Purple Background
Board and Leadership

Gone Phishing: How to Protect Your Board from Deceptive Cyber Threats

Gone Phishing: How to Protect Your Board from Deceptive Cyber Threats

It’s been around since the 1990s, but phishing—fraudulent emails designed to trick employees and give cybercriminals access to your organization’s network—is still one of the most widespread types of cyber fraud. According to study findings, more than half of all email is spam with the average user receiving 16 malicious spam emails per month,[1] and more than three-quarters of businesses experienced phishing attacks in 2017.[2] And only 4% of asked organizations believe that phishing attacks are decreasing.[3]

But unlike the emails from the past rife with spelling errors and obvious grammar mistakes, today’s phishing emails are professional and sophisticated. Since a phished email may appear to come from someone they trust like their bank or a colleague, hackers can trick even the most careful employees into clicking a link or downloading an attachment.

An organization’s board of directors is responsible for risk oversight—and that includes the risk of a cybersecurity breach due to phishing schemes. The board should understand the risks of phishing and help ensure that the organization is taking a proactive approach to security.

Some ways you can lower phishing risks are by verifying that the organization:


  • Employs a patch management program to address critical vulnerabilities.
  • Trains employees to identify phishing attempts, tests their knowledge with simulation programs and then rewards them for improvement.
  • Implements a board portal software solution that uses multifactor authentication, is encrypted with unique keys and separates content into individual repositories for board/management communication.
  • Hosts data in highly secured data centers, not accessible by third parties.
  • Tracks and reports security activities to the board that includes metrics and trends in vulnerabilities and threats, including identifying employees who are duped by phishing scams, so they can receive additional training.


To learn more about the latest cybersecurity trends and how your board and organization can work to mitigate the risk of an attack, download the white paper, Managing Cybersecurity Governance: Trends in Cyber Threats.