The image was sourced from https://www.hitachi-systems-security.com/blog/cybersecurity-board-of-directors/
“Technology is the future!” That is the cry of the starry-eyed millennial as (s)he prods the management of his/her company to embrace the latest application which promises to reduce man-hours by 80%. Meanwhile, the headlines are awash with distressing news such as the Equifax scandal in which hackers gained access to data on about 148 million customers; and more recently, the decision by Google LLC to pull the plug on Google+ following a software glitch that exposed the private data of thousands of users to outside developers.
With the increased deployment of technology in the workplace, cyber risk poses a hazard to businesses which threatens to surpass, by infinite proportions, the effects of financial misstatements in the corporate scandals of Enron and the Lehman Brothers.
The typical types of attack that a company is exposed to are state-sponsored attacks, hacking by organized crime, insider trading and “bad leavers” – staff who resign from a company on not-so-cordial terms. Information targeted in these attacks are often intellectual property, financial or embarrassing information. The risk of data breach is also increased by employees working from smartphones and laptops with unsecure connections.
In the light of the Board of Directors’ responsibility to control the various risks to which their companies are exposed, it is pertinent for the Board to establish practical policies and procedures by which they can be notified of data breaches in a timely manner. In other words: proper governance.
Experts suggest that in order to manage cyber risks, Boards should set up a governance mechanism that is analogous to a financial audit: a Board Data Security Committee headed by an information technology expert, an independent auditor who reports to the Board, and frequent review meetings at which the company’s cybersecurity policy is checked against new risks. Board members are also encouraged to obtain information through secure Board portals which reduce the use of personal and workplace emails. This way, cyber-security is embedded in the company’s corporate practices/policies and tech-happy millennials remain, well, happy.
Cybersecurity has often been described as an oxymoron because as the veterans say, the question is not “if” your system will be invaded, but “when”. And when it does happen, it would be nice to know that your company’s Board is aware and well prepared.
The contents of this news alert are meant for the general information of our clients and friends and do not amount to legal advice. All enquiries on the subject may be made to: email@example.com
Adepetun Caxton-Martins Agbor & Segun
9th Floor, St. Nicholas House, Catholic Mission Street, Lagos Island, Lagos State, Nigeria.
Telephone: +234 (1) 462 2094; 462 2480; 740 6743 Fax: +234 (1) 461 3140