Securing Board Communications Inside and Outside the Boardroom

Veronique: Hello and welcome everyone to today’s webinar, securing [Boards 00:00:04] communications inside and outside the boardroom. We’re glad you could all join this session today and hope you will find it useful. My name is Veronique Martial and I work in marketing at the London office. The speaker today will be Jeff Crisci who is the sales director based in our headquarters in New York.

A few general notes before we start. This session will last 30 minutes. You can ask questions at any time during the webinar via the chat function in your GoToWebinar panel at the side of your screen. We will try and get through most of them in the last few minutes of the session. Any questions we can’t get to we will follow up on individually. We will run a quick poll during this webinar so once it come up it would be great if you could all participate. Lastly this session will be recorded and everyone will receive a copy of the recording within the next few days. Now I would like to hand the floor over to Jeff.

Jeff: Thank you Veronique. Today I’m going to be speaking about the security provided by our core product, Diligent Boards, and some emerging securing threats to sharing the board materials that are inserted by end users in the process of sharing those materials. Then we’ll get into a new product from Diligent called Diligent Messenger that will solve those challenges that we’re seeing today.

A quick word about Diligent before we get into the details. Diligent has been around for about 15 years in the board portable technology space. Our flagship product, Diligent Boards, is the world’s leading solution to securely create, distribute and collaborate on board meeting books and materials for board meetings. We provide this platform through a Software As A Service and we’ve been very successful in doing this, delivering our platform to nearly 5,000 customers and over 140,000 board members worldwide and helping make their transition from paper board books to digital communications and collaboration solutions. We’re most delighted to say and very proud that our client retention rate is over 99%, which is industry leading in both the Software As A Service base and certainly the board portal space as well.

Let’s talk a little bit about the challenges we’re seeing in securing communications amongst board members and executives. As I mentioned the Diligent Boards product is an industry leading solution that does a very good job of securely sharing board materials amongst those team members that need to collaborate and comment on materials before, during and after a board meeting. However there’s often a desire to share these materials and content from these materials with other folks, third parties, folks outside the board room. This inserts a number of different risks that can [create 00:02:56] exposure for those very private and confidential materials and communications.

Some of those risks include personal email accounts, loss of devices or even theft, even something as simple as leaving a device on a counter top or a board table can create risk, and user error is a common problem that we see consistently, and even corporate email, something that we all take for granted as being a secure way to communicate has a number of risks associated.

I’d like to pause now and take a quick poll of the audience and understand what our perceptions are about the biggest risk to information security and sharing information out there today. Okay, thank you. Thank you for the participation. As you can see 94% of us actually highlighted inadequate security procedures as the biggest threat to information security. It turns out when you look a the data and you look at the results in the marketplace, co-workers actually are the biggest threat to information security. We as personal users of these technology tools within our personal lives and our business lives actually create a tremendous amount of risk. We’ll see that as we go throughout our presentation today.

Given what we just saw there and mentioned in terms of end user security risk I wanted to share a few stories in the news about ways that our personal and corporate information’s really under siege. These are all very recent stories, literally in the past five to six months. Everything from the hack of Yahoo that exposed literally hundreds of millions of emails to folks with malicious intent, to newer tools like WhatsApp that are on the market and sometimes being used in corporate environments to share information, being a little more transparent about the risks of security with that platform. Then Dropbox being hacked, that’s a platform that certainly is used to collaborate at the board level and share documents, that’s a big risk.

Then two very recent stories, the former US secretary of state, Colin Powell, had his Gmail account hacked about six months ago and recently it came to light that within that hack he inadvertently exposed to the world at large a salesforce.com board level presentation about M&A targets. This of course is very embarrassing to Secretary Powell as well as to salesforce.com. Probably most importantly the information contained in those documents could have be very germane to the public markets and moved share prices on companies, creating a major risk in the stock market, very big risk there.

Number two, recently Barron’s, a large publishing company, their CEO, he inadvertently essentially announced a massive layoff to the entire Wall Street Journal newsroom and the relative sizes of buyout packages that were happening amongst those team members. This happened simply because of an inappropriate use of corporate email. Instead of forwarding the email discreetly to the executives he wanted feedback from, he used a reply all tool and exposed it to again the entire Wall Street Journal newsroom. A major error there that created major embarrassment and probably some financial exposure for them as well.

