Are you on a board of directors? What is YOUR role in Cyber protection?

To a not for profit organisation a good board of directors is a force to be reckoned with, combine that with a good CEO, MD or management team and you have an organisation that is going places.

A good board of directors is critical for any organisation because it defines who the organisation is, keeps the organisation on the right track and direction and back stops all of the running decisions taken by the every day management.

That is all good, but if you are on a board of directors how do you maintain your business integrity and make sure that the information that your business collects is protected.

This is not token protection this is full blown cyber security protection.   You have collected information from your supporters, your constituents and your donors and it is YOUR (the boards) responsibility to make sure that information is not used outside the organisation.

A security breach at any level will find the following things happen:

Your donations will slow down or dry up because you cannot promise to keep our information safe.   Just imagine who will give your credit card information if you do not respect it like you would like to have your information protected.

Your government and institutional support will stop or funding will be severely restricted.   For any organisation who gets their finances from a grant or government program imagine how fast that would stop.   You would have to do major changes to your business structure to get back in the good books and be up for a chance for that grant again.

Furthermore a government requirement for business resilience means you have to jump through hoops, have to be audited regularly and put all of the correct precautions in place to prevent it from happening.  If one does happen then somewhere along the line someone has lied.   That is bad mojo!

You staff and clients will be very wary of disclosing information that could damage their reputations or their working capability.   Just think if you are an AIDS related not for profit and your client information was disclosed to the world.   This information could damage people’s reputations, their lives and their ability to work.

Any or all of these problems makes the board of directors and senior management classic litigation targets.   Yes,  your board has litigation insurance – it does doesn’t it,  but although you are not out of pocket your reputation is shot.    Worst still your cause is shot and it will take 3 times longer to recover from the loss than was getting the organisation up and running originally.

Your cyber security role in the organisation is to protect the business information, not to the best of your ability, but a lot more.   You have to ensure that you have the correct technology, management, adaptability and compliance requirements in place.   It is not the place to cut corners as  a breach will have a detrimental effect on your organisation and also on a personal level.

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.