KPMG review shows bank profit plateau for 2023
Banking sector review challenges New Zealand directors to add value to their organisations.
Board security 101
Are board members a bigger threat to their organisation’s cyber security than staff?
Board members are potentially a bigger threat to a company than its staff, especially if you consider the value of the information they have access to. Pair this with the fact that most directors are operating outside of the security controls that a regular employee is protected by, and the risk becomes quite serious.
In 2016, Salesforce board member Colin Powell had his emails compromised, which saw correspondence and files leaked to the internet. Included in the breach was a confidential document from Salesforce, which outlined Mergers & Acquisitions targets. The incident was not only highly embarrassing for Salesforce but highlights the potential consequences if a hacker set their sights on a Director as a target.
There are certain things you should have in place to protect yourself, and the data of the various businesses whose boards you serve on, from online threats and accidental breaches.
Here’s our checklist of key things to address:
Device Security
If you’re using a personal device, such as a laptop or mobile phone, to access board matters, make sure you’ve equipped it with the right security controls. At a minimum, you should have a good antivirus solution in place, make regular software updates, enable Multi Factor Authentication (MFA), and use good strong passwords. Don’t let others use your device, such as family member, who might inadvertently click on a bad link or unsecure site.
Working in public
Being aware of your surroundings when working from hotels, airports and cafés is imperative. Log off your device whenever you step away from it, even if only for a moment - if you leave your laptop open a stranger can do a lot of damage in a very short amount of time. Likewise, be wary about who can see your screen, and don’t look at confidential material in open places – you’d be amazed what the person behind you on a plane is able to see on your screen if they peep over your shoulder.
Likewise, it’s worth remembering there are risks using third party Wi-Fi networks. Some wireless networks may use older standards for encryption, which are susceptible to being hacked. Using a VPN is a safer option if you need to connect to public Wi-Fi or use your hot spot.
Paper documentation
The security of paper documentation is just as important. Consider where you are going to store board papers at home and make sure when you no longer need the documents, you securely dispose of them. Sensitive material should never just go into the recycling or rubbish bin - shred it, rip it up or burn it, or take it back into a workplace with proper document disposal bins.
Email security
Do you use your personal email, or a free email account, when emailing about board matters? Take steps to make sure it’s as secure as possible. Use a long, strong passphrase that’s difficult to guess (or use a password manager) and add an extra layer of protection via MFA. The risks are two-fold here - aside from having your emails leaked, a hacker may compromise your email account with the intention of posing as you to target a further victim.
Phishing scams
Watch out for phishing emails from criminals pretending to be an executive, like the CEO or CFO of a company you sit on the board for. Hackers are employing some sophisticated social engineering tactics these days, and it’s not uncommon for them to mimic a legitimate contact of yours to gain your trust. Double check the sender on an email to make sure the address is correct and be wary of any requests for financial or sensitive information.
Related content