Let’s talk in a little bit more depth about these end user inserted security risks. Number one, personal email is the number one risk that we’re seeing at the board level. These emails are not encrypted, they’re in free text throughout the internet. Probably most concerning is they live forever. If we all have multiple devices now that we’re reading email on and I send an email to say ten people, we can rest assured that it’s probably sitting on at least 30 devices out there and may never be deleted. It’s also sitting on those shared networks and shared servers that our service providers are using to send those emails.

As we’ve also seen very prominently it’s often the target of malicious attach. In particular when we’re talking about board level folks that in some cases may be household names and indeed targets of those attacks, we have to be very careful of using that kind of communication tool for these sensitive communications. Another risk we’re obviously seeing is the use of standard text tools that are on all of our mobile devices. These may be a little better because they do use encryption but there’s limited authentication with these solutions. There’s really no corporate control and a lot of the content can still be forwarded, cut and pasted and shared.

A common problem is it’s simply frequently sent to the wrong contact. We all have large contact databases in these mobile devices today and it’s very easy to select Jeff Hilk instead of Jeff [inaudible 00:07:49] and send to the wrong person. Once it’s out of your device it left the barn and there’s no way to get that information back and protect it. Devices are often lost, they’re often stolen, they’re often left in vulnerable positions around our corporate offices or our homes. In any of these situations there’s a risk that if sensitive is exposed through a text or an email it could be easily be seen by the wrong person.

When there is malicious intent our passwords are very easily cracked by available tools. Finally corporate email exposure, I touch on this because it’s such a security blanket for us but it is a very risky way to send very sensitive information because it can often be seen by IT staff, it can be seen by executive admins and as we saw with the Barron story it indeed can be inadvertently used and has many opportunities for mistakes to be made, even if we’re best intentioned to share information [innapropriately 00:08:50]. A key problem with all of these tools that we’re using, creating risk, is that the information is almost always discoverable.

The corporation has really lost control over it. One final point about the risks with these email solutions, lest you think that your organisation is immune. We’ve surveyed our very large customer base of 5,000 companies and 140,000 end user, and found that at least 30% of our board members are using free email service providers. It’s just in my day to day conversations with our customers and our prospects that I can certainly validate those numbers, literally 100% of the companies I’m speaking to state that their directors are using Gmail, AOL, Yahoo type accounts that are free services out there.

In summary, senders are going to make mistakes. It happens all the time, it’s going to continue to happen and part of the reason they make mistakes is because the tools that they’re using are very susceptible to those mistakes. The third parties that we’re using with these tools also create vulnerabilities, especially with these consumer based services, end user end up engaging in some very risky behaviour. Then finally your end users who are sharing this information, they really have more control over it than you do.

At Diligent we’re of course known for helping our customer and the market really keep tight control and secure the board content for their board meetings. Our 5,000 customers have asked us to be this reliable partner to securely build and distribute these confidential board materials. Now we’re introducing this new tool, Diligent Messenger, that’s going to bring that same level of protection that we bring to board materials and board content, what used the board paper books. We’re bringing that same level of security and protection to the enterprise’s most time sensitive and mission critical messages at the board level.

With that I’d like to introduce you to Diligent Messenger, which is a very simple yet secure way that executives and board directors are going to want to communicate and use for all their information sharing at the board level. When we asked our customers what they needed most out of a secure messaging solution we heard a number of things. I think these are good best practices that you should consider when looking at any communication tool.

First and foremost what we’re introducing is a secure messaging platform that’s tightly integrated to our Boards product. What this does is it enables secure person to person and person to group communication that’s private yet it gives the corporation a high degree of control over the distribution and retention of this information. The solution that’s emerged for us here has four key pillars that distinguish it from all the risky solutions that we’ve talked about today.

The first pillar that I’ll talk about is authentication. With Messenger you’re going to authenticate to your own environment, your own company environment, your own Board environment if you choose to go with Diligent Messenger, not a wide open carrier or service provider network. This is a much more closed secure communication environment that even corporate email might be.

