Cybersecurity roles for board members

Blog, Security

Cyber-threats and data breaches can cause major disruptions to large and small companies. Today, businesses are being forced to adapt. What used to be the standard — relying on modern firewalls and insulating key corporate functions — has given way to a far more robust, strategic approach. The biggest threats in cybersecurity are coming from business email intrusions and ransomware.

“We’re seeing an increased risk across all sizes of organizations with regards to cyber security. Hackers and criminal enterprise have become increasingly aggressive with tactics. Because of this, boards are asking CEOs to prepare a response for ‘when,’ not ‘if’ a cyberattack occurs,” says Concertium CEO Carren Rieger.

As a result, cybersecurity has become a key area of focus for business leadership teams including the boards of directors. The risk to a company has reached a level where the security of a firm’s data system and protection of its customer data is becoming a key oversight responsibility for board members. As part of the role’s legal requirements, board members must be actively engaged in maintaining the resources and strategy necessary to ensure the firm’s cybersecurity.

Board members and cybersecurity responsibilities

Regarding cybersecurity, board members’ responsibilities encompass three main areas:

  • Be proactive
    Ensure the company is taking proactive steps towards protecting all private data of clients, employees, vendors, and the company itself
  • Hold top executives accountable
    Require accountability by key executive leadership members for a robust contingency plan in the event of an electronic security breach
  • Engage legal and IT expertise
    Retain good legal counsel and technical consultants to conduct audits of the data security system on a regular basis and deliver strategic advice on current best practices of cybersecurity

The best boards engage in active discussions about investing to secure key technology and data rather than leaving the company open to the risks of security breaches.

Concertium’s Rieger: “The tech stack changed in 2021 and brought with it a whole range of new tools to fight hackers and protect data. Boards will need to be conversant in concepts like dark web monitoring, security information and event management (SIEM), and working with executive teams to protect core communications, including an employee’s cell phone.”

Data breach responsibilities

How should board members approach the responsibility of ensuring the fidelity of their firm’s data and tech resources? The best way to explore this is to look at the trail of information a company touches and how that information can be compromised, then build a plan to protect it.

To help ensure fidelity and security of a firm’s tech resources, it’s valuable to look at the three complementary parties typically involved:

  • Customer
    End customer or user of the service (an individual or an organization)
  • Data owner
    A business that provides service or products to a company (a wide range of retail firms such as Walmart, tech firms like Microsoft, or service companies including real estate and law firms)
  • Data holder
    A third-party cloud service provider providing hosting (storage, application, hardware) for the data owner (e.g., Apple iCloud Microsoft Azure Cloud Storage or OneDrive, Dropbox)

All companies are getting hacked

No firms are immune to cyberattacks, as cybercriminals constantly seek new ways to exploit pathways to steal sensitive and valuable electronic information from a firm and/or its customers.

In recent years, huge corporations — including Amazon, Apple, Costco Wholesale, and AT&T — have all been hacked, as well as CVS Health, Berkshire Hathaway, BP, Industrial & Commercial Bank of China, and many others. Smaller firms have been impacted by breaches as well, including organizations ranging from small municipalities and non-profits to family-owned businesses with low profiles. In addition, hackers have targeted law firms and other professional firms where sensitive data and files are being shared.

What Concertium can do for you

Let us know if we may be able to assist your company. We’re here as a consulting resource, an IT security provider, and training resource. Call us and we can discuss the ways in which Concertium can assist companies and their board members with cybersecurity. We can help with the following:

  • Evaluate your current cyber security posture
  • Help execute a cybersecurity plan
  • Assist in an evaluation of the risk and costs to restore business operations
  • Board and employee training on cybersecurity topics
  • General security assessment
  • Design a customer action/security plan
  • Dark web scanning services
  • Manage protection and response
  • Manage network security
  • Provide 24x7x365-managed SIEM and Security Operations Center
  • Compliance readiness
  • Vulnerability remediation
  • HIPPA/ Security Awareness training
  • Penetration testing for security weaknesses
  • Assistance in developing policies and procedures