{"id":1429,"date":"2021-07-08T09:32:44","date_gmt":"2021-07-08T01:32:44","guid":{"rendered":"https:\/\/www.praxonomy.com\/blog\/?p=1429"},"modified":"2021-07-31T01:21:12","modified_gmt":"2021-07-30T17:21:12","slug":"protecting-the-boardroom-improving-the-cybersecurity-practices-of-the-board","status":"publish","type":"post","link":"https:\/\/www.praxonomy.com\/blog\/protecting-the-boardroom-improving-the-cybersecurity-practices-of-the-board\/","title":{"rendered":"Protecting the Boardroom: Improving the Cybersecurity Practices of the Board"},"content":{"rendered":"\n

Cybercriminals continue to target boards today. From complex phishing attacks (e.g. whaling) to information theft over unsecure connections, boards need to exercise vigilance as they go about executing their governance duties. There is much at stake when it comes to board security, especially since they handle such sensitive and confidential information. <\/p>\n\n\n\n

Below are some items for the boards to consider to limit the possibility of falling victim to cyberthreats and crimes. <\/p>\n\n\n\n

Manage assets via the ‘principle of minimisation\u2019 <\/strong><\/h2>\n\n\n\n

Board members should be made aware of the principle of minimisation, as applied against a cybersecurity context. This <\/a>excerpt describes the principle succinctly:<\/p>\n\n\n\n

Minimisation improves security by reducing the number of things that can go wrong, the number of points open to attack, the duration of high-risk exposure, the value of the assets you have to protect, <\/sup>and the consequences of failures. Every piece of information you store and every bit of complexity you add comes with a cost, and those costs must be weighed against the benefit that the addition provides.<\/em><\/p>\n\n\n\n

Minimisation can be applied to the management of assets. For instance, as an individual reduces the number of assets on their network (home or otherwise), along with the applications or services that run on them, the more difficult it will be for cybercriminals to access the network and compromise systems. This is what’s called “reducing one\u2019s attack surface.<\/a>\u201d<\/p>\n\n\n\n

How might this apply to boards? Directors and other board members are better-off security-wise if they minimise the number of devices that they use. It would be prudent as well to make an inventory of essential applications on those assets and uninstall those that are not utilised. The objective is to limit the opportunity for exploits.<\/p>\n\n\n\n

The risks of email<\/strong><\/h2>\n\n\n\n

From a security and technical standpoint, the use of email is often problematic when dealing with sensitive information. Apart from it being unsecure by design<\/a>, there is the factor of human error associated with its use. <\/p>\n\n\n\n

Directors can inadvertently send emails to unintended recipients. It\u2019s not uncommon as one might think. A recent Egress<\/a> report stated that eighty percent (80%) <\/strong>of organizations reported sensitive data being put at risk due to the wrong recipient being added on an outbound email. This can be potentially damaging to an organisation. <\/p>\n\n\n\n

In addition, board members have long been targets of whaling scams. Whaling<\/a> is a type of phishing scam that targets C-suite and board level individuals\u2014typically the \u201cbig fish\u201d of organisations. Falling for such scams is enough to disrupt and jeopardise an entire company\u2019s operations. (For more information on the risks of email use for board members, download our email security ebook here<\/a>.)<\/p>\n\n\n\n

This is where the use of a highly-secure, centralised, board-specific platform can be of value. <\/p>\n\n\n\n

A board portal<\/a>, or board management software, is a centralised, online hub designed for board secretaries and directors to organise and manage meetings, access documents, and communicate with each other in a highly-secure environment.<\/p>\n\n\n\n

Most board portals have their own messaging functionalities. Boardlogic<\/a>, for example, allows directors to communicate with each other from within the platform. In addition, important files and meeting records\u2014for example, the agenda, meeting minutes, board pack\u2014are located in the board portal itself. Such features greatly reduce the reliance on email as a communication channel for board-related activities. Since board portals are a secure, closed system with access confined to directors, company secretaries and senior executives, data breaches and leakages are minimised. <\/p>\n\n\n\n

