The Australian Institute of Company Directors wrote a great article about cyber defense and the knowledge a Board member or a director of business should be aware of.
In this article, the following points should be considered and be front of mind when dealing or managing cyber incidents:
“How well-prepared is the board for an attack?
10 questions boards need to ask.
- Who is responsible for cybersecurity and how is that accountability structured? Should we have a dedicated board committee?
- Do we have regular external reviews and do all of the results go to the board?
- How are we supporting a culture of cybersecurity? Are all employees trained to identify suspicious emails and respond appropriately? Are they rewarded rather than punished for promptly reporting a mistake, such as clicking on a suspicious link?
- Are we investigating alternative ways of storing information that will help to mitigate the risk of cyber-attacks?
- Do we have a business continuity plan?
- Do we have a breach recovery plan that includes limiting damage to our reputation?
- Do we have a media release ready to distribute as soon as we are aware of a breach?
- Do we check that our suppliers are committed to best practice security?
- Do we have cyber insurance and if not, why not?
- Are we prepared for Mandatory Notification?”