Advice for board members of medium to large organisations that are at risk from the Apache Log4j vulnerability.