Transition to secure, paperless board packs<\/strong><\/h2>\n\n\n\n

Paper-based or printed board packs are a security liability in more ways than one. They can land in the wrong hands if they get lost or stolen. Some companies do resort to electronic versions of board packs, but place them on cloud storage services such as Google Drive as an alternative. Unfortunately, this still makes them susceptible to cybercriminals who target those types of platforms.<\/p>\n\n\n\n

It is much easier to securely manage digital board packs from within a board portal solution. The most secure board board portals encrypt data in transit and at rest. In the unlikely event of a board portal data breach, information remains \u201cunreadable\u201d to third parties without unique decryption keys\u2014rendering it useless to hackers and unauthorised individuals. <\/p>\n\n\n\n

It is also worth mentioning that if a board member’s device is lost or stolen, some board portal platforms (like Boardlogic) can remotely disable the device’s access to the application. This provides some level of assurance that board information still remains safe even in such scenarios.<\/p>\n\n\n\n

Train the board<\/strong><\/h2>\n\n\n\n

Employees of many organisations typically undergo security training to introduce and establish the cyberrisk culture of the company. They are also given an in-depth understanding of the technology protocols needed to keep the business safe. A security training process tailored for the board can be beneficial as well. This ensures all directors are on the same page. Training can help establish baseline security practices expected from the board.<\/p>\n\n\n\n

Conclusion<\/strong><\/h2>\n\n\n\n

Most boards understand the need to establish a proactive, defensive cybersecurity framework for the organisations they lead. This is important. But it is also necessary to pull back the reins and determine whether the board itself does what it can to protect the organisation through its own security practices. It merits a hard-look at members\u2019 digital hygiene<\/a>, and an honest assessment of any gaps or lapses that need to be addressed. Security always begins at the top and given what\u2019s at stake at the board level, the rest of the organisation\u2014along with its stakeholders\u2014cannot be faulted for expecting anything less.<\/p>\n\n\n\n