Number two is encryption. We have to have assurance that all our communications are encrypted in transit and at rest. This is to avoid those situations where someone can just pick up a device and sit it in clear text on a table top. With Diligent Messenger everything is protected behind passwords and thumbprints to ensure that none of this information can be easily seen or [inaudible 00:12:31] on the internet.

Number three is privacy. Especially with the types of communications that are taking place at the board level with very high profile public figures, they demand that their communications are kept private and with the tools they’re using today they simply are not. With a tool like Diligent Messenger we can assure that their communications stay private.

Finally control. Board members move on, they retire, sometimes they make mistakes that need to be re-mediated. When these challenges arise Diligent Messenger can provide the tools that you need as a corporate entity to ensure that these communications that they [inaudible 00:13:09] previously sent can be retained if necessary or delete immediately. If devices are lost or stolen those messages can be wiped out completely and ensure that all your information is well protected.

Finally, all of this must be built on a foundation, a really good foundation of policy and good best practices. It’s really important that you share with your board, with your directors the right ways to communicate very sensitive information. You probably have some risk with folks using these personal email tools and text messaging applications so it really goes without saying that a tool like Diligent Messenger should be a key component to any such policy, but do make sure you have a good policy in place for how to share your most sensitive types of information.

A few key benefits of the solution. Number one, in addition to the great security we’ve talked about, this solution’s going to be extremely to use. It’s meant to be easy real-time communication so that folks don’t need to learn a new way of doing things. Number two, again it has to be enterprise friendly to give you that proper control so that you can customise it for your own governance and regulatory requirements. For example if you need to archive information you can keep it for seven years, or if you want to get rid of it in a very short time fashion you can delete it in seven days. You as an enterprise are in control, unlike with all those other solutions where the end user has more control than you.

Finally we’re giving you and your end users the confidence that their very private information is kept confidential and can remain confidential in perpetuity. Let’s take a look at the application here and talk a little more about how it’s setup and how it works for end users. Number one, back to my earlier point on the previous slide, this is a very easy platform to use and in fact an easy platform to setup. It literally takes about two minutes to onboard end users and if you do happen to go with Diligent Boards as well as your board collaboration software platform you would use the exact same login credentials that you do with that tool as well.

We also back this all up with our award winning customer support and customer success organisation that really provides white glove support and ensures that your users are on-boarded and trained properly to use all the tools they have at their disposal in an efficient and secure fashion. When you do use Diligent Messenger in conjunction with our Boards product you’re going to have consistency across both platforms. You’re going to have group communications that are based on standing groups in our board collaboration software platform such as audit committee, compensation committee, et cetera. You’re also going to have the same contacts that are reflected in the boards platform in your Diligent Messenger platform. That’s not to say that you have to be a member of our Boards product to utilise this product. You can expand this all throughout your organisation many tiers of executives and in fact the entire enterprise.

One of the nicest things about this products is it’s a simple transition because it’s a very familiar interface. It feels just like text messaging does on your current personal tools today. However it’s backed with that industry leading security. We of course know that all folks don’t have iPhones so we’ve deployed this on iPads as well and we’ve also built a web based application that can be used to facilitate the same type of message communications that would be available on any other platform. If you have an Android or a laptop or other device that you want to communicate with, you would simply log into our web based portal for Diligent Messenger and be able to communicate that way. When you are having conversations across multiple devices as I often do in my work day between my phone and my laptop, those automatically sync across all your devices.

Finally, back to our underlying theme here about privacy and confidentiality, we’ve embedded features in the product to help you maintain that confidentiality and privacy. If you do happen to send a message in Diligent Messenger to the wrong contact within your small board environment you can quickly undo that message and pull it back. We’ve put tools in place to ensure that you can’t copy and paste and forward messages to the wrong folks as well.

