Board members and the C-suite are key targets for cyber-threat actors, due to their access to highly sensitive information. Yet too many of them are putting their organizations in harm’s way with daily use of personal email to communicate sensitive topics. Senior executives aren’t just taking the occasional risk; they are working in a permanent state of risk.
The reality is that today’s boards are intrinsically linked to risk management of their organizations – including cyber risk, third-party risk, supply chain risk and a plethora of responsibilities like ESG, compliance, and diversity and inclusion. This means it’s vital they have complete control of confidential communications and can securely share information and data for the most effective collaboration – particularly to elicit a fast response and recovery in the event of a security breach.
For-profit and nonprofit organizations face some of the same cybersecurity challenges. Phishing remains the most common threat vector and the risk of being hit by a ransomware attack is increasingly higher each year.
But unlike for-profit organizations, the boards of nonprofits not only handle highly sensitive information like donor information and fundraising data, but also rely heavily on the trust and goodwill of their benefactors. This means the fallout of a data breach is not just monetary; there’s also the possibility of donors pulling out after a security incident or prospective benefactors avoiding the organization in the wake of a breach – and the people relying on the charity’s work suffering as a result.
Nonprofit organizations are increasingly becoming a target for cyber criminals. In fact, according to the 2022 Cyber Security Breaches Survey, 26% of UK charities estimate they were attacked at least once a week. But with less access to staffing and monetary resources in comparison to its for-profit counterparts, the challenge of data security and cyber resilience is compounded.
Considering the increase in attacks on nonprofits and the level of classified information such organizations handle, one would expect board members to be fully aware of and to embrace best practices for digital projects and transformation and to mitigate operational risk. The solution is modern governance, which empowers organizations with the tools they need to safeguard data, streamline collaboration, and ultimately, drive better decision-making.
Irrespective of industry or the makeup of an organization, it’s widely known that security is one of the biggest threats facing any digital environment. The pandemic has physically distanced devices and networks and made it harder to lock-down perimeter digital defenses, exposing all companies to the increasing risk of costly ransomware attacks.
It is imperative to focus on building a culture of security which sees dedicated cybersecurity tools backed-up by human vigilance and understanding of threat levels. Here are some specific security challenges board executives and their teams are facing:
For nonprofits that operate in multiple locations, the right access privileges and centralized data systems are critical to effective data governance. Security pros are fast realizing the need to streamline and secure collaboration and communication tools.
With data arguably an organization’s most important asset, finding the right technology solution to guard it is a considered investment. Below are the key features necessary for a superior data governance strategy to ensure boards, executives and their teams can collaborate securely, make agile decisions, and mitigate risks:
An encrypted, real-time, messaging platform is the most effective way for secure collaboration and is essential for one-to-one or group board communication. As sensitive data in transit is more exposed to phishing attacks and password hacks, encryption converts this “plain text” data into a character-based, cryptographic key. It’s imperative that your technology partner is ISO 27001-certified, this being the gold standard for digital security. Other important features include the ability to revoke messages and “view-only” attachments. In this way, attachments cannot be downloaded, saved, exported, captured via screenshot, copied, or forwarded to other users. Always ensure the messaging platform is accessible via phone, iPad, or desktop for both SMS texting and email.
With sensitive information in disparate places – emails, devices, and systems – security risks are increased. It’s best to select a communication solution that combines messaging, chat, collaboration, and data storage, all contained within a single network of connected platforms. A solution that connects this secure messaging platform to file-sharing systems and board management software provides a central workstream for company leaders. All sensitive updates, conversations, and documents are drawn out of unsecured channels like email to minimize risk.
Poor usability is a barrier to collaboration and adoption of the secure system. To ensure board adoption, establish that the chosen communication solution can emulate the functionality and design of everyday apps and systems such as email and can provide updates and notifications in real-time. It’s also important to be able to support communication across groups, such as one-to-one, committees, full board, or executive team. Thorough training on product use and cyber hygiene is critical to ensure that correct usage is maintained.
With board members frequently losing or misplacing devices and the added risk of stolen identity, these incidents shouldn’t be overlooked in terms of irreparable consequences and financial costs they can cause. The communication solution must therefore allow an administrator to remotely “wipe” lost or potentially compromised devices.
Guaranteeing the proposed solution meets the stringent approval of the IT team adds an extra layer of assurance that the organization is adequately protected. CIOs and CISOs should ask about access and authorization, and admin control for access rights. They should find out the process for messages to be retained and deleted, check if data is backed-up across remote, geographically dispersed locations and if the provider offers real-time, 24/7 intelligence on data performance. The solution must meet the board’s needs in terms of password strength and lockout policies.
Amidst the increasing risks and spiraling costs of cybersecurity breaches, boards, executives, and their teams must be able to collaborate securely, day-to-day, to drive digital transformation without compromising on immediate access to the most confidential data.
Modern governance can equip organizations with the dedicated tools they need to securely streamline collaboration, manage subsidiary and entity data, and deliver insights that empower company leaders to make better decisions – all while protecting what’s theirs.
Several of the most pressing topics discussed during this year’s Conference included issues surrounding privacy and surveillance, the positive and negative impacts of machine learning and artificial intelligence, the nuances of risk and policy, and more.