In a time where data breaches and cyber threats are on the rise, safeguarding sensitive information is critical.
Cybersecurity should be a key concern for boards. It is a vital aspect of modern corporate governance, directly impacting a company’s financial health, reputation, compliance and ability to navigate a rapidly evolving digital landscape.
Understanding the stakes
There is no place for a ‘she’ll be right’ or ‘it won’t happen to us’ attitude to privacy and cyber security.
There have been major cyber attacks in Australia and New Zealand including:
Latitude – The Australian personal loan and financial service provider Latitude was impacted by a data breach that impacted over 14 million customers from Australia and New Zealand.
An employee’s credentials were stolen, giving the attacker access to Latitude’s customer data, including full names, physical addresses, email addresses, phone numbers, dates of birth, driver’s license numbers and passport numbers.
Optus – The Optus data breach impacted 9.8 million customers, and raised questions about Australian data security policies and how companies handle them.
Cybercriminals breached Optus’ internal network and obtained access to personal data including names, birth dates, addresses, phone numbers, passport information, driver’s license numbers, Government ID numbers as well as medical records and Medicare card and ID numbers.
Medibank – an Australian health insurance giant was the victim of a major data breach that affected the personal details of 9.7 million customers.
This attack is thought to be linked to a well-known Russian ransomware group, the REvil ransomware gang. They released data on the dark web including names, birthdates, passport numbers, medical claims data and medical records.
The stakes are high. Boards must prioritise cyber-security to ensure sustainable growth and resilience.
We’ve put together 6 cybersecurity strategies for boards:
1. Education and training
Ensure board members have a solid understanding of cybersecurity risks and best practices. Educate them on the risks of phishing emails, the importance of strong passwords and the need to promptly report any suspicious activity. Regular training sessions and workshops are a great idea to keep your team informed about the evolving threat landscape.
2. Risk assessment and management
Conduct regular cybersecurity risk assessments to identify vulnerabilities and potential threats. Weigh the probability and costs of potential risks for the risk register. It can be helpful to hire a risk consultant to ensure you don’t miss anything vital and get an outside perspective.
Ensure serious risks are addressed with the right policies and procedures in place to prevent these risk events from occurring.
3. Incident report plan
Establish a well-defined incident response plan that outlines the steps to take in the event of a cyber incident. This should include communication protocols, containment procedures and steps for recovery.
Please find a guide from Certnz about creating an incident report plan here: https://bit.ly/3RX1MUi
4. Two-factor authentication
Enforce the use of two-factor authentication to ensure only authorised individuals can access the software. This adds an extra layer of security and helps to prevent unauthorised access – one of the most common cyber attacks.
5. Security audits and compliance checks
Conduct frequent security audits to evaluate the effectiveness of security measures in place. Ensure compliance with relevant cybersecurity frameworks, industry standards and legal requirements. Detecting and responding to unusual activity promptly can help prevent data breaches.
6. Cybersecurity culture
Promote a cybersecurity-aware culture across the organisation, encouraging all employees to be vigilant and report any suspicious activities promptly. Make cybersecurity an integral part of organisational ethos.
The Bottom Line
Cyber threats are constantly evolving, and new vulnerabilities emerge regularly. Staying vigilant and proactive is crucial. By implementing robust cybersecurity measures and fostering a culture of vigilance among your board members and staff, you can fortify your board data against cyber threats and maintain the confidentiality and integrity of your organisation’s most sensitive information.