(Editor’s note: This is the 23rd installment of a monthly column on the growing number of cyberthreats facing businesses of all sizes and what they can do about it. See previous installments here.)
The boardroom has long been the domain of power players, strategizing the future of their organizations. But in today's world, new and dangerous threats demand a shift in focus: the evolving digital threat that is targeting executives.
Gone are the days when elaborate physical heists were a primary concern. Executives, holding a treasure trove of sensitive information, have become prime targets for cyber criminals. These attackers exploit the ever-blurring lines between professional and personal lives, utilizing executives' home networks and devices as a backdoor into corporate systems.
A 2023 study by BlackCloak and the Ponemon Institute revealed that about 42% of surveyed organizations had a senior executive or an executive’s family member attacked within the previous 24 months. These attacks range from phishing scams to malware infections on personal devices to blackmail. Financial losses due to compromised personal data, reputational damage from leaked information and even corporate network breaches have all been unfortunate outcomes.
The call to action is clear. Executive protection goes well beyond the traditional realm of physical security. Today’s risks require a more comprehensive strategy, involving both the professional and personal digital landscapes. Boards have a fiduciary duty to ensure the organization identifies, assesses and mitigates risks. In the context of cybersecurity, this includes understanding the evolving threats to its executives and the potential impact on the company. Boards must set a strategy for management to implement effective and holistic measures for executives.
Executive teams also play a critical role in developing and implementing a robust cybersecurity program. This program should include cybersecurity awareness training for executives, advanced security software for personal devices and response plans tailored to address breaches involving executives' personal information.
Risk management requires proactive defense. Preparing executives with the knowledge to navigate today’s digital world and its threats is vital. Routine training that focuses on reducing risk related to phishing and social engineering attempts, securing personal devices and building cyber hygiene and best practices for online safety can reduce the risks.
Safeguards are also key. Using advanced monitoring systems allows for quick detection of suspicious activity on executives' personal devices and networks. Early identification of breaches enables security teams to prevent significant damage. The once-casual personal laptop used for checking emails now holds an incredible amount of access to data and systems.
Even the most fortified systems may face breaches. Having a well-defined incident plan ensures a swift and efficient response, minimizing the impact and protecting sensitive information. This plan should include protocols for isolating compromised devices, removing malicious software, recovering data and communicating with stakeholders. Consider leveraging the expertise of specialized monitoring services. These services can monitor for data breaches and help manage the removal of personal information from online databases, reducing the risk of social engineering attacks that exploit publicly available information.
Boards must extend their oversight to include cybersecurity. Regular briefings on cybersecurity threats, trends and incidents should be a staple of board meetings. Effective executive protection requires a unified strategy. Collaboration between boards, cybersecurity professionals and the rest of the executive team fosters a cohesive approach, ensuring both physical and cybersecurity strategies are aligned and mutually reinforcing.
The landscape of executive protection has evolved, and executives must lead by example, demonstrating a commitment to cybersecurity best practices. Understanding the digital threats and implementing a holistic approach are no longer optional for executives. Boards, on the other hand, must prioritize cybersecurity, providing the resources necessary to build a digital fortress around company leaders. By collaborating and embracing proactive strategies, we can ensure the continued success and safety of our organizations in the digital age.
By prioritizing cybersecurity and adopting a holistic and proactive approach, we can safeguard the future of our organizations and ensure their continued resilience in this rapidly innovating and risky digital age.
Next month: The risk of oversharing with today’s artificial intelligence tools.
Jason Albuquerque is chief operating officer of Pawtucket-based Envision Technology Advisors LLC. You can reach him through www.envisionsuccess.net.