Two Ways to Measure Your Board’s Cybersecurity

  • By: Ross Moore
  • August 22, 2020
Reading Time: 3 minutes

According to Accenture, 68% of business leaders feel cybersecurity risks are increasing. While this heightened awareness is a positive development, the security of board materials is all too often still a blind spot for many organizations. They know security is important, but not how or why.

When it comes to board management software, there are two different ways one can measure cybersecurity effectiveness: Performance Metrics and Reputation.

Using Performance Metrics to Measure Cybersecurity

One way to think about cybersecurity is to use KPIs (Key Performance Indicators). The list below are KPIs you can use to measure and gauge your board management platform’s overall security effectiveness:

  • Strong Password: Each account is secured with a strong password (i.e., no dictionary words, no personal information, and a mix of letters, numbers, symbols)
  • Unique Password: Each account requires a different password and alerts you if it has been previously used
  • 2FA: Users can log in using 2FA (two-factor authorization, or accessing an account using a secure method separate from a password)
  • HTTPS: An encrypted, more secure version of the protocol used to send data between a web browser and a website.

These KPIs are actually interconnected; one builds on another. The best protection for your board management platform account requires a strong password, verifies it is unique, offers login using 2FA, and secures all online communications between browser and website. This interconnectedness offers more effective security.

OnBoard comes with these interconnected KPIs built in. This not only makes its data infrastructure more secure but also provides boards with the peace of mind that comes with knowing their sensitive documents and communications are protected.

Using Reputation to Measure Cybersecurity

The most significant asset for any organization is its reputation: the trust of its users, constituents, and community. The unauthorized release of confidential board information can instantly impact an organization’s financial position and brand – and not for the better. Identity management provider Ping Identity reported 78% of consumers stop engaging with a brand online after a data breach and 36% stop engaging with a brand altogether.

At OnBoard, we know that an organization’s reputation depends heavily on our platform’s ability to prevent data breaches and keep unauthorized users out. Behind the scenes, our security team works around the clock to secure the infrastructure and code of OnBoard with numerous security tools. We employ continuous monitoring and alerting for anomalous activity in the Azure environment, provide 2FA for logins, and encrypt data-at-rest (how data is stored when no one is accessing it), and many others. Additionally, we regularly perform external audits on the third-party vendors we work with, including risk and performance assessments. OnBoard is SOC 2 Type 2 certified, demonstrating to our customers our commitment to appropriate safeguards and procedures while assuring them that the platform meets their compliance or IT governance requirements.

Click here for a deeper dive into OnBoard’s security infrastructure. Your organization’s reputation could depend on it.

An Investment Worth Making

Cybersecurity is an investment. That investment could include:

  • Upskilling current IT staff with certifications or classes
  • Upgrading in-house technology or outsourced services
  • Activating the security tools that come with popular products and services such as Microsoft 365 and Adobe Creative Cloud
  • All of the above

All of this investment should lead to better data. After all, the better the data, the better decisions you make. Better decisions lead to better security and a better reputation.

About The Author

Ross Moore
Ross Moore
Ross Moore is the Cyber Security Support Analyst with Passageways. He was Co-lead on SOC 2 Type 1 implementation and Lead on SOC 2 Type 2 implementation, facilitated the company's BCP/DR TTX, and is a HIPAA Security Officer. Over the course of his 20 year IT career, Ross has served in a variety of operations and infosec roles for companies in the manufacturing, healthcare, real estate, business insurance, and technology sectors. He holds (ISC)2’s SSCP and CompTIA’s Security + certifications, a B.S. in Cyber Security and Information Assurance from WGU, and a B.A. in Bible/Counseling from Johnson University.