Executive and non-executive directors probably think they have other, more pressing issues on their agendas than the need to worry about cybersecurity
. However, if they don’t believe that they and their company are at genuine risk from cybercriminals, then they couldn’t be more wrong.
It’s not only bank accounts that are at risk. A company’s top secrets are similarly attractive to cybercriminals as an incident with Samin Tan, the chairman of one of the world’s biggest mining companies, showed all too well. As reported by The Times
, Mr Tan was targeted by hackers who disguised themselves as Wikipedia researchers in order to retrieve explosive confidential documents from his computer.
Alan Calder, CEO of cybersecurity experts IT Governance
warns, “In the information technology era nobody is safe. Those who have power and possess valuable information are at an even greater risk of cybercrime. Executive and non-executive directors should be telling the board to improve cybersecurity and undertake stricter measures right now.”
Calder explains that a more structured and managed approach to cybersecurity is critical in the fight against cybercrime. Encryption, network firewalls and software applications are no longer enough to ensure data protection.
“Unless security is supported by senior management and implemented at all levels of an organisation, there will always be gaps and inefficiency” says Calder.
The international information security standard ISO27001
provides a structure for doing this, recognising that technology, and risks to information, are at the forefront of the challenges that companies face. ISO27001
evidences the importance of dealing with information security risks by making it a board decision and dealing with the risks in the context of an organisation’s business plan.
Calder adds, “Company executives and chairmen should take responsibility in initiating cybersecurity improvements or they put their own, and their company’s, reputation at risk.”
Bringing an ISO27001 Consultancy team
on board is just one of a few possible options to implement an information security management system (ISMS) and improve data security. ISO27001 Certified ISMS training
for professional staff is a strategic decision that will bring ROI. Organisations with qualified staff benefit from in-house expertise and better application of security controls.
ISO27001 Certified ISMS training courses can be booked online at www.itgovernance.co.uk/shop/c-264-training-courses.aspx