Connect with us

Hi, what are you looking for?


Why boards of private businesses must prioritize cybersecurity

Imagine getting a frantic call from your head of IT. Your accounting personnel have reported that they have not been able to access your accounting system, and that they have been working on the issue for several days now. You have been the target of a cyberattack, resulting in the loss of many records.

This situation is not uncommon. Over the past year, we have seen a significant rise in similar attacks that have been targeting private, and generally smaller organizations. These attacks, while less sophisticated than the well-publicized bank heists and the government-backed intrusions into key infrastructure, make up a large portion of the cybersecurity issues that threaten organizations. They need to be managed.

The current pandemic has changed the way people work almost literally overnight. Businesses temporarily closed their doors, and in-office employees instantly became a virtual workforce. This change has boosted online interaction, opening up companies to increased risk. In some cases, employees have taken matters into their own hands because of the perceived inflexibility of in-house IT organizations. Many have turned to cloud-based, usually consumer-grade digital solutions that they have grown accustomed to in their personal lives. In-place cybersecurity controls and protocols are being tested like never before, while threat actors are exploiting this new work environment and intensifying their activities.

Dealing with cybersecurity in smaller organizations is oftentimes not easy. There usually isn’t a technical solution that would fix all issues and keep attackers out. More often than not, the solution is a painful process of educating users of what and what not to do, or upgrading an old system so that it can be appropriately supported by current vendors. However, these protocols and reminders are usually things that most board members and employees alike have grown tired of hearing about.

A recent EY survey (conducted prior to the pandemic) of over 1,100 private company leaders, revealed that only 17% of those polled had made or planned on making significant investments in technology to reduce risk, including cyber risks. Additionally, 50% feared the reputational or operational disruptions caused by cyberattacks even as they began to invest in digital solutions. This is further exacerbated by the mindset of many smaller private organizations that do not pay particular attention to cybersecurity concerns until it’s too late.

Since embedding a culture of cybersecurity in an organization needs to flow from the top, boards need to be more vigilant with their oversight of cybersecurity risks in today’s new work reality. They should consider the following questions:

• With increased remote access, how is the company’s overall cybersecurity posture being optimized, and is the company evaluating whether additional technology and operations are secure?

• Has management reviewed and tested all security features (e.g., point-to-point encryption, data protection) associated with the company’s videoconferencing tools, including patching, and are vulnerabilities mitigated if patches are not available?

• What changes have been made to security monitoring procedures given the increase in remote workers? Are changes to user accounts with administrative or privileged access being more vigorously monitored?

• Are security personnel effective while working remotely? What physical (in-person) security requirements are not being performed?

• What are the contingency plans if key IT or security personnel require time off?

• How is management maintaining an effective incident response and recovery function considering the need for additional remote access technology and operations?

• Are there additional needs for software, technology, personnel or other resources to augment existing controls?

• Are system updates and patching current?

• Are employees reminded of security awareness protocols because of the increased risk of COVID-19 phishing e-mails or similar tactics?

• Is management communicating with critical suppliers to determine if they are evaluating additional steps to assess and protect their networks?

• Are incremental insider threats being evaluated, including revising print-from-home capabilities?

• What security risks might there be that are related to employee layoffs and furloughs? Are the human resources and IT security teams aligned so that user-access privileges are immediately removed?

• How is the IT security function affected if furloughs or budget cuts are executed or contemplated?

• Should the company’s security personnel review or update board members and C-suite home networks for appropriate security?

Cybersecurity in this unprecedented new work environment is an enterprise-wide concern that critically requires board mandate, support and oversight. The board needs to set the tone and the urgency of cybersecurity enhancements and preparation. As widespread remote working and increased online interactions become the new business “normal,” companies will need to reimagine and reinvent their business models.

A company’s ability to adjust and strengthen its cyber resiliency in response to the dynamics of this health crisis will position the entire organization for a more secure future as new and varied challenges arise.

This article is for general information only and is not a substitute for professional advice where the facts and circumstances warrant. The views reflected in this article are the views of the author and do not necessarily reflect the views of SGV, the global EY organization or its member firms.


Carlo Kristle G. Dimarucut is a Consulting Partner of SGV & Co.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Get the daily email that makes reading the news actually enjoyable. Stay informed and entertained, for free.
Your information is secure and your privacy is protected. By opting in you agree to receive emails from us. Remember that you can opt-out any time, we hate spam too!



A Chinese flag is seen on the top of a car near a coal-fired power plant in Harbin, Heilongjiang province, China Nov. 27, 2019....


Microsoft Corp’s near-acquisition of social media app TikTok last year was the “strangest thing I’ve ever worked on,” Chief Executive Officer Satya Nadella said...


U.S. cryptocurrency markets and related platforms will “not end well” if they stay outside the purview of regulators, according to Securities and Exchange Commission...


Apple Inc’s customers will have to wait for a few more weeks to lay their hands on the new iPhone 13 as supply chain...


The East Asia and Pacific region’s recovery has been undermined by the spread of the COVID-19 Delta variant, which is likely slowing economic growth...


Restaurants continue to operate in limited capacity amid the lockdown. — PHILIPPINE STAR/ MICHAEL VARCAS By Beatrice M. Laforga, Reporter THE PHILIPPINE economy likely...

You May Also Like


Having a good Instagram marketing agency to back up your Instagram account is an absolute must going into the new year. With competition stronger...


Ivermectin, an existing drug against parasites including head lice, has had a checkered history when it comes to treating COVID-19. The bulk of studies...


As a traditionally rigid insurance industry becomes bogged down by antiquated processes and operations, a handful of industry leaders are seeking to shake things...


US President Joseph R. Biden, Jr., will rely on ally countries to supply the bulk of the metals needed to build electric vehicles and focus on...

Disclaimer:, its managers, its employees, and assigns (collectively "The Company") do not make any guarantee or warranty about what is advertised above. Information provided by this website is for research purposes only and should not be considered as personalized financial advice. The Company is not affiliated with, nor does it receive compensation from, any specific security. The Company is not registered or licensed by any governing body in any jurisdiction to give investing advice or provide investment recommendation. Any investments recommended here should be taken into consideration only after consulting with your investment advisor and after reviewing the prospectus or financial statements of the company.

Copyright © 2021 SmartRetirementReport. All Rights Reserved.

Get the daily email that makes reading the news actually enjoyable. Stay informed and entertained, for free.

Your information is secure and your privacy is protected. By opting in you agree to receive emails from us. Remember that you can opt-out any time, we hate spam too!