As the number of cybersecurity incidents continues to rise, cybersecurity best practices for boards of directors are critically important. It’s not enough to put cybersecurity on the agenda: directors should have a practical understanding of the cybersecurity threats their organization faces and a plan in place to respond to them.
Recent years have taught us one thing above all: the pace of attacks isn’t slowing down. IBM’s 2020 Cyber Resilient Organization Report shows that more than half of all organizations have reported significant disruption due to a cybersecurity incident in the past two years. In addition, the total average costs of data breaches continue to rise, in 2019 up 1.5 percent from 2018, and up 12 percent since 2014. And while board members may not be cybersecurity experts, they still play an essential role in securing their organizations: board-level involvement in cybersecurity reduced the average cost of a data breach by $180,000.
Here Are the Top Five Cybersecurity Best Practices That Your Board Should Be Using:
- In 2019, extensive use of IoT devices and mobile platforms was found to increase the average total costs of a data breach by $160,000 and $240,000, respectively. Given the current shift to remote work, it’s essential that all board members all board members must have appropriate security in place. Device passwords must be complex, laptop computers and mobile devices equipped with remote wiping, and IoT devices secured against intrusion. Because home Wi-Fi networks are rarely as robust as corporate networks, and hardware-based VPNs may not provide adequate security either, organizations should ensure that scalable network security solutions are available to all remote workers.
- Cybersecurity threats are constantly evolving, so regular cybersecurity training for board members is essential. This should include instruction about identifying potential risks such as malware and phishing emails, training about the risks involved in file sharing and using personal devices, and steps to take in the event of an attack.
- Just as it’s essential that board members and business leaders understand key cybersecurity concerns, IT and infosec leadership must also understand how the business runs. When boards foster effective communication with security leadership, IT will be better able to establish effective protections against outside threats.
- In 2020, organizations experiencing third-party breaches included General Electric, Marriott and Instagram. Boards must take steps to identify critical vulnerabilities, not only within your own organization, but also in and third parties (such as partners, contractors and suppliers): in 2019, third-party involvement increased the average cost of a breach by more than $370,000. As outsourcing essential services becomes more common, and with supply chains getting longer and more complex, businesses must pay greater attention to the cybersecurity practices at every partner.
- Boards must establish response and reporting protocols to be followed in the event of a breach. In addition to the initial response to a breach (countermeasures and mitigation), the emergence of data protection legislation such as GDPR, which allows for the imposition of significant penalties (up to 20 million euros, or 4 percent of total global revenue, whichever is higher) makes reporting a priority.
How Board Governance Software Can Help You Achieve Cybersecurity Best Practices
With boards expanding their work well beyond the boardroom, a safe and secure way to share meeting materials is essential. Diligent Boards is a board portal software solution that offers real-time updates for board materials wherever and whenever members need them, streamlines secure collaboration on documents, and even enables secure, confidential virtual board meetings, with no need to rely on third-party hosting.
When boards take an active role in cybersecurity, organizations are better able to reduce the risks of threats from outside. You can learn more about how Diligent Board Management Software gives your leadership the tools to work securely through a demo with our team.