Board members and the C-suite are key targets for cyber threat actors, due to their access to highly sensitive information. Yet too many are putting their organization at risk by using their personal email every day to communicate on sensitive topics. Senior executives don’t just take occasional risks; they work in a permanent state of risk.

The reality is that boards today are intrinsically tied to managing the risks of their organizations – including cyber risk, third party risk, supply chain risk and a plethora of responsibilities such as ESG, compliance, diversity and inclusion. This means that it is essential that they have full control over confidential communications and can securely share information and data for more effective collaboration, especially for rapid response and recovery in case security breach.

Why the cyber threat landscape is different for nonprofits and for-profits

For-profit and non-profit organizations face some of the same cybersecurity challenges. Phishing remains the most common threat vector and the risk of being hit by a ransomware attack is increasing every year.

But unlike for-profit organizations, nonprofit boards of directors not only deal with highly sensitive information such as donor information and fundraising data, but also rely heavily on trust and the good will of their benefactors. This means that the fallout from a data breach is not just monetary; there is also the possibility of donors pulling out after a security incident or potential benefactors shunning the organization following a breach – and the people who rely on the charity’s work suffer.

Non-profit organizations are increasingly becoming the target of cybercriminals. In fact, according to the 2022 Cyber ​​Security Breaches Survey, 26% of UK charities believe they have been attacked at least once a week. But with less access to staff and financial resources compared to its for-profit counterparts, the challenge of data security and cyber resilience is compounded.

Given the increase in attacks on nonprofits and the level of classified information these organizations handle, one would expect board members to be fully aware and adopt best practices. for digital projects and transformation and mitigate operational risk. The solution is modern governance, which gives organizations the tools they need to protect data, streamline collaboration, and ultimately improve decision-making.

What are the main security challenges that organizations face?

Regardless of industry or organizational makeup, it is well known that security is one of the greatest threats facing any digital environment. The pandemic has physically distanced devices and networks and made it harder to lock down digital perimeter defenses, exposing all businesses to increasing risk of costly ransomware attacks.

It is imperative to focus on building a culture of security that sees dedicated cybersecurity tools supported by human vigilance and an understanding of threat levels. Here are some specific security challenges boardroom leaders and their teams face:

• Working in silos increases security risks: It is typical for organizations to have a siled approach to legal, technological and data security, which creates gaps. With a 100% chance of being targeted by phishing emails and the UK government reporting that over 75% of the UK’s biggest charities suffered a cyberattack in the year to March 2022 , having misaligned legal and technology teams provides little protection against increasingly clever attacks. threat actors. This unconnected approach further weakens the response to a potential cyberattack or breach, as strong collaboration from relevant teams is required to provide a rapid response. However, this must be in place before an attack for seamless recovery.
• The virtual world is accelerating the need for secure collaboration: Legacy communication tools such as email and text messaging are common practices for higher organizational communication and collaboration. Yet working from anywhere has increased the risk of insider-initiated breaches – through human error or malicious privilege abuse.
• Internal errors continue to pose a huge risk: According to a recent study by Stanford University and Tessian, 85% of data breaches are caused by human error. It is essential that employees or volunteers undergo regular cyber hygiene training. Information could accidentally be sent to the wrong person, or someone could attach the wrong file to an email. Users can also mistakenly send data to someone who is not authorized to have it. When staff or volunteers make computer errors or do not follow protocols, the data is beyond the control of the organization, and these errors can be costly.

Data governance for a distributed digital world

For nonprofits that operate across multiple sites, proper access privileges and centralized data systems are critical to effective data governance. Security professionals are quickly realizing the need to streamline and secure collaboration and communication tools.

With data being arguably an organization’s most important asset, finding the right technology solution to protect it is a wise investment. Below are the key features needed for a superior data governance strategy to ensure boards, executives, and their teams can securely collaborate, make agile decisions, and mitigate risk:

1. Make sure the communication is encrypted

A real-time encrypted messaging platform is the most efficient means for secure collaboration and is essential for individual or group board communication. Because sensitive data in transit is more susceptible to phishing attacks and password cracking, encryption converts this “plain text” data into a character-based cryptographic key. It is imperative that your technology partner is ISO 27001 certified, the benchmark for digital security. Other important features include the ability to revoke “read-only” messages and attachments. In this way, attachments cannot be downloaded, saved, exported, screenshotted, copied or forwarded to other users. Always make sure that the messaging platform is accessible through a phone, iPad, or desktop computer for texting and emailing.

2. Check that the platforms are integrated

With sensitive information in disparate places – emails, devices and systems – the security risks are heightened. It’s best to select a communications solution that combines messaging, chat, collaboration, and data storage, all contained within a single network of connected platforms. A solution that connects this secure messaging platform to file sharing systems and board management software provides a central workflow for business executives. All sensitive updates, conversations and documents are pulled from insecure channels like email to minimize risk.

3. Make sure the solution is easy to use/adopt

Poor usability is a barrier to collaboration and adoption of the secure system. To ensure board adoption, establish that the chosen communications solution can emulate the functionality and design of day-to-day applications and systems such as email and can provide real-time updates and notifications. It is also important to be able to support communication between groups, such as individual interviews, committees, the full board or the management team. Thorough training on product use and cyber hygiene is essential to ensure continued correct use.

4. Make sure it can minimize weak links

With board members frequently losing or misplacing devices and the added risk of identity theft, these incidents should not be overlooked in terms of the irreparable consequences and financial costs they can cause. The communication solution must therefore allow an administrator to “clean up” lost or potentially compromised devices remotely.

5. Make sure it meets your security team’s standards

Ensuring that the proposed solution meets strict approval from the IT team adds an additional layer of assurance that the organization is properly protected. CIOs and CISOs should ask questions about access and authorization, as well as administrative control of access rights. They should learn about the message retention and deletion process, check whether data is backed up at remote and geographically dispersed sites, and whether the provider offers real-time, 24/7 data performance insights. The solution must meet the board’s needs for password security and lockout policies.

Secure collaboration tools that empower the board

Amid the growing risks and rising costs of cybersecurity breaches, boards, executives, and their teams need to be able to collaborate securely, day-to-day, to drive digital transformation without compromising immediate access to data. most confidential.

Modern governance can equip organizations with the dedicated tools they need to securely streamline collaboration, manage branch and entity data, and deliver insights that empower business leaders to make better decisions, all while protecting what is theirs.