Cybersecurity in the Boardroom Is More Important Than Ever. Here’s What to do About it

Hospital boards are increasingly concerned about cybersecurity — The reasons why + 7 tips to bolster security

Complaints of internet crimes jumped nearly 70 percent from 2019 to 2020, according to the FBI's 2020 Internet Crime Report. That same analysis of breaches at more than 500 U.S.  organizations found that U.S. companies averaged $9.05 million in losses per incident. The average time to detect and contain a data breach was 287 days. 

According to OnBoard's 2022 Board Effectiveness Survey, 89 percent of board directors, administrators, and staff members see cybersecurity as a vital issue. An IDG Communications report showed 76 percent of CIOs expect to have increased cybersecurity involvement over the next year, and 57 percent say their organizations need security improvements. 

Healthcare organizations are particularly attractive targets for hackers. With so much secure, sensitive information, cyber criminals view the industry as a virtual gold mine. 

What your organization should do 

What steps should your organization take to minimize the chances of becoming a victim? Check out these seven tips: 

  1. Invest in a solid cybersecurity infrastructure. The National Association of Corporate Directors (NACD) recommends that boards include cybersecurity as part of an organization's full-risk management framework to defend against potential incidents and secure operations now and in the future. 
  2. Securely manage all board materials digitally. Stop using printed board books, disclosures and other important materials. They can easily fall into the wrong hands,  especially as more boards meet digitally or send documents through the mail. No solution is perfect, but having a secure, easy-to-use digital board portal with encryption, two-factor authentication, and biometric screening devices (i.e., voice, fingerprint, facial, or iris recognition) is ideal. 
  3. Set appropriate permissions. Not all board members need the same level of access to information to fulfill their duties. Assign appropriate permissions to board members to give them access to what they need, but no more or less. 
  4. Protect meeting minutes. Meeting minutes serve as a board meeting's official record and protect against liability, provide evidence of decisions, and create a clear list of next actions and steps. But when minutes are distributed via email attachments or other insecure methods, they can end up in the wrong hands and expose confidential information that could lead to legal and financial problems. Ensure the method your board uses is safe and secure, destroy notes used to compile them, and make minutes available in a read-only format.
  5. Require directors to communicate via a secure portal. Personal email accounts aren't secure enough for sensitive information. Company emails offer additional access points for phishing and other cyberattacks. Ideally, all board communications would take place within a secure board platform. 
  6. Wipe vulnerable apps. Organizations should wipe any stored data from laptops or mobile phones, both of which are frequently replaced and sometimes donated. Do the same for idle devices that haven’t been connected to the internet for an extended period, such as 90 days. 
  7. Prepare for the inevitable. Ultimately, most organizations will be affected by a data breach at some point. Developing a robust incident response plan and training on that plan allows boards and organizations to respond quickly and effectively when needed.

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Featured Whitepapers

Featured Webinars