board of directors, need to be on the defense in terms of cybersecurity. That means being able to identify suspicious activity and report it.
Some ways to monitor accounts include:
-
Avoid opening emails from suspicious accounts.
-
Before opening links or attachments in emails, verify that the email address is accurate and from someone you know (some hackers will change one letter or number in the email address to disguise as someone you know).
-
Check your file sharing settings to ensure they are only being shared with people you know and trust.
Hackers become more sophisticated every year. They often use personally relevant information to gain access to your accounts. Be aware and vigilant.
Never Use Email to Share Sensitive Documents
We cannot stress this enough—email is not safe for sharing confidential information. It could fall into anyone’s possession, which is why you should never include confidential or sensitive information within an email.
Does it pass the postcard test?
Think of every business email you write as a postcard that just about anyone can see. Do you feel comfortable with the content or attachments possibly reaching the public?
If a document must be shared externally, a secure enterprise-grade file sharing system or board portal is the best way to increase security.
You Can’t Be Too Careful About Where You Store Sensitive Documents
Board members are high-value targets for hackers. It may be because of their board affiliation, or because of their high profile outside of their board position (think Colin Powell and Salesforce). It’s crucial that they understand their increased risk and follow best practices for cybersecurity.
Interesting in learning more about Govenda's enterprise-grade board portal security? Read our Board Portal security overview!
Other posts you might be interested in
View All PostsInsurance Companies and the Future of Governance
Read MoreThe Emerging Role of Board Cybersecurity Risk Management
Read MoreThe Human Factor of Cybersecurity in the Boardroom
Read MoreSubscribe to email updates
Get updates delivered directly to your inbox.