Insights: Article

Cyber from the Break Room to the Board Room

By Jon Ault

February 25, 2017

The theme for this year’s FBI National Cybersecurity Awareness Month (NCSAM)  is “Our Shared Responsibility”.  All too often, cybersecurity is viewed as an “IT problem”; however, the most effective cybersecurity programs rely on much more than technical solutions to protect an organization’s information.  In today’s environment, cybersecurity is truly a shared responsibility, across all people, processes and technology controls.  Everyone in the organization, from the break room to the board room, has a critical role to play.

Board Room Roles
According to a recent report from Taniam & Nasdaq only 10% of the high vulnerable board members felt that they were regularly updated on cybersecurity risks for their business.  (The Accountability Gap: Cybersecurity & Building a Culture of Responsibility).  The list of risks and concerns for a board seem endless; however, it is important to understand the proper roles for a board in managing cybersecurity risk:

  • Prioritize – Directing management to give cybersecurity the appropriate attention sets the tone for the entire organization.
  • Assess – Expect the organization to complete a formal assessment of cybersecurity risks, utilizing outside experts and following guidance from a proven risk assessment framework.  (Examples:  NIST 800-53 or SANS 20 Critical Controls)
  • Monitor – Establish expectations that the board will be updated on cybersecurity risk management updates on a regular basis.

 
Executive Roles
Executive management plays a critical role in establishing day-to-day priorities for an organization’s cybersecurity efforts.  Establishing cybersecurity as a critical function within the organization and assigning appropriate resources (people and budget) are critical first steps for executive management.  Specifically, executive management should take responsibility for the following in their cybersecurity risk management program:

  • Organize – Assign responsibility for coordinating your cybersecurity efforts and build security into your day-to-day processes.
  • Communicate – Act as a champion for your organization’s cybersecurity efforts.  When staff see that executive management has made cybersecurity a priority, it will naturally become a priority for everyone.
  • Prepare – Cybersecurity risk management programs are not complete if you don’t have plans in place to respond to an incident or breach in your environment.

 
Staff Roles
The list of cybersecurity threats targeting people (not technology) vulnerabilities is growing.  Everyone in an organization need to do their part to reduce the risks against phishing emails, spyware, ransomware and every other threat to an organization’s critical information assets.  Key strategies for reducing social engineering and staff-related risks across your organization include:

  • Training – Attend all available staff training events on acceptable use of company computers and resources.
  • Awareness – Pay attention to news stories about cyber-crime.  Often times just simply knowing about the latest attack methods can change an individual’s behavior and reduce risk.
  • Confirm – Think before opening attachments or clicking on links in emails, especially when they are from unsolicited sources.

As you can see, everyone in an organization plays a critical role in the cybersecurity risk management strategy.  Cybersecurity is not simply an “IT problem” and, as the NCSAM theme says cybersecurity is clearly “our shared responsibility”.  The best risk management programs take into account the right roles & responsibilities for everyone in your organization.

Latest Insights

September 18, 2018
Article
As the largest tax reform legislation in the past 30 years becomes reality, it is important to stay up-to-date on planning opportunities and how reform may impact you and your business. Our Tax Reform: Practical Insights examples aim to break down…
September 18, 2018
Tool
Get ahead of tax season with the Eide Bailly Tax Planning Guide. A supplemental strategy guide to help guide year-end and make the tax laws work for you.
September 18, 2018
Article
The SCOTUS Wayfair decision has prompted a new focus on state and local tax compliance. The decision to register, report, and comply is important.
September 17, 2018
Article
When an IRS Letter 226J is received, it is important to respond timely and with accurate information to eliminate, abate or reduce IRS calculated penalties
September 17, 2018
Firm News
Tom Goekeler, partner at Eide Bailly LLP, has been named chief practice officer of the South Central region, which currently covers our Oklahoma and Texas offices.
September 17, 2018
Article
The recent US Supreme Court decision that overturned Quill in the South Dakota v Wayfair case has many states making or considering law changes related to sales tax compliance for out-of-state sellers.
September 12, 2018
Article
The Tax Cuts and Jobs Act, signed December 22, 2017, significantly impacted inbound tax planning. Non-U.S. taxpayers doing business in the U.S. will need to consider the new tax laws.
September 12, 2018
Article
Applications have made a huge impact on our lives, allowing us to keep track of the complexities of our day-to-day and save for our futures. But it’s important to understand where we are laying our trust.
September 12, 2018
Article
The following steps outline key considerations for businesses as they work to comply with the new sales and use tax rules.