A good board of directors is critical for any organisation because it defines who the organisation is, keeps the organisation on the right track and direction and back stops all of the running decisions taken by the every day management.
That is all good, but if you are on a board of directors how do you maintain your business integrity and make sure that the information that your business collects is protected.
This is not token protection this is full blown cyber security protection. You have collected information from your supporters, your constituents and your donors and it is YOUR (the boards) responsibility to make sure that information is not used outside the organisation.
A security breach at any level will find the following things happen:
Your donations will slow down or dry up because you cannot promise to keep our information safe. Just imagine who will give your credit card information if you do not respect it like you would like to have your information protected.
Your government and institutional support will stop or funding will be severely restricted. For any organisation who gets their finances from a grant or government program imagine how fast that would stop. You would have to do major changes to your business structure to get back in the good books and be up for a chance for that grant again.
Furthermore a government requirement for business resilience means you have to jump through hoops, have to be audited regularly and put all of the correct precautions in place to prevent it from happening. If one does happen then somewhere along the line someone has lied. That is bad mojo!
You staff and clients will be very wary of disclosing information that could damage their reputations or their working capability. Just think if you are an AIDS related not for profit and your client information was disclosed to the world. This information could damage people’s reputations, their lives and their ability to work.
Any or all of these problems makes the board of directors and senior management classic litigation targets. Yes, your board has litigation insurance – it does doesn’t it, but although you are not out of pocket your reputation is shot. Worst still your cause is shot and it will take 3 times longer to recover from the loss than was getting the organisation up and running originally.
Your cyber security role in the organisation is to protect the business information, not to the best of your ability, but a lot more. You have to ensure that you have the correct technology, management, adaptability and compliance requirements in place. It is not the place to cut corners as a breach will have a detrimental effect on your organisation and also on a personal level.