Tag Archives: Board

Board Members & C-Suite Need Secure Communication Tools

Board members and other executives are the key target of hackers. There is even a term for it – whaling. This has nothing to do with anyone’s personal dimensions, but rather that they are the big fish in the pond and have the most access to data.

Many times, executives and board members are also not technical so they don’t use sophisticated tools. Hackers know this too.

Boards are directly linked to their organization’s risk management – cyber, third party, supply chain and have other sensitive responsibilities like ESG, compliance, diversity and other subjects.

Non-profits have the additional responsibility of donor and fundraising information and they depend on the goodwill of those folks.

Non-profits also, often, have less security resources to protect themselves with.

So what do boards need to do to protect their companies?

  • Make sure that all sensitive communications between board members and between the board and management – which it probably almost all communications except for the lunch order – are encrypted.
  • Make sure that communications are integrated – chat, messaging, collaboration, store. Easy to use, secure, encrypted.
  • Make sure the solution does not require a year’s worth of training to use
  • Make sure that the solution can minimize weak links like lost devices
  • Include the board and executive family members and home networks – they are often used and outside of the control of IT. Hackers know this and call it the soft underbelly.

If you don’t have a strategy for this, we can help you. It needs to be comprehensive, secure and, most importantly, easy to use. It also needs to be flexible enough to handle the unexpected. Also consider the board and executive non-corporate resources.

Call us and we will help you design a solution.

Credit: Help Net Security

Security News for the Week Ending June 25, 2021

Paying Ransom is Tax Deductible

Under current IRS regulations, paying cyber ransom after a hack is deductible, just like losses from a robbery, but the IRS is “looking into it”. One way the government could discourage ransom payments is if the cost is borne fully by the company’s owners. They still might choose to do it, but at least the taxpayers would not be subsidizing it. Of course, if your insurance pays for or reimburses you for the ransom, then that ransom is not deductible. Credit: AP

How Much Does YOUR Board Know About Cybersecurity Issues

As I reported last week, the SEC fined First American Financial a half million dollars for the data leak they had. The fine was based on the fact that an internal security team discovered the problem that was reported to the SEC several months later, no one bothered to tell FirstAm executives about the issue. The moral of the story is that the SEC is “suggesting” that you keep your business leaders informed about cybersecurity issues. If the SEC does that, assume that your insurance provider will follow suit soon and deny coverage if your executives are not kept in the loop. Credit: Reuters

How Long Does It Take to Fix Critical Vulnerabilities

According to White Hat Security, the average time to fix a CRITICAL vulnerability in May 2021 was 205 days, up from 201 days in April. The water utility sector was the least prepared. 66% of all applications used by the sector had at least one exploitable vulnerability open throughout the year. Even in finance, 40% of the applications had a window of exposure of 365 days, but 30% had a WoE of fewer than 30 days. Given stats like these, it is not surprising that the hackers are winning. Credit: ZDNet

Cyber Breach Insurance Market Set for a Reckoning

Cyber insurance claims spiked this year. Standalone claim payouts jumped from $145,000 in 2019 to $358,000 in 2020. A key metric the industry uses is something called direct loss plus defense and cost containment ratio. It skyrocketed last year to 73% from 42% the previous five years. At 73%, when you add in other costs, that means the industry is probably losing money. This means that premiums will go up, coverage will go down and limits and sublimits will be changing. If you have cyber risk insurance, prepare for changes. Credit: The Record

How Long Does it Take a Misconfigured Container to be Attacked?

Containers are great, but they are not bullet proof. Aqua Security says that based on data they have collected over 6 months, 50% of Docker APIs are attacked by botnets within 56 minutes of being set up.

It takes five hours on average for a new honeypot container to get scanned. The fastest happened in a few minutes. The longest was 24 hours. None of these numbers are very long.

What this means is that you need up your game when it comes to securing your cloud based systems. If you can, set them up in a contained environment (that is not publicly accessible) and harden it before exposing it. Credit: SC Magazine