Board members and the C-suite are key targets for cyber-threat actors, due to their access to highly sensitive information. Yet too many of them are putting their organizations in harm’s way with daily use of personal email to communicate sensitive topics. Senior executives aren’t just taking the occasional risk; they are working in a permanent state of risk.
The reality is that today’s boards are intrinsically linked to risk management of their organizations – including cyber risk, third-party risk, supply chain risk and a plethora of responsibilities like ESG, compliance, and diversity and inclusion. This means it’s vital they have complete control of confidential communications and can securely share information and data for the most effective collaboration – particularly to elicit a fast response and recovery in the event of a security breach.
Why the cyberthreat landscape is different for nonprofit and for-profit organizations
For-profit and nonprofit organizations face some of the same cybersecurity challenges. Phishing remains the most common threat vector and the risk of being hit by a ransomware attack is increasingly higher each year.
But unlike for-profit organizations, the boards of nonprofits not only handle highly sensitive information like donor information and fundraising data, but also rely heavily on the trust and goodwill of their benefactors. This means the fallout of a data breach is not just monetary; there’s also the possibility of donors pulling out after a security incident or prospective benefactors avoiding the organization in the wake of a breach – and the people relying on the charity’s work suffering as a result.
Nonprofit organizations are increasingly becoming a target for cyber criminals. In fact, according to the 2022 Cyber Security Breaches Survey, 26% of UK charities estimate they were attacked at least once a week. But with less access to staffing and monetary resources in comparison to its for-profit counterparts, the challenge of data security and cyber resilience is compounded.
Considering the increase in attacks on nonprofits and the level of classified information such organizations handle, one would expect board members to be fully aware of and to embrace best practices for digital projects and transformation and to mitigate operational risk. The solution is modern governance, which empowers organizations with the tools they need to safeguard data, streamline collaboration, and ultimately, drive better decision-making.
What are the key security challenges organizations are facing?
Irrespective of industry or the makeup of an organization, it’s widely known that security is one of the biggest threats facing any digital environment. The pandemic has physically distanced devices and networks and made it harder to lock-down perimeter digital defenses, exposing all companies to the increasing risk of costly ransomware attacks.
It is imperative to focus on building a culture of security which sees dedicated cybersecurity tools backed-up by human vigilance and understanding of threat levels. Here are some specific security challenges board executives and their teams are facing:
- Working in silos increases security risks: It’s typical for organizations to have a siloed approach to legal, technology and data security, which creates gaps. With a 100% chance of being targeted through phishing emails and the UK government reporting that more than 75% of the UK’s largest charities experienced a cyberattack in the year to March 2022, having legal and technology teams poorly-aligned offers weak protection against increasingly intelligent threat actors. This unconnected approach further weakens the response to a potential cyberattack or breach, as robust collaboration of relevant teams is needed to affect a rapid response. However, this must be in place before an attack for a seamless recovery.
- The virtual world accelerates need for secure collaboration: Legacy communication tools such as email and text messaging are standard practice for senior organizational communication and collaboration. Yet working from anywhere has heightened the risk of insider-initiated breaches – through human error or malicious privilege misuse.
- Internal mistakes continue to present a huge risk: According to a recent study by Stanford University and Tessian found that 85% of data breaches are caused by human error. It is critical that employees or volunteers have regular cyber hygiene training. Information could accidentally be sent to the wrong person, or someone could attach the wrong file to an email. Users may also mistakenly send data to someone who isn’t authorized to have it. When staff or volunteers make computer mistakes or don’t follow protocols, it takes the data out of the control of the organization, and they can be costly mistakes.
Data governance for a distributed digital world
For nonprofits that operate in multiple locations, the right access privileges and centralized data systems are critical to effective data governance. Security pros are fast realizing the need to streamline and secure collaboration and communication tools.
With data arguably an organization’s most important asset, finding the right technology solution to guard it is a considered investment. Below are the key features necessary for a superior data governance strategy to ensure boards, executives and their teams can collaborate securely, make agile decisions, and mitigate risks:
1. Ensure communication is encrypted
An encrypted, real-time, messaging platform is the most effective way for secure collaboration and is essential for one-to-one or group board communication. As sensitive data in transit is more exposed to phishing attacks and password hacks, encryption converts this “plain text” data into a character-based, cryptographic key. It’s imperative that your technology partner is ISO 27001-certified, this being the gold standard for digital security. Other important features include the ability to revoke messages and “view-only” attachments. In this way, attachments cannot be downloaded, saved, exported, captured via screenshot, copied, or forwarded to other users. Always ensure the messaging platform is accessible via phone, iPad, or desktop for both SMS texting and email.
2. Check platforms are integrated
With sensitive information in disparate places – emails, devices, and systems – security risks are increased. It’s best to select a communication solution that combines messaging, chat, collaboration, and data storage, all contained within a single network of connected platforms. A solution that connects this secure messaging platform to file-sharing systems and board management software provides a central workstream for company leaders. All sensitive updates, conversations, and documents are drawn out of unsecured channels like email to minimize risk.
3. Ensure the solution is easy to use/adopt
Poor usability is a barrier to collaboration and adoption of the secure system. To ensure board adoption, establish that the chosen communication solution can emulate the functionality and design of everyday apps and systems such as email and can provide updates and notifications in real-time. It’s also important to be able to support communication across groups, such as one-to-one, committees, full board, or executive team. Thorough training on product use and cyber hygiene is critical to ensure that correct usage is maintained.
4. Ensure it can minimize weak links
With board members frequently losing or misplacing devices and the added risk of stolen identity, these incidents shouldn’t be overlooked in terms of irreparable consequences and financial costs they can cause. The communication solution must therefore allow an administrator to remotely “wipe” lost or potentially compromised devices.
5. Ensure it meets the standards of your security team
Guaranteeing the proposed solution meets the stringent approval of the IT team adds an extra layer of assurance that the organization is adequately protected. CIOs and CISOs should ask about access and authorization, and admin control for access rights. They should find out the process for messages to be retained and deleted, check if data is backed-up across remote, geographically dispersed locations and if the provider offers real-time, 24/7 intelligence on data performance. The solution must meet the board’s needs in terms of password strength and lockout policies.
Secure collaboration tools that empower the board
Amidst the increasing risks and spiraling costs of cybersecurity breaches, boards, executives, and their teams must be able to collaborate securely, day-to-day, to drive digital transformation without compromising on immediate access to the most confidential data.
Modern governance can equip organizations with the dedicated tools they need to securely streamline collaboration, manage subsidiary and entity data, and deliver insights that empower company leaders to make better decisions – all while protecting what’s theirs.