Business as usual remains very risky out there in the enterprise marketplace so we’re going to continue to invest and put tools in place to help you keep your information confidential. We know that senders are going to make mistakes and indeed continue to make mistakes but we’re designed to help prevent those leaks by preventing those mistakes. The unique interface of Diligent Messenger because it’s so easy to use is going to really help you eliminate a lot of those user errors that lead to those data leaks, and because we built some of those features in like the undo feature the users can simply recall those messages when they’re accidentally sent. Finally you’re going to be able to manage who has access to this messaging environment so that you don’t ever let it get in the wrong hands.

We talked about the third party vulnerabilities and we’re eliminating that part of the equation here by enabling you to control discoverability. We want you to have 100% control over your compliance, regulatory and corporate governance needs. We allow you to do that by controlling the message lifespan on your user’s devices and within the archive that we’ll keep for you. Finally, when you need to wipe devices of these messages because folks have left the organisation, you can do that, again you’re in total control. Finally, we know in the old world, pre-Diligent Messenger the end users had more control than you. We’ve put tools in place to ensure that now that control’s back in your hands because we’ve disabled those risky types of features that are available in so many consumer based and frankly corporate email applications.

Finally, we know there’s a lot of good tools out there that we all use as consumers for messaging our friends, our family and even our co-workers on a social basis, but let’s keep those strictly for our friends, family and co-workers outside the work setting. Those tools like SMS and iMessage and Gmail are great for that but when we’re talking about enterprise level communications, particularly at the board level where your end users are very high profile and sharing very sensitive information, Diligent Messenger is the tool that you’re going to want to use for those types of board level communications.

With that I’ll turn it over to Veronique and the audience for any questions we may have.

Veronique: Yes. We did have a couple of questions come through. One gentleman asked, “What are some ways current customers are using the product?”

Jeff: Yeah, that’s a great question. One thing we’re tracking very carefully is customer use cases for this product, especially at the board level. They’re using day to day certainly to share commentary and information about what’s in the board packages. They’re using it in the board setting to have very discreet conversations in parallel to the board meeting that’s actually happening in place. There’s an interesting feature with the new iPads in iOS 10 that enables you to multitask, so a customer might have Boards up on one side of the screen and Messenger up on the other side and have a discreet conversation about some content in the meeting that wouldn’t be appropriate for the entire audience. That’s been a very effective way.

Another way is resolutions. All boards vote on resolutions from time to time. Diligent Messenger is a great way to post those resolutions within a group and then share group commentary about those resolutions, which can really help truncate discussion in the board meeting and ensure that you can eliminate the discussion at the board meeting level and quickly get a to a vote. We find that our customers are actually shortening some of the discussion time by using Diligent Messenger. Those are just a few common ways that we’re seeing today and I’m sure that will continue to evolve as time goes on.

Veronique: Another question we had come through was, “Do you have to use the Board product to make use of Messenger?”

Jeff: No. That’s a great question. No you do not. We will take customers for the Messenger product in an of itself. You do not have to use the Boards product to use Messenger.

Veronique: Great, thank you. We have another question, “Can you attach files to messages?”

Jeff: Yeah, that is a feature that’s coming in our next release, which will be this month. This is actually a relatively product for Diligent. We launched this about six months ago and because we had so much demand from our customers for the basic secure messaging control aspects of the product we launched it without attachments. That’s certainly been the number one feature request that will be delivered here in the month of November.

We have a question about using this platform for document control as well. For example sharing and managing temporary access to sensitive docs, assuring no duplication and recording of those documents. That’s not what Messenger is designed for but the Boards products would certainly be an appropriate way to temporarily share documents and then pull them back at a later date if they were no longer needed. I would suggest you take a closer look at Boards for that use case. Messenger would be more for sharing those documents on a as needed basis but it wouldn’t grant temporary access, that’s something you’d do more in the Boards product.

We have question, essentially the pricing. I think we have two questions here about pricing and packaging. The Diligent Messenger product is an add-on module for current Diligent Messenger customers. It’d be actually priced separately from their current core solution spend under the Diligent Boards product.

Veronique: Okay. I think we have one final question, “Will this product be also available for Android or just for iOS products?”

Jeff: Good question. As I mentioned we do have a web based product that would allow you to utilise the product on Android today. In addition to that we are in development on an Android client that will be available in the early part of the first quarter of the next year.