Business specialists and technical experts haven't always seen eye to eye. At times, communication channels have broken down as a result of people being unable to share ideas with one another. Cybersecurity goals sometimes appear as though they're at odds with business goals, but they don't have to be.
The biggest thing to remember about discussing these issues with members of your board directors is to avoid appearing as though you're combative. Computer security experts might feel like they're coming from a morally superior position, but getting on a soapbox and scolding others won't help change any potentially risky behaviors.
Consider framing the discussion as one about regulatory changes. If you can hold a meeting with the board, then bring up how new legislation could change password requirements. When something like this happens, many existing passwords would have to be updated. Pay close attention to the headlines and you'll probably notice a number of potential scenarios where you could hold a discussion.
Once you open the lines of communication, you'll be in a better position to have these talks regularly.
Holding Regular Meetings with the Board
Rather than trying to schedule special cybersecurity meetings, see if you can get yourself into a series of regular meetings to add a quick cybersecurity message to them. Anyone who is allowed to do so shouldn't make this into a special presentation. Consider framing your message as regular input to a conversation on nearly any other topic.
For instance, you could remind people to install updates if you're already discussing new ways to improve the efficiency of applications you're using in the workplace. Make sure to mention the cost benefit of any suggestions you make.
Advice that's extremely cost effective and could potentially save money won't be looked at as a cybersecurity tip so much as it would be seen as a good bit of business sense. You might even find that it's relatively easy to get them to try out new tools once they're in a receptive mood.
Make them feel more included in the decision-making process by offering to create login accounts that access a cyber security dashboard for board of directors. This kind of system would allow everyone on the board to get a closer look at how you create and delete accounts or expunge records. This will also help to reduce headaches in the HR department when people leave the company.
Whenever someone walks away from a firm, there's always a risk that they might still have active credentials that they could use to log into a company's resources with. It may take a few days for HR department staffers to revoke all of these, which is more than enough time for bad actors to gain unauthorized access to sensitive information.
If the executives in your firm have a self-service dashboard that they can use to purge old accounts, then they'll be in a better position to deal with this kind of problem.
They might also be less likely to balk at future cybersecurity changes.
Preparing Your Directors for Future Changes
The presence of major backdoors in countless pieces of software makes it increasingly likely that companies will have to massively redesign their cybersecurity protocols on a regular basis. Whenever a big story hits, you may have to respond with an equally onerous roll-out of updates.
Many executives won't want to have to undergo this kind of switch on a regular basis. If you're treated as one of the team, however, then there's a good chance that they'll be more likely to have something of a positive response when this kind of thing happens.
Pick your battles when you're deciding what to share with the board of directors. Make as many decisions as you can on the IT department level so that you avoid pestering management with questions that might be better answered by technologists than business strategists.
Put together a team that includes as many types of experts as you have access to in your organization. Some commentators have even suggested that penetration testers may have a place on your team.
Once a question does come up that you're not able to answer, you may want to try appealing to the expertise of those on the board.
Show them that you care about their opinions and don't consider them any different than your team simply because they're from a very different business domain than your own.
Select good metrics that showcase the fact that the work you're doing with the board is having a positive influence on the business as a whole and don't ever be afraid to take some advice or even criticism.
Being open to suggestions may not always be the most fun or flattering thing in the world, but it will certainly help you keep everyone on the same page.
Thanks for signing up to Minutehack alerts.
Brilliant editorials heading your way soon.
Okay, Thanks!