3 Cybersecurity Questions Association CEOs Need to Answer

Many businesses face the risk of having their data being attacked by cybercriminals, but sadly, most don’t know it or are simply choosing to ignore reality. Nowadays, cybercriminals do not only attack large multinationals but businesses all sizes. Trade associations, can be a treasure trove for hackers because of their extensive member databases, and hackers can also use Associations as an entry point to attack other businesses. This makes it necessary and of the utmost importance for Association CEOs to be at the forefront of the war against cybercrime. They are the first to be held accountable by the Board of Directors and other constituents when their organizations are attacked. So, they need to arm themselves with the knowledge and tools that are required to fight the war. If you are an Association CEO serious about cybersecurity, you must be able to answer the following questions.

Question 1: When was the last time we underwent a cybersecurity assessment and were vulnerabilities addressed?

The first step in protecting your Association against cyberattacks is having a clear picture of where your vulnerabilities are, otherwise you’re simply fighting a war with your eyes closed. And if you as a CEO want to truly reassure the Board and constituents that you are serious about protecting the organization and reducing the risk of an attack, there’s no better way than regularly undergoing a cybersecurity assessment. Cybersecurity assessments are designed to evaluate your Association’s foundational cybersecurity practices across technology, people, and processes and determine your ability to prevent, identify, and respond to incidents and guide your decision-making on what your priorities should be. This evaluation covers areas, including data and network security, security response and contingency planning, physical security, social engineering, and third-party vendors. Nevertheless, the effectiveness of such evaluations depends on your proactiveness in addressing identified vulnerabilities. 

Question 2: Is our IT company proactively implementing cybersecurity best practices?

Hackers are getting more astute in their profession, which results in more cyberattacks. This makes it important for businesses to go beyond simple security tools and practices and employ more advanced techniques for minimizing vulnerabilities. Your Association’s IT company or in-house staff needs to take proactive and comprehensive steps (or a layered cybersecurity strategy) to prepare for attacks in such a way they can bounce back immediately if an attack eventually happens. A layered cybersecurity strategy involves the use of multiple tools to slow down and, ideally, stop an attacker while making it easy to identify a breach in time. The specific tools will depend on the complexity of your association’s networks. However, you should make sure to work with a security-minded managed IT support company to implement and help you manage security layers such as (at a minimum):

• Firewall
• Antivirus and Antimalware protection
• E-mail security
• Password managers
• Virtual private networks (VPNs)
• DNS level monitoring
• Cybersecurity awareness training at regular intervals and phishing simulations
• Automated Software patching (updating)

You might be interested in our post: Top 5 Cybersecurity Projects for Your Business In 2018>>

Question 3: Are we adequately training our staff to help prevent a breach?

Statistics have shown the first point of entry for hackers into a network are the users themselves. Ninety-one percent of cyberattacks can be traced to phishing e-mails. For hackers to gain access to your company’s IT network, all they need is to get an oblivious user to fall prey to their tricks. It therefore becomes important that all staff members, including yourself and the board of directors, are properly trained on the various ways cybercriminals operate. This will enable you and your team to know all their methods and how to defend yourself against them. If you are not already providing cybersecurity awareness training, you should make sure it is an interactive educational experience. It should combine engaging video training with simulated phishing e-mails, which trains your employees in real-life scenarios they’ll likely encounter. This will also allow you to measure your staff’s progress over time.

Conclusion

As a CEO, there are many things you should know about your company’s IT systems to prevent a data breach. The three questions outlined in this piece are not the only ones you should be able to answer, but they are key in getting your Association on the right path. That said, there is so much you can do about your company’s cybersecurity, and the most effective solution still requires getting an expert company to help. That is what we do at Envision. We give businesses an edge over the ever-expanding sphere of cyberattacks. If your organization is looking for expert advice to implement any of these cybersecurity projects or manage your security altogether, you can contact us for a complimentary consultation with a member of our team.