By Tony Bradley
Oct 17, 2017
It’s commonly accepted that your users are the weakest link in your security chain. That is actually not true in a lot of cases, though. The reality is that your true Achilles heel is probably your board of directors.
That may seem crazy. I mean, the members of the board are ostensibly respected individuals with integrity—people you trust with sensitive company plans and information. That, however, is precisely what makes members of the board of directors an attractive target for would-be attackers.
See, you have security tools in place on Alice’s computer in Sales, and you have security policies in place to govern access and information handling for David in Accounting, but Alice and David don’t have access to the most sensitive information the company owns.
Rick Howard, chief security officer of Palo Alto Networks, pointed out that board members, on the other hand, are not employees and generally operate completely outside the scope and protection of your information security tools and policies—using personal computers and mobile devices.
Furthermore, many board members are members of multiple boards, meaning there is a good chance that their computer or mobile device is a goldmine of sensitive data spanning multiple organizations. It’s easy to understand why board members are simultaneously the low hanging fruit and the Holy Grail for would-be attackers.