When it comes to the Board of Directors' responsibilities, the Singapore Institute of Directors lays down some important guidelines. Directors must uphold legal duties, acting in the company's best interests with integrity, diligence, and without conflicts of interest. Directors must also task Management with establishing policies and structures to ensure compliance with laws and regulations, fostering an ethical organisational culture, and managing risks effectively.
In today's rapidly evolving technological landscape, Directors must be especially vigilant on information security risks. With advancements like Artificial Intelligence and ever-evolving cyber threats, there's a constant need to safeguard the company and its employees from potential harm.
Most concerning is the vulnerability of employees to social engineering scams, which can compromise both personal and company data. Additionally, the reliance on IT systems to store critical information means that a cyber incident could have catastrophic consequences, from financial losses to reputational damage. In extreme cases, this can be an existential threat!
To address these risks, the Board has two key responsibilities:
Ensure robust cyber security and data protection policies are in place, including protocols for incident response. It's imperative to anticipate and prepare for cyber incidents, with regular testing and validation of these measures. The Board should actively engage with Management to oversee policy implementation and compliance, through sub-committees like the Audit and Risk Committee. Moreover, staying informed about relevant regulatory requirements is crucial.
Recognise the sensitivity of board-related information and the risks associated with its handling. From board papers to resolutions, this data can be extremely sensitive and requires secure storage and transmission. Traditional methods like printed documents and email attachments feel comfortable, but in fact, it can pose significant security risks. Utilising modern board management software, such as Board.Vision from Trusted Services, can enhance security measures and protect against data breaches.
By addressing both these dimensions of cybersecurity and data protection, the Board can effectively mitigate risks and safeguard the company's interests.