A version of the below excerpted article originally appeared in Security Roundtable.
You’ve been recently elected to the board of an exciting and growing company. As a new board member, you're thrilled to be working with a team focused on data privacy and cybersecurity. However, in the midst of this excitement, it occurs to you: “Am I now a target for cybercriminals? What can I do to ensure the confidential information I have access to is safeguarded and protected?”
Your concerns are valid. As vice president and regional chief security officer for Asia-Pacific at Palo Alto Networks, Sean Duca notes in his recent Security Roundtable article, board members are often targeted for the following reasons:
- Value of the data to which they have access: Board members have access to information that is sensitive, timely and important to the organization.
- Ability to influence: Hackers sometimes impersonate influential people in creative phishing lures. An email from a board member is likely to get opened, compromising other areas within the company.
- “Non-employee” status: If a board member is not an employee of an organization, the board member may bring unprotected personal devices to meetings. Additionally, board members do not participate in the security training other employees do, making them easier targets.
Despite these risks, Sean points out that asking these key questions can help board members think critically about the safety of their sensitive data:
- What is the value of the information to which we have access?
- How are we getting access to that information?
- How is that information protected?
- Given the sensitivity of the information, do we think it is protected enough?
Cyber hygiene emanates from the top down. As a board member, asking the right questions protects sensitive information and improves the organization’s overall security posture.
Read the rest of Sean Duca’s article at Security Roundtable.