8 Cybersecurity Questions for the Board

By Dan May

Updated Over a Week Ago

Minute Read

Many would describe cybersecurity as one of the primary threats to modern businesses today. Vulnerabilities to cybercrime can impact a company’s share value, reputation, culture, staff, and financial stability. And yet, some business leaders do not understand or appreciate the importance of secure cyberspace.

You can stay on top as a leader by asking these eight cyber security questions in the boardroom:

1. Is There an Adequate IT Security Policy in Place?

Even the smallest businesses need to devote time to creating an IT security policy for their staff.

This should cover an array of factors:

  • Password guidance – use of numbers, letters, special characters, etc.
  • Regular password changes
  • Logging off and shutting down computers
  • Vigilance in recognizing unusual emails
  • Avoiding unknown/untrusted websites

2. Are We Providing Staff With Cybersecurity Training?

It’s not just the IT team that needs to be aware of cybersecurity threats. All employees who use a computer should be properly educated about what a cybersecurity breach could look like and the impact it could have on the business.

Training should include refreshers on the IT security policy, as well as case studies, any recent news about cyber attacks, and the importance of a human firewall.

3. Have We Identified Our Most Important Information Assets?

There are certain files and programs which contain particularly sensitive information, such as payroll and HR folders that house staff information (bank details, social security numbers, home addresses, etc.).

It’s a good idea to implement procedures to help adequately protect these, such as password-protecting folders and limiting the number of employees who can access them.

4. Does the IT team Perform Regular Checks?

Good cybersecurity practice would be to ask the IT team to carry out regular audits and keep their ear to the ground for information about any emerging cyber threats. This will facilitate an understanding of any existing vulnerabilities in your systems, as well as awareness of cyber-criminals’ methods and motivations.

5. Are We Prepared for an Attack ?

Even after investing time and money into cybersecurity, the sad fact is that businesses still need to be prepared in case they should experience a cyber attack. As well as procedural aspects such as ensuring all data is backed up somewhere, a discussion should be had about the best ways to recover from damage to your business’ reputation.

Consider ideas such as the prospect of moving to a new cybersecurity provider or sending staff on an IT security course in the event of a breach.

6. Is There a Culture of Information Sharing?

One of the most effective ways to battle cybercrime is to advocate a culture in which there is communication with other companies.

By entering into conversations with other relevant businesses – the most relevant might either be local or operating in the same sector – you could potentially help each other out. Sharing information about emerging threats or other new considerations could help protect everyone from cybercrime.

7. Does Everyone Know Board Members Are Targets?

Of all your staff, those sitting in the boardroom are likely to be the most at risk of a cyber-attack. Cybercriminals know that it’s the computers and devices used by directors that are likely to contain the most valuable information, whether this pertains to company accounts, staff details, or data about clients and customers. The board of directors should be aware of this so that they, too, can adopt an air of vigilance.

8. Have We Included Cybersecurity on the Risk Register?

The purpose of a risk register in business is to identify and assess all potential risks to your company. It often includes aspects such as budget and time. But many businesses forget to consider cyber threats at this stage. By including cybersecurity, you will help to initiate a culture in which cyber checks are made regularly, as well as abating any fears among your stakeholders.

A World Online

A staggering amount of both small and high-profile companies and institutions have been affected by cybersecurity breaches. These include Facebook, eBay, JP Morgan Chase, the Ohio State University, and the Washington Post, to name just a handful. These incidents indicate the fact that no organization is safe from the attention of cybercriminals.

The world today is increasingly becoming a world online, which means that cybersecurity has never been more important and should certainly not be disregarded in the boardroom.



How Can Leaders Handle Cybersecurity?

If you have ideas that you feel like sharing that might be helpful to readers, share them in the comments section below. Thanks!

Would you like to contribute a post?

About the author

Dan May

Dan May is the commercial Director at ramsac, providing proactive, secure, reliable IT solutions and support for charities and other growing organizations.

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

The Ultimate Leader Masterclass

Unlock  Your Management Team's Full Potential

With Proven Training That Transforms Managers into Exceptional Leaders

>