Quick tips to improve your Board's Cyber Security Awareness
Boards of directors have a legal responsibility to protect their corporations against Business Risk, in particular, safeguarding assets and shareholder value. However, sometimes if you are a CISO, it is a challenge to communicate your priorities to the board. We provide you here with some quick tips to ensure your board knows more about cybersecurity and how to act upon it.
- Encourage your board to focus on risks, not on security. Speak the language of the board, which is the risk terminology
- Provide context and comparison. Your board would naturally like to benchmark their performance against the industry. What is the norm? Are we doing well? How much is it reasonable to spend?
- Develop KPIS and storytelling. Again, whatever KPIs are right for your company, make them relevant to risk.
- Change how we think about Cyber. In the same way that sometimes you feel ill, sometimes you do get breached. It will happen, eventually, so you will need to prepare a remediation plan and move forward. You would not go without health insurance- isn’t it?
- Change how you talk about cyber. Speak the language of the board, we couldn’t reiterate more. The board is concerned about price to earnings ratios, new product launches etc. Make sure you relate to these concepts when you put forward things like budgets requests.
- Ensure there is a comprehensive data protection policy, and that your incident response plans are tested
- Ensure the board is engaged in cybersecurity. This demonstrates how the board is meeting its duties
- Put resources in place and make sure you provision for things like cyberinsurance.
- Use the news headlines as teachable moments for the board audience. ‘’It could have been us’’.
Understanding cybersecurity is no small task. If you have any questions do not hesitate to contact us for a chat.
Related Articles
A new Windows vulnerability actively exploited using phishing attacks
Early this month Microsoft has published a note on a critical vulnerability that allows attackers to fully gain access to the user device known as MSHTML remote code execution and CVE-2021-4...
MoreWindows zero-day vulnerability HiveNightmare aka SeriousSAM
HiveNightmare is one of the Windows zero-day vulnerabilities that is currently exploited in the wild. It is also known as SeriousSAM (CVE-2021-36934) due to the nature of the attack includes...
MoreWe are nominated - Making the Difference award through the Northern Star Business Awards AGCC
The finalists have been announced for the Northern Star Business Awards, the Chamber’s annual accolades for successful businesses in the region and TechForce has been shortlisted for Making ...
MoreKaseya REvil Ransomware Attack From Our Cybersecurity Specialist Harsh Panchal
Kaseya is one of the largest Managed Service Providers (MSPs) who manages and provides various IT and Cybersecurity services around the world. One of the services is called Kaseya VSA.
More
FOR LATEST UPDATES SUBSCRIBE HERE: