Cybersecurity: 5 good governance practices
Articles
Governance
Data security
Cybersecurity: 5 good governance practices
Security breaches don’t just happen to other people. In fact, the recent incidents at Equifax and Uber are prime examples of this. Experts agree that data security is the responsibility of senior management. A few good governance practices established at your SME could help your company avoid being the target of a cyberattack. Here are five actions to undertake to ensure data security at your organization.
- Appoint a digital security manager
While security is everybody’s problem, a company’s advisory committee or board of governors should be charged with appointing a security manager or putting in place a committee dedicated to digital security. There’s no point hiding from potential threats: It’s important to thoroughly understand the operating environment at your SME and its associated risks. A deep understanding of the situation will enable you to orient the corrective measures you need to take in the short term. The individual responsible for data security must ensure that strategies are in place to protect the organization against security breaches.
- Optimize the management of board meetings
The first step in good risk management when it comes to cyberattacks is awareness on the part of upper management. To better manage your SME’s security, you should optimize the management of your board meetings. Certain innovative solutions are also available for improving your governance practices. DiliTrust Exec, for example, is a secure, paperless tool for management committees.
“This solution allows you to create simplified agendas, provides secure distribution of documents to members, unlimited access to meetings and archives and the possibility of resolution approval,” explains Yves Garagnon, president of DiliTrust. Real-time access to information, the ability to take handwritten notes in the app and the possibility of electronically signing documents are just a few of the functions likely to improve the efficiency and security of discussions between administrators.
- Secure your sensitive data
There’s no doubt that cloud computing has its advantages. But every SME using this type of solution must nevertheless keep watch over the security of its data. This means you may want to find a provider with ISO 27001 certification, an international standard for information system security. “Encryption algorithm AES 256, protection against brute force attacks and two-factor authentication are other ways of making your organizational security a priority,” adds Garagnon.
- Arrange for online training
“Employee engagement is key when it comes time to promote an awareness of cybersecurity,” states the expert. Your employees should understand that the consequences of computer fraud will have major impacts on your SME. Furthermore, every employee should participate in preventing such breaches. So it’s essential to involve all of your teams in the vigilance process.
This awareness program often starts with easy online training. “Respecting certain measures can make all the difference. Sending an email from a secure platform, locking your computer at the end of the day and ensuring written passwords are destroyed are just a few examples,” he explains.
- Measure how vulnerable your employees are
“Creating a security policy is good, but you need to ensure it’s respected,” says Garagnon. Setting up and tracking KPIs (key performance indicators) should enable you to optimize the effectiveness of the governance measures you have put in place. At this stage, a number of tactics can be employed to test your teams’ reactions. A phishing simulation or external audit, for example, are two methods that are often very effective. Will your employees pass the test?