We’ve been hearing of so many breaches over the last few years and even months. These are true signs that warn us about how rapidly the cybersecurity industry is progressing. As each day goes by, there are new devices that are connected to the internet. And as newer devices get connected to the internet, there are newer methods of exploitation that are being researched and invented every day. The truth is, you are never going to be completely safe. In fact, one of the most dangerous cyber exploits today is not done remotely via the internet, it’s something that is close in your vicinity and that’s the untouchable mindset.
Having said that, if you are part of the board in your company, here’s a checklist of questions about cybersecurity that you should bring up during your next board meeting.
1. Do we have the information we need to oversee cyber risks?
A recent survey conducted by PWC indicated that only thirty-six percent of board members have confidence in their company’s reporting of cybersecurity metrics. We live in an age where data is the key to business survival. This question asked at a board meeting sets the premise of all other questions to follow. Any action or decision must be taken by informed decision making. Ensure you have a strong team in place that understands cybersecurity to give you a full account report on your business's cybersecurity strategy and infrastructure.
2. How effective is our cybersecurity strategy at addressing business risks?
Following our question of adequate information to oversee cybersecurity, boards need to ask management about the company’s strategy for addressing data security. It is imperative to have versatile minds in your cybersecurity team to ensure that all aspects of your cybersecurity are knitted tight. These days you get hackers starting from the early ages of 5 and over. Count no one out. Arrange for the best team, get the most brilliant minds and ensure that you have a detailed cybersecurity plan in place.
3. How do we protect sensitive information handled and stored by third-party vendors?
According to PWC's survey, employees are still the largest security risk. However, the number of incidents attributed to business partners is rapidly increasing. Is your security team vetting vendors partnering with your business thoroughly? Are you carrying out regular audits with all your vendors? Ensure that you detail all these questions and more to maintain strict policies that prevent biting you at a time you least expected.
4. Do we have cyber insurance?
As a Board member, you need to understand the scope and details of the company’s cybersecurity insurance policy. Part of an insurance plan is not just to insure your physical assets from a cyber threat. Ask your team if they have the tools and infrastructure that monitor your security parameters on regular if not real-time basis. Investing in the right technology and the team could be your insurance policy to a safe cybersecurity environment.
5. Do we have the right data governance strategy to minimize cyber risk?
This question evolves directly out of question 1. You have all the information, whats your governance strategy? Boards and company management should review current data management and storage processes and fill any gaps that may exist. Ensure that all teams in your business are aligned with your security data and policies.
6. How do we stay current on the cyber threat landscape?
Collaborating on cybersecurity knowledge sharing practices is a great way to get your business up to speed with the current cyber threat landscape. Experts have established by now that this is a constantly evolving landscape and one of the best ways to keep informed is to ensure everyone is sharing adequate information and industry best practices.
7. Do we have a tested cyber breach response plan?
One of the key questions to ask during your board meeting is if your business has a good response strategy. Have we run cyber-attack simulations on our systems? Any bug bounty programs? What is your QRF strategy when you have been breached? Detail these questions as much as possible to ensure that you minimize the damage that's done post-breach. This question is key because it demonstrates preparedness.
Robert S Mueller - Ex FBI Chief said 'There are only two types of companies: Those that have been hacked and those that will be hacked'.
Which category does your business belong to?
There you have it, 7 questions that you must ask at your next board meeting. Did we miss out any other questions that are also important? Do let us know in the comments below. Happy and secure board meeting!