 <\/p>\n\n\n\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

Board members need to adopt a risk-oriented mindset when it comes to their own security practices. Here are some concepts that can be put to practice in order to keep the boardroom safe.<\/p>\n","protected":false},"author":2,"featured_media":1432,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_lmt_disableupdate":"","_lmt_disable":"","_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1,4],"tags":[],"yoast_head":"\nProtecting the Boardroom: Improving the Cybersecurity Practices of the Board - Praxonomy<\/title>\n<meta name=\"description\" content=\"Boards need to adopt a security-conscious mindset when executing their governance duties. Here's how board members can protect the boardroom.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.praxonomy.com\/blog\/protecting-the-boardroom-improving-the-cybersecurity-practices-of-the-board\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Protecting the Boardroom: Improving the Cybersecurity Practices of the Board\" \/>\n<meta property=\"og:description\" content=\"Boards need to adopt a security-conscious mindset when executing their governance duties. Here's how board members can protect the boardroom.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.praxonomy.com\/blog\/protecting-the-boardroom-improving-the-cybersecurity-practices-of-the-board\/\" \/>\n<meta property=\"og:site_name\" content=\"The Boardlogic Blog | News, Updates, Industry Insights and Best Practices.\" \/>\n<meta property=\"article:published_time\" content=\"2021-07-08T01:32:44+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-07-30T17:21:12+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.praxonomy.com\/blog\/wp-content\/uploads\/2021\/07\/linkedin-protecting-the-boardroom.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2400\" \/>\n\t<meta property=\"og:image:height\" content=\"1254\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Carissa Duenas\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Protecting the Boardoom: Improving the Cybersecurity Practices of the Board\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.praxonomy.com\/blog\/wp-content\/uploads\/2021\/07\/linkedin-protecting-the-boardroom.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Carissa Duenas\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.praxonomy.com\/blog\/protecting-the-boardroom-improving-the-cybersecurity-practices-of-the-board\/\",\"url\":\"https:\/\/www.praxonomy.com\/blog\/protecting-the-boardroom-improving-the-cybersecurity-practices-of-the-board\/\",\"name\":\"Protecting the Boardroom: Improving the Cybersecurity Practices of the Board - Praxonomy\",\"isPartOf\":{\"@id\":\"https:\/\/www.praxonomy.com\/blog\/#website\"},\"datePublished\":\"2021-07-08T01:32:44+00:00\",\"dateModified\":\"2021-07-30T17:21:12+00:00\",\"author\":{\"@id\":\"https:\/\/www.praxonomy.com\/blog\/#\/schema\/person\/c7f1e6afbb97d79f23850d7938b6d748\"},\"description\":\"Boards need to adopt a security-conscious mindset when executing their governance duties. Here's how board members can protect the boardroom.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.praxonomy.com\/blog\/protecting-the-boardroom-improving-the-cybersecurity-practices-of-the-board\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.praxonomy.com\/blog\/protecting-the-boardroom-improving-the-cybersecurity-practices-of-the-board\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.praxonomy.com\/blog\/protecting-the-boardroom-improving-the-cybersecurity-practices-of-the-board\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.praxonomy.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Protecting the Boardroom: Improving the Cybersecurity Practices of the Board\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.praxonomy.com\/blog\/#website\",\"url\":\"https:\/\/www.praxonomy.com\/blog\/\",\"name\":\"The Boardlogic Blog | News, Updates, Industry Insights and Best Practices.\",\"description\":\"The official blog for news, updates, industry insights and best practices from Boardlogic by Formidium \u2014 board meeting management software\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.praxonomy.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.praxonomy.com\/blog\/#\/schema\/person\/c7f1e6afbb97d79f23850d7938b6d748\",\"name\":\"Carissa Duenas\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.praxonomy.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.praxonomy.com\/blog\/wp-content\/uploads\/2020\/12\/carissa-dueanas-150x150.jpg\",\"contentUrl\":\"https:\/\/www.praxonomy.com\/blog\/wp-content\/uploads\/2020\/12\/carissa-dueanas-150x150.jpg\",\"caption\":\"Carissa Duenas\"},\"description\":\"Carissa is a marketing consultant and content contributor for Praxonomy. She began her management consulting career at Accenture and has since worked in a consultant capacity for leading organisations in the technology sector and communications space. She is a contributor to The Globe and Mail, Canada\u2019s leading national daily.\",\"url\":\"https:\/\/www.praxonomy.com\/blog\/author\/carissa\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Protecting the Boardroom: Improving the Cybersecurity Practices of the Board - Praxonomy","description":"Boards need to adopt a security-conscious mindset when executing their governance duties. Here's how board members can protect the boardroom.