Since the GDPR came into force back in 2018, data protection has become an even bigger issue for any organisation handling personal information. Not only are there huge fines to think about (approximately £1.4 billion has been paid as of 2022) data breaches cause disruption and public embarrassment that can be difficult to recover from.
It’s no wonder, then, that today’s boards want to know exactly how their companies are keeping customer data safe and working proactively to avoid cyber-attacks. Gone are the days when board would just ask questions like “is the network secure?” and “do we really need to spend that much on anti-virus software?” Today, everyone is much better informed about digital threats and their impact on an organisation’s reputation and finances….which means business leaders can now expect to be grilled a little bit more during board meetings.
Boards tend to care about three main areas: Revenue, Costs and Risks, so you can expect any questions about data security to be based around one – or all – of these. So, let’s take a look at some of the most common questions that are likely to come up.
“We’ve Had a Data Incident. How Did it Happen?”
Board members expect you to have everything under control, so when they find out it’s not, you can expect to be hauled over the coals. Data incidents have become more common since people started working from home, and boards will want to know you’re doing everything in your power to keep the reputation of your organisation intact.
The best way to respond to this question is to stick to the facts, but keep it brief. This is where it’s important to have an incident response policy in place, so you can clearly identify where things went wrong. Tell them what you know, how it’s impacted operations and – most importantly – what you’re going to do to make sure it doesn’t happen again.
“Is the Network Definitely 100% Safe Now?”
Unfortunately, in such a complex and constantly evolving threat landscape, it’s impossible for any organisation to say they’re completely immune to cyber-attacks. If your board members are asking this question and demanding that you give them 100% certainty, it’s important to put them straight – nobody can.
What you can do is reassure them that you have all the right systems and policies in place now, to ensure the risks are properly managed and reduced where possible without restricting operations. Tell them that as your organisation grows, so too will your level of security, and that you have the right software and security partners in place to keep things under control.
“How are We Doing Compared to Other Similar Organisations?”
With so many news stories about big name companies being hacked, it’s no wonder board members feel under pressure to ensure their businesses don’t end up in the headlines too. You can’t really second guess the details of what happened in other companies, but you can go away and do some research and bring it back to the next meeting.
Again, what’s really important here is that you’re able to identify any weaknesses in your own organisation and implement a robust new strategy accordingly.
“Are We Spending the Right Amount of Money on This Stuff?”
As we mentioned earlier, until recently, a lot of board members tended to be keen to see managers keep cost low and spend as little as possible on things like cyber security. Nowadays, the opposite tends to be true. Your board will want to know that you’re doing everything you can to keep your reputation, information and resources safe, which means carefully balancing out risks with a good ROI.
Conclusion
Board members are not ogres, honestly they're not ,but they will expect you to be able to answer burning questions and give them peace of mind that your organisation’s data is in safe hands. By having firm protocols and systems in place you’ll be able to prove you’re doing everything you can to protect the future of your company. To find out more about how to keep your business-critical data safe, contact our friendly team at Actisoft today.
Find out now how many of your users take the bait and reply to a spoofed email
Did you know that 60% of spoofed email attacks do not include a malicious link or attachment? When crafted well, most users are likely to fall victim to a highly targeted social engineering attack.
Try our Phishing Reply Test (PRT) it is a complimentary IT security tool that makes it easy for you to check to see if key users in your organisation will reply to a highly targeted impersonation attack.
PRT will give you quick insights into how many users will take the bait so you can take action to train your users and better protect your organisation from these fraudulent attacks!
Here's how it works:
- Immediately start your test with your choice of three phishing reply scenarios
- Spoof a Sender's name and email address your users know and trust
- Phishes for user replies and returns the results to you within minutes
- Get a PDF emailed to you within 24 hours with the percentage of users that replied
Identify how many users take the bait and reply before the bad guys do!