Corporate Boards Revise Policies in Light of COVID-19 Cybersecurity Scares

Corporate board involvement in IT matters can vary greatly but might become more invasive in the coming years. The latest coronavirus scares has enhanced the visibility of these issues for organizational leaders.  

Corporate Boards Moving to Revise Policies in Light of COVID-19 Cybersecurity Scares

Corporate board involvement in IT matters can vary greatly but might become more invasive in the coming years. The latest coronavirus scares has enhanced the visibility of these issues for organizational leaders.  

Navigating through the maze of privacy policies around the world and staying on top of the cybersecurity landscape can be overwhelming tasks for senior leadership without the full support of their corporate boards. As board members continue to hear about the various situations around the coronavirus crisis online and within their favorite news outlets, it is not surprising that they are bringing these strategic questions to executives — trying to determine the extent of involvement needed by the board. Privacy laws are growing in complexity, and cybersecurity risks are expanding day-by-day, making it more arduous than ever for IT teams that are attempting to reduce corporate risk and maintain a secure working environment. Boxing this risk into a manageable scope requires multiple levels of oversight, as well as your board’s firm understanding of the investments that they are being asked to approve.

Corporate Boards Cybersecurity Issues COVID19

Hackers Continue to Focus on Remote Workers

It did not take long for hackers to determine that remote workers promised a new playground for their cyberattacks. The risk factors with remote work can be significant, particularly for organizations that have not planned for this eventuality. Remote access into company databases can easily lead to a breach. In contrast, each email that is sent through a personal machine with limited security instead of a corporate laptop or mobile device can lead to devastation in terms of a ransomware attack. Phishing campaigns are becoming an everyday occurrence as business processes, and procedures struggle to keep up with the constant rate of change with this new breed of remote workers. With IT, risk and audit leaders are looking for ways to justify the additional expenses needed for active monitoring, advanced cybersecurity solutions, and tighter procedures around remote access to critical systems and personal devices. It was only a matter of time before the conversation escalated to the level of the corporate board.

Changing the Paradigm for Board Involvement

Traditionally, corporate boards are focused at a higher level, ensuring that the strategic focus of the organization is correct and that division strategies are supporting the overall business objectives. With the growing concerns facing organizations during the COVID-19 pandemic, boards are increasingly expanding that conversation and getting into greater detail with how remote work and other mid-level matters are being handled. Cybersecurity and business data privacy risks now have the potential for such widespread impact to the organization that board members feel more comfortable digging into specific guidelines around these topics. Even the conversations with board members might be under attack, as incidents such as Zoom security breaches and Zoom-bombing causing leaks for large organizations and schools.

Data protection and privacy are ongoing conversations that are being held at all levels of an organization. Helping your senior leadership understand the cybersecurity risks facing your company can be a challenge, but having this transparency allows your corporate board to feel as though they are part of the solution. See how to mitigate these risks through a more proactive approach to cybersecurity when you contact the professionals at LaScala IT for the practical knowledge and support needed to protect your organization. Schedule your complimentary initial security consultation by calling 734-224-4915 or via email to info@lascalaIT.com.

WRITTEN BY
Greg LaScala