In only the past few years, cybercrime seems to have become mainstream, with malware and ransomware attacks disabling government organizations and financial institutions the world over. However, while the headline-grabbing attacks may be targeted at some of the world’s largest organizations, everyday cybercrime regularly targets smaller institutions especially in finance, government, and those that are public.
Small and medium-sized organizations become easy targets for cybercriminals for several reasons:
- Their IT departments typically have fewer resources than those of large organizations.
- Finance, government and publicly-traded companies have “high-reward” user and financial data.
- Sensitive data can be sold for high prices on the black market.
In recent years, email has become the weapon of choice in cybercrime with directors and executives themselves as common targets. Often, attacks known as “spear phishing” will target an individual in a prominent position at the target organization in an attempt to gain login information, access to data or documents, and access to the organization’s entire network. Spear phishing attacks come in the form of an email, typically masquerading as a legitimate email from a colleague, client, or business partner. An attachment containing malware will infect the user’s computer and give cybercriminals access to sensitive documents or even the rest of a business’s network.
Symantec Corporation, the world’s largest cyber security company and the Government of Canada recommend these steps corporations and their directors can take to avoid falling victim to any kind of email scam:
- Don’t respond to emails requesting private information, or click on links or attachments from unknown sources.
- Be on the lookout for email scams where the message is alarmist, has spelling mistakes, offers a deal that is too good to be true.
- If in doubt, call to authenticate the message with known or public contact information.
- Keep your secrets secret – Board directors are generally obligated to be identified on the organizations’ website but be cautious with sharing email addresses.
- Use passwords that work – Every password for every site you visit should be different, really different. Random letters and numbers work best. Change them frequently.
- Have up-to-date Security software in place – be protected by Internet security software, and it should always be up to date.
According to CNBC, using file sharing apps like Google Docs and Dropbox, makes an organization incredibly vulnerable to spear phishing. Because Google Docs and Dropbox connections are HTTPS-encrypted, they cannot be scanned for malware, and it’s easy to make them look like legitimate business documents.
How to increase board information security
What can you do at the board level to protect your organization from cybercrime? Board portal software was developed as a first line of defense against cybercrime. Board portals ensure all board communications are secure from cybercriminals and that your directors won’t be tricked into spear phishing attacks.
Board portal software lets administrators share board related documents for meetings electronically with total security, both online and offline. It also closes down opportunities for directors to make a mistake and carelessly expose an organization’s most confidential data and documents.
As cybercrime becomes more widespread, and cybercriminals more inventive and malicious in their activities, board directors are wise to evaluate a means of protecting board communication.
Let us get you started – read our Board Portal Security Guide.
“Aprio Boardroom was quick to set up and easy to use for both our administrators and directors. Our directors particularly like the ability to view and access documents immediately, no matter where they are.”
