In the vast majority of cases, simple steps can make you safe, or minimise disruption in the event of an attack. But, normally, these decisions are taken by technicians and the Board are not able to effectively challenge or lead.
- How do we get security risks and issues under control?
Every substantial business should maintain a list of risks and issues, with some analysis of the options and mitigations. Each risk or issue should be owned by someone around the Board table who has the expertise, time and ability to manage it. This document should be reviewed by the Board at least annually. The list and the open discussion drives sensible, productive decision-making and avoids a culture of sweeping issues under the carpet. This approach prevents overspending in the wrong areas – it’s all about “proportionate response”.”
This cyber security snippet is from one of our Sister Businesses, Freeman Clarke, Read the to see the full list of 13 questions and answers to allow non-technical Board members to stop hoping for good luck when it comes to security!