[ad_1]
While cyber security is an important issue for boards, it has not always been top of mind. Because there was a breach in the IT systems of a large corporation like Equifax, many companies are rethinking how they secure cyber security.
Boards around the world are investigating the Equifax case to determine how to best protect their organizations’ valuable information stored in their IT systems. So who is responsible? Since the CEO has stepped down, it is clear that he was being held accountable. However, where was the board of directors?
In today’s world of cyberspace, corporate boards have to think about more than governance, CEO compensation and strategy.
As it stands, it is in the best interests of the Board to ensure that the Company is not exposed to debilitating risks. Companies have workplace safety standards and sexual harassment policies in place to reduce lawsuits. They even have disaster recovery plans in place in the event of natural disasters or events like the World Trade Center plane crash. These plans and policies are meant to keep the business running smoothly and forever. This protects customers and employees.
However, with sophisticated computer hackers around the world, it is no news that computer systems and valuable information can be breached and stolen. There are hackers who break into computer systems as a business. They make ransom demands in the amount of millions of dollars. If it is not paid, they threaten companies to release protected information, which can sometimes include private email communications of top executives.
While enterprises as large as Equifax may have disaster recovery plans in place for their physical operations, they may not have a similar plan for a cyber breach. Disaster recovery policies will include immediate action steps based on the size of the breach, who committed the breach, what information was captured, whether company smart phones were breached, what happened to employees, the public and shareholders, as well as other important factors. To be communicated
In some cases, it makes sense to notify the FBI. In other cases, it may be better to pay the ransom. The challenge with calling the FBI is that the hackers may be in countries such as Russia. In Russia, the FBI can’t go after them. Why? Because the Russian government is always looking for good hackers. If the FBI uncovers hackers in Russia, the government could hire them, which could present long-term problems for the US. It’s tricky when it comes to paying the ransom. If you pay, they can hack you again as if you were an ATM machine. If you don’t pay, they may reveal confidential information. These are also challenges that directly involve the board.
Most importantly, the board is talking about cyber security before it becomes a problem. There should be frequent audit of cyber security system to mitigate any risk. Furthermore, as a board, they must hold the CEO accountable for that protection. In addition, there should be clear policies in place to guide the board and executive team on how to handle the various moving parts in a delicate situation. Boards with disaster recovery plans and CEOs with high accountability are more likely to be forward-thinking about cyber vulnerabilities and proactive about updating security systems.
[ad_2]