The Australian Institute of Company Directors wrote a great article about cyber defense and the knowledge a Board member or a director of business should be aware of.

In this article, the following points should be considered and be front of mind when dealing or managing cyber incidents:

“How well-prepared is the board for an attack?

10 questions boards need to ask.

  1. Who is responsible for cybersecurity and how is that accountability structured? Should we have a dedicated board committee?
  2. Do we have regular external reviews and do all of the results go to the board?
  3. How are we supporting a culture of cybersecurity? Are all employees trained to identify suspicious emails and respond appropriately? Are they rewarded rather than punished for promptly reporting a mistake, such as clicking on a suspicious link?
  4. Are we investigating alternative ways of storing information that will help to mitigate the risk of cyber-attacks?
  5. Do we have a business continuity plan?
  6. Do we have a breach recovery plan that includes limiting damage to our reputation?
  7. Do we have a media release ready to distribute as soon as we are aware of a breach?
  8. Do we check that our suppliers are committed to best practice security?
  9. Do we have cyber insurance and if not, why not?
  10. Are we prepared for Mandatory Notification?”

A link to the full article can be found here or by going to their website at: