Important Issues Facing Nom/Gov Chairs & Committees

Henry Jiang
In today's climate of escalating security risk and increasingly high stakes, boards cannot leave security to chance. Boards of directors and executive teams need an extra layer of security to ensure their governance information and materials always remain safe and secure, but many are unaware of the basic data protection fundamentals and gaps in their security processes which leave them vulnerable.

Diligent Institute examined 14 companies that experienced crises of varying degrees due to governance deficits, such as cybersecurity pitfalls. The report found that these crises destroyed a total of approximately $490 billion in shareholder value across the 14 companies when measured one year later. Additionally, the companies in question underperformed their sectors by 35%, on average.

If your organization secured your governance materials within a board and leadership collaboration platform, you've taken the first step. To further mitigate cyber risks, apply these three principles to improve your everyday cybersecurity hygiene.
  1. Keep your software up-to-date
  2. Maintain a strong authentication method and keep your password secure
  3. Be aware of social engineering

1. Keep Your Software Up to Date

Many successful cyberattacks are the result of cybercriminals taking advantage of vulnerabilities discovered in corporations' software. The vulnerabilities can reside in operating systems such as Microsoft Windows, Apple's MacOS or iOS, or directly in applications. The software industry follows best practices by constantly reviewing and patching any potential issues, which is why it is super important for users to update their apps in a timely manner. At Diligent, we always keep our apps up to date, so we can continue to provide the best user experience and the most secure features to our user community.

Security technology is constantly evolving; unfortunately, so are attack methods. One of most effective ways to stay ahead of adversaries and prevent cyberattacks is for software users to keep their software on the latest version.

This is where technology companies need you to play your part in completing those updates. The good news is it is very easy to update software these days. For example, most modern app stores such as the Apple App Store and the Google Play store can automatically push app updates to your mobile device.

2. Maintain a Strong Authentication Method and Keep Your Password Secure

The technologies behind data protection are very robust thanks to technology such as strong encryption. Attackers are fully aware that it is virtually impossible to break encryption with brute force, so they go after users' passwords by trying to guess commonly used, shorter and weaker passwords.

Did you know that it will only take attackers 2.22 seconds to crack a password such as 'Picture1?'. However, by simply adding a few more words after that password, i.e. 'Picture1withbluesky,' it will take attackers 36.72 billon centuries to crack that password?

Your password is the last layer of defense, so please treat it with great care. Consider using longer passphrases, such as 'Picture1withbluesky'above, instead of shorter and seemingly complex passwords. Try combining multiple dictionary words into a much more difficult-to-crack passphrase, and use a different passphrase on each of your apps.

3. Be Aware of Social Engineering

Most malware and data leakage incidents were result of phishing emails or vishing (voice phishing) calls. In fact, 91% of successful hacks originate from phishing emails. If you receive an email or voice call that looks or sounds suspicious, it is always good to take extra precautions by contacting your IT or security team and asking them to check the content. If you don't have access to an IT or security team, you can ask the sender via a known good communication channel such as a verified phone number or email address to confirm.

Diligent's solutions help directors, executives and their teams work securely, increase productivity, and protect their organizations from risk. By ensuring you follow these three steps in addition to implementing a secure ecosystem for governance materials, organizations can communicate swiftly and effectively, to make agile decisions and to mitigate security risks.
Related Insights
Henry Jiang
Henry is the chief information security officer (CISO) at Diligent Corporation. In his role, Henry is responsible for all aspects of Diligent's cybersecurity program including governance, risk management, security operations and product security. He previously served as CISO at Oppenheimer & Co., and as the Head of Cyber Risk at Soci't' G'n'rale Corporate and Investment Banking (USA). Henry has served on the customer advisory boards for numerous technology and cybersecurity companies and is an active contributor to cybersecurity community via his blog posts, book chapters and podcasts. He holds a CISSP certification.