Personal Cybersecurity for Board Directors, Executives, and Corporate Governance Professionals

Individual board members, chairs and presiding officers, governance professionals, and executive assistants can take personal action to help guard against unauthorized access to information they possess. They should protect their own personal information, which may be leveraged to aid in a cyber-attack against the organization.

10 Ways Governance Professionals Can Improve Their Personal Cybersecurity

1. Enable multi-factor authentication for everything. Use facial or fingerprint recognition, and one-time codes sent by text message or to a secure app on your phone.
2. Use a dedicated device for board materials; do not use devices shared with family or colleagues, or hotel or public devices.
3. Only connect to trusted WiFi networks or use a VPN when you can’t.
4. Don’t use the same password for multiple sensitive accounts. And use long passwords—or passphrases, which are still long but are easier to remember.
5. Consider what you post online, such as social media and blogs, which can reveal your travel plans, family relationships, and frequented locations.
6. Turn-on automatic updates for your devices, to ensure you have the latest operating systems and software updates, which usually contain security improvements.
7. Subscribe to an identity-monitoring service—such as from Karam, AT&T, and Verizon—to alert you if your personal information is found on the internet.
8. Use a password checkup, such as that from Google, to find out if passwords in your Google Account may have been exposed, are weak, or are used in multiple accounts.
9. Establish guidelines for information security when traveling to certain countries.
   • Ensure your devices (laptop, tablet, smartphone) do not hold sensitive information, or minimize the sensitive information they do hold (e.g., only the board papers for the upcoming board meeting; email only from the last day).
   • Always monitor your devices.
   • Avoid paper-based information.
   • Arrange with colleagues how you will share and communicate information securely while you are traveling.
   • Comply with the requests of customs/immigration to inspect your devices.
   • Consider using code words to replace sensitive business language.
10. Follow your board’s guidelines for secure virtual board meetings and board calls, including these best practices on virtual board meetings.