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.praxonomy.com\/blog\/protecting-the-boardroom-improving-the-cybersecurity-practices-of-the-board\/","og_locale":"en_GB","og_type":"article","og_title":"Protecting the Boardroom: Improving the Cybersecurity Practices of the Board","og_description":"Boards need to adopt a security-conscious mindset when executing their governance duties. Here's how board members can protect the boardroom.","og_url":"https:\/\/www.praxonomy.com\/blog\/protecting-the-boardroom-improving-the-cybersecurity-practices-of-the-board\/","og_site_name":"The Boardlogic Blog | News, Updates, Industry Insights and Best Practices.","article_published_time":"2021-07-08T01:32:44+00:00","article_modified_time":"2021-07-30T17:21:12+00:00","og_image":[{"width":2400,"height":1254,"url":"https:\/\/www.praxonomy.com\/blog\/wp-content\/uploads\/2021\/07\/linkedin-protecting-the-boardroom.jpg","type":"image\/jpeg"}],"author":"Carissa Duenas","twitter_card":"summary_large_image","twitter_title":"Protecting the Boardoom: Improving the Cybersecurity Practices of the Board","twitter_image":"https:\/\/www.praxonomy.com\/blog\/wp-content\/uploads\/2021\/07\/linkedin-protecting-the-boardroom.jpg","twitter_misc":{"Written by":"Carissa Duenas","Estimated reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.praxonomy.com\/blog\/protecting-the-boardroom-improving-the-cybersecurity-practices-of-the-board\/","url":"https:\/\/www.praxonomy.com\/blog\/protecting-the-boardroom-improving-the-cybersecurity-practices-of-the-board\/","name":"Protecting the Boardroom: Improving the Cybersecurity Practices of the Board - Praxonomy","isPartOf":{"@id":"https:\/\/www.praxonomy.com\/blog\/#website"},"datePublished":"2021-07-08T01:32:44+00:00","dateModified":"2021-07-30T17:21:12+00:00","author":{"@id":"https:\/\/www.praxonomy.com\/blog\/#\/schema\/person\/c7f1e6afbb97d79f23850d7938b6d748"},"description":"Boards need to adopt a security-conscious mindset when executing their governance duties. Here's how board members can protect the boardroom.","breadcrumb":{"@id":"https:\/\/www.praxonomy.com\/blog\/protecting-the-boardroom-improving-the-cybersecurity-practices-of-the-board\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.praxonomy.com\/blog\/protecting-the-boardroom-improving-the-cybersecurity-practices-of-the-board\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.praxonomy.com\/blog\/protecting-the-boardroom-improving-the-cybersecurity-practices-of-the-board\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.praxonomy.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Protecting the Boardroom: Improving the Cybersecurity Practices of the Board"}]},{"@type":"WebSite","@id":"https:\/\/www.praxonomy.com\/blog\/#website","url":"https:\/\/www.praxonomy.com\/blog\/","name":"The Boardlogic Blog | News, Updates, Industry Insights and Best Practices.","description":"The official blog for news, updates, industry insights and best practices from Boardlogic by Formidium \u2014 board meeting management software","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.praxonomy.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/www.praxonomy.com\/blog\/#\/schema\/person\/c7f1e6afbb97d79f23850d7938b6d748","name":"Carissa Duenas","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.praxonomy.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/www.praxonomy.com\/blog\/wp-content\/uploads\/2020\/12\/carissa-dueanas-150x150.jpg","contentUrl":"https:\/\/www.praxonomy.com\/blog\/wp-content\/uploads\/2020\/12\/carissa-dueanas-150x150.jpg","caption":"Carissa Duenas"},"description":"Carissa is a marketing consultant and content contributor for Praxonomy. She began her management consulting career at Accenture and has since worked in a consultant capacity for leading organisations in the technology sector and communications space. She is a contributor to The Globe and Mail, Canada\u2019s leading national daily.","url":"https:\/\/www.praxonomy.com\/blog\/author\/carissa\/"}]}},"modified_by":"Carissa Duenas","_links":{"self":[{"href":"https:\/\/www.praxonomy.com\/blog\/wp-json\/wp\/v2\/posts\/1429"}],"collection":[{"href":"https:\/\/www.praxonomy.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.praxonomy.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.praxonomy.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.praxonomy.com\/blog\/wp-json\/wp\/v2\/comments?post=1429"}],"version-history":[{"count":16,"href":"https:\/\/www.praxonomy.com\/blog\/wp-json\/wp\/v2\/posts\/1429\/revisions"}],"predecessor-version":[{"id":1487,"href":"https:\/\/www.praxonomy.com\/blog\/wp-json\/wp\/v2\/posts\/1429\/revisions\/1487"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.praxonomy.com\/blog\/wp-json\/wp\/v2\/media\/1432"}],"wp:attachment":[{"href":"https:\/\/www.praxonomy.com\/blog\/wp-json\/wp\/v2\/media?parent=1429"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.praxonomy.com\/blog\/wp-json\/wp\/v2\/categories?post=1429"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.praxonomy.com\/blog\/wp-json\/wp\/v2\/tags?post=1429"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}