, , ,

Your board members are a cybersecurity liability — here’s what to do

To those who run or serve on corporate, local government or non-profit boards:

Your board members are at risk, and this places your organizations at risk. Your board members could be targeted by spearphishing (that is, directed personalized attacks) or other hacking because

  • They are often not technologically sophisticated
  • They have access to valuable information
  • If they are breached, you may not know
  • Their email accounts and devices are not locked down using the enterprise-grade cybersecurity technology used to protect employees

In other words, they have a lot of the same information and access as executive employees, but don’t share in their protections. Even if you give them a corporate email address, their laptops, desktops, phone, and tablets are not covered by your IT cybersecurity systems.

Here’s an overview article I read today. It’s a bit vague but it does raise the alarm (and prompted this post). For the sake of the organization, it might be worth spending some small time at a board meeting on this topic, to raise the issue. But that’s not enough.

What can you do, beyond raising the issue?

  • Provide offline resources and training to board members about how to protect themselves from spearphishing
  • Teach them to use unique strong passwords on all their devices
  • Encourage them to use anti-malware solutions on their devices
  • Provide resources for them to call if they suspect they’ve been hacked

Perhaps your IT provider can prepare a presentation, and make themselves available to assist. Consider this issue in the same light as board liability insurance: Protecting your board members is the good for the organization.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *