Securing Board Communications Inside and Outside the Boardroom

Veronique: Hello and welcome everyone to today’s webinar, Securing Board Communications Inside and Outside the Boardroom. We’re glad you could all join the session today and hope you will find it useful. My name is Veronique Martial and I work in marketing at the London office. The speaker today will be Marco Morsella, who is our VP of Product Design, based in our headquarters in New York.

Just a few general notes before we start. This session will last 30 minutes. You can ask questions, at any time during the webinar via the chat function and you’ll go to webinar panel at the side of your screen. We will try and get through most of them in the last few minutes of the session. Any questions we can’t get to, we will follow up on individually. We will run a quick poll during this webinar. Once it comes up it would be great if you could all participate. Lastly, this session will be recorded and everyone will receive a copy of the recording within the next few days.

Now I would like to hand the floor over to Marco.

Marco: Thanks, Veronique.

Thank you, everyone, who has joined. Good evening. We thank you for your time.

Today, I’m going to talk a little bit about securing communications inside and outside of the boardroom. Before I jump into some of the key points of concern, I’m going to go ahead and just talk a little bit about Diligent.

A little bit about myself, as well, I’ve been with the company over 10 years. My primary goal is working on Diligent Boards. What we’ve done is we’ve built a secure board portal. Over the years what we’ve done is, we’ve onboarded 4,500 clients. We now have 140,000 users, using our product. We are global in 70 countries of clients that are using the product. We have 12 offices worldwide and 5 data centers across Germany, United States, and Canada.

I think the most impressing thing about Diligent is that we have a 99% client retention rate. I think when you have a solution that’s been around that long and you can keep clients continuing to use the product, I think that really puts us as a global leader around the Diligent brand. The thing that we take most seriously is security.

Really what we want to talk about today, as well is the emerging challenge to board communications. Over the past 15 years, as I mentioned, we’ve built a solid, secure board portal solution and what that has done is that inside the boardroom, we’ve offered our clients a way to distribute secure information to all board members and executives.

What’s been happening lately, when you look at the technology today and the way communication is happening outside the boardroom, there has been a serious risk to communication. Right? What’s happening is once board members leave the meeting or communication that’s happening up before the meeting, these users are using a lot of solutions that are insecure. They’re losing control of those communications. There’s more targeted attacks. Even if you’ve read the news, a lot of hacks are happening. What’s happening is communications being sent in error and they’re sending a lot of messages to non-intended recipients and that’s really causing a lot of frustration and concern around what’s happening with communication outside of the boardroom.

One of the things that we want to ask our audience today is, if you think of this notion as “business as usual” and not thinking that it’s not risky, what would you think constitutes the biggest threat in maintaining security over sensitive and confidential company contact today?

Veronique is going to put up a poll, right now, that you can actually participate in. If you just take a minute and look at the responses, please select one.

The reason we’re actually doing this poll is because when you look at today’s communication, are we aware of what the highest risk is, in terms of data leaks, what’s causing subpoenas, what’s happening in terms of what’s causing the biggest concern for a lot of our clients?

Okay, we have the results in. Thank you, Veronique.

41% said inadequate security procedures, 10% said a high-profile public persona making the company vulnerable, and 49% have said co-workers.

While are 3 of these are important and you should be concerned, the biggest concern is co-workers. Applause to everyone, you are aware that co-workers are the biggest concern for risk. Good job.

Let’s talk a little bit about that. Okay? When you look at co-workers and users who are communicating, there’s a couple of key areas that you need to keep in mind. If you’ve read the news recently, I think over the past several months, now more than ever with technology, everybody having a smart phone, everybody having an e-mail account, you can see that there’s been leaks that’s been happening. You can see that solutions that we thought were secure, like WhatsApp, have just come out and said that, “Deleted conversations are really not deleted.” E-mails have been sent in error. We’re not talking about e-mails to a friend. These are highly, highly concerning e-mails such as, an example, [Diorin’s 00:05:46] information leaked, in terms of that, their editor revealed that they’re going to have a large round of lay-offs. I mean, could you imagine what that does to a stock price?

The biggest concern are co-workers. We have no way of knowing what platforms or solutions they’re using to communicate with. Really that does elevate the risk around co-workers, right? How are they communicating and why don’t our clients have control around communication? Let’s talk about a couple areas where this risk is happening. With personal e-mail, as I mentioned, everybody has an e-mail account, not knowing what e-mail accounts they use, if they use Gmail, there is no way to control the encryption. There is content that is being sent, if there’s any attachments, they’re being attached and forwarded on to other recipients. Again, the end user has no control over where those attachments are being sent or how long they’re sitting in a database, that at any time gets subpoenaed and those attachments and/or conversations could be pulled off in a log and reviewed by the NSA or a hacker.

Another one is SMS, iMessage, WhatsApp, as I mentioned before, these are free solutions and they’re free for a reason. They don’t keep control as a focus. They are free because they are socially-based. They want to onboard as many users as they can. Even though they say they have encryption, they don’t offer the level of control. Right? They’re not corporate-focused. Any messages that you send within WhatsApp at any time, those messages can be forward on because what they do is they integrate with your contact’s list. Any any time, you can actually forward messages on to someone who isn’t part of the executive room. Okay?

Lastly, they’re discoverable. At any time, if it gets hacked or a database is asked by the government to pull logs from specific dates, they get that data. They will give that up.

Loss of control with theft. Directors, executives are always traveling. At any time they could leave their phone behind at an airport. Passwords can be easily cracked or you don’t know if these directors or executives actually have pin codes or have a lock screen. If the phone is left behind, at any time, if it’s found you can log in and review any e-mails or messages that were not behind a firewall or behind a security pin screen.

You might be saying, “Well, we have a corporate e-mail.” Right? “We use something that is highly secure. It’s within our firewall.” While, yes, it has some level of control, you still have the vulnerabilities around IT staff, executive assistants. Again, can you really count on someone not snooping around and forwarding any information around company news? Again, this is high risk. If you don’t have control around what communication is being passed around, that puts you and your company at the highest risk and you should be very concerned.

Here’s some stats that we actually have put up because I think it’s surprising when you see some of the numbers around, how many board members are using free-email service providers. When you look at Gmail, almost half the board members and executives out there are using Gmail as a source to communicate highly important and private board information. When you look at the news, things that have been leaked, specifically with Yahoo and Gmail, this is alarming. I think you need to think about your information and content and take it very seriously.

A couple of the key points around our risk summary. We know that senders make mistakes. There was actually a really great article in the Times the other day and that they mentioned, the highest probably mistakes are made in transit. With a lot of our board members and executives having smart phones, they might be jumping in a cab on the way to an airport, trying to communicate or send out a message that’s highly important, highly confidential and they send that in error. It’s a fact. Senders do make mistakes.

Another one is, third parties create vulnerability. When you’re using solutions like Gmail, WhatsApp, iMessage, you have no idea where your messages are going. If they’re sitting on a database, you thought you might have deleted them, but as we have found out, there’s no control around when and how messages are getting deleted. Is it permanent? Is it temporary? That’s a big concern.

Lastly, the third point is, when users have more control than you, that’s when the risk really elevates. Right? You don’t have any control around the communication that’s happening outside of the boardroom. Your end user are deciding how they want to communicate. Now you’ve lost control. That’s a big concern.

When you think about Diligent and what we’ve done and we’ve done it best, we take our clients, we take our data, and we take our communication very seriously. We’ve been doing it with our Boards Solution for over 15 years. Now, given technology, and how communication is happening around the clock, before and after the board meeting, we’re really excited to launch our Diligent Messenger solution. What we wanted to roll out was a very simple, secure messaging solution that executives will want to use.

I just want to talk about a couple of high-level points around our Diligent Messenger solution.

With all our products and our features, we listen to our clients. Our clients came back to us and said there were 3 key points that we had to build into a solution, that they would want to use.

One, we’d have to offer easy, real-time communication. As I mentioned with technology today, every director, every executive has a smart phone. They are using e-mail already via corporate or a 3rd party solution. We have to be able to roll out an option that’s very, very easy to use, it enhances communication, they can onboard very quickly. That was one of the key points we kept in mind with Diligent Messenger.

Another one was, it had to be enterprise friendly and configurable. This was key for us because we build solutions for the enterprise. We take our client’s information and security very seriously and we wanted to allow our enterprises to be able to configure the Diligent Messenger solution, who gets onboarded, when messages get wiped, how long they stick around. That was critical. It had to be enterprise-focused.

The 3rd point was, “You got to keep our confidential information, confidential.” When you have a lot of communication that’s happening out there and you don’t know where it’s going, you lost the fact that any information is confidential anymore. These are things that should be keeping you up at night, when you’re thinking about how things are being forwarded on or if things are being sent in error. Confidentiality was the 3rd biggest point on our list, while we built our Diligent Messenger solution.

Let me talk about some high-level points that we’ve integrated and that work with Diligent Messenger. Again, it’s a 2-minute set-up. We are in the store. When you subscribe to Diligent Messenger, we give you credentials and onboarding that’s very easy. Once you get this invite, executives and board members can download the application, put in a site address, log in, reset their password, and you’re up and running. This is something that we’ve kept in mind, is that it had to be easy to integrate.

The other thing that we’re excited about and part of our overall brand is, we actually have award-winning white glove support. If you’re not aware of this, you can dial Diligent Support at any time, 24/7, and you actually have a Diligent employee with a subject matter expert answering the phone, helping you through, not only our Boards product, but now we’ve extended that to Messenger, as well. The solution is very easy. You can get up and running in under 2 minutes, but if there’s any questions, you can actually dial support right from the phone.

Auto-sync, this is another high-level, key feature we’ve added into the product. This is the difference with our product versus some of the other ones. It you use Diligent Messenger, our clients get to decide which groups and contacts get to message one another. Groups meaning, you can actually onboard a whole executive group, you can break it down by committees, you can break it down by sub groups. You get to decide who are in those groups and who gets to communicate with one another. Essentially, in Diligent Messenger, you set prerequisites of who that contact list is within Diligent Messenger. We do not allow anyone who’s not part of that list to onboard anybody that’s not part of the Diligent solution that you’ve set as prerequisites. If I’m communicating with the main board and I want to include a friend of mine, who’s on another board to weigh in on some decisions we might be making, I can’t do that. We block that option. The nice thing about auto-sync as well, anytime you have new members who join the board, they can be added and they’re part of that discussion history.

Familiar interface, for us this was a key point because there’s already directors using solutions out there. We didn’t go out and reinvent the wheel. We wanted to make the solution as simple as possible. It’s very easy to use. Once they install the app and groups are synced down, they can actually go and start messaging. It feels like every other app out there and it’s easy to use.

Message Undo. One of our big concerns is protecting users from themselves because at any point, everybody’s busy, everybody’s trying to communicate quickly, time is of essence, and this is when a lot of accidents happen. Right? Messages are sent in error. What we’ve realized in our solution, what we want to do is saying, “Look. If you send a message to someone who had a similar name within that group or that contact list, we actually allow you to do, undo. Up to 2 minutes, if you sent a message and you realize it was to the wrong person or you’ve written the wrong message that you want to recall, you swipe to the left and you can undo. At any point if the message was sent, there’s 20, 10, 5 people in that group, even if they received it, once you undo it actually retracts the message and it doesn’t leave any trace of that message on that recipient’s device.

Platform is a key concern of ours, as well. We’ve been talking about the smart phone. We work on an iPhone. We have iPad, as well, and Web. These are the 3 platforms. We’re working on Android, which we’re looking at delivering in January, February of 2017.

One of the things that we’re excited about that we support iPad is, if you use Diligent Boards, we actually support multi-tasking and split-screen views. If you’ve installed the app on your iPhone and in between meetings you’ve been traveling, you’ve been communicating, you can actually fire up the app on the iPad, use split-screen, have your board material on the left, and all conversations you’ve had before and after the meeting, will sync to the iPad. You can continue conversations, you can collaborate while viewing board materials. The really cool, neat feature of our app as well, is when you shut this down and you’re on the go, once you log back into your iPhone, any messages that you’ve had on the iPad app, during your board meeting will sync over to your iPhone. Again, there’s never any disruption in communication. Same thing for the web app. If you log into the web app, any conversations you’ve had on any of the devices will auto-sync over.

Those are just some high-level features of our product and some of the differentiators. One of the things I do want to recap on is, this notion of “business as usual” is very risky. Communication is happening around the clock, before and after the board meeting. I think we have to take this point very, very seriously. We have to continue to keep confidential information, confidential.

We’ve highlighted the point that senders make mistakes. We have to stop sending those errors. As I mentioned, with our product you can recall those messages we allow that for our end users. At any time they can swipe and remove them. We allow complete control from our clients all the way to our end users.

3rd parties create vulnerability. If you’re using Gmail, Yahoo, any Comcast 3rd party solutions, this is a big risk. You need to control this discoverability.

One of the biggest options that we have and our big key differentiator is we give the control to our clients. If you’re rolling this out to your board members and executives, you get to decide on the message lifespan on all devices and archives. We actually have a backend policy setting that you get to decide, how long messages sit around. If you want messages only to live every 7 days and then be wiped, you set that policy. If you need, for compliance reasons, messages to stick around for 7 years, you can always set that at any time or decide that to be your default. Whatever settings you put in place on that day, messages get auto-wiped. Again, we have control given to our clients. They get to set their policies.

Lastly, when users have more control than you, this is the biggest cause for alarm. Right? We’re aware of this, that’s why, when you look at our roadmap and the features that we’re [inaudible 00:19:58] product. We’re putting features, such as disable copy and past or forwarding capabilities, such as you have in e-mail clients. What’s happening is conversations should be within a secure group, they shouldn’t be forwarded on, we allow our clients to set those controls. This will stop any users from forwarding on or allowing copies to sit out in a space that can be high risk.

Again, I can’t stress on more enough around, there’s a lot of solutions out there. There’s hundreds and they’re all free and they’re free for a reason. These solutions are really based on the social space. They’re meant for friends and family. Diligent, a trusted provider of corporate governance solutions, we focus on the corporate enterprise and we’re taking communication very seriously. That’s why, now, we’re excited to roll out our Diligent Messenger solution.

I guess that’s where I want to stop right now because I see there are a lot of questions coming in. Veronique, what we can do is we can take some of our participant’s questions and maybe answer some of the concerns or anything that we might have missed in this presentation.

Veronique: Yes. Sure.

We’ve had quite a few things coming in. Let’s see how much we can get done.

One question was, “How many users can be added?”

Marco: That’s a good question.

As I mentioned, Diligent Messenger is part of the Board solution, but it is a stand alone as well. If you just wanted to use Diligent Messenger for your executive team, you can onboard as many users as you want. It’s unlimited.

Veronique: Okay. Great.

I think you’ve mentioned this before, but somebody’s asking, “What devices is Messenger available on?”

Marco: Diligent Messenger, right now, is available on the iPhone, the iPad and any web app. You can fire up Chrome, Safari, Firefox. You can log in with the same credentials you log in on your smart phone and you’ll see all of your messages there, as well. By beginning of 2017, we’re going to roll out Android support, as well.

Veronique: Okay. Perfect.

There are also some additional questions about other features, such as attachments. Can you give some information on that?

Marco: Yeah. Good question.

Here at Diligent, when we build solutions. We build them for the long-haul. Right? We have a dedicated development team. We have a roadmap that is planned out for the next 6 to 12 months. Really, what we see here is not only offering a solution that has secure communications, but we’re seeing a solution that’s going to be replacing e-mail. We’re confident about that because there’s just too much risk with these 3rd party solutions.

One of the added features we’re rolling out next month is attachment support. Not only can you have secure communications, controlled groups, again this is where we add control where our client’s get to decide if attachments is something they want or not, but if it is you can actually have attachment support. At any time if you have any directors who want to send out a resume, if they’re changing a board seat, you can actually send out an attached pdf file, through Messenger, for all of any of the board members in that to be viewed through Messenger.

Yes, attachments is coming next and we’re excited about what that’s going to allow, in terms of collaboration through Diligent Messenger.

Veronique: Okay. Great.

Now a little bit of a challenge here. Some people are asking about iMessage and other free solutions. For example, Apple announced that it is encrypted. How is that different than what we do at Diligent Messenger?

Marco: Sure. That’s a great question.

As I mentioned before, there’s a lot of solutions out there. When you skim the top and say, “Well. These top 3 or 5, iMessage, WhatsApp”, there’s some other solutions out there. They say, “Hey, we have encrypted messaging that we’re doing.” That is true. They are encrypted, but that’s only half the challenge because whether you have an encrypted message or not, it can still be forwarded on. It can still be copy and pasted into an e-mail and then sent on. Right? What these other solutions don’t have is the control. Really, that’s one of the big differentiators is the control in our solution, allows clients to set those mandates if they allow forwarding, if they allow attachments, if they allow how long they want messages to stick around. You can’t do these in these iMessage, WhatsApp solutions.

Veronique: Okay.

A continuation to that, it’s more about the functionality of such free solutions that we know. What about, for instance, knowing if somebody has read it? The message.

Marco: Great question.

This is only a 30-minute webinar, but our solution has some really great features. One of the things that we allow in the app as a sender of a message is once you send that message, we give you 4 different states, one that it’s sending, one that it was delivered and received, lastly, you know when your recipients have read it. Whether it’s one-on-one or a group, we give you some details around “6 of the 12 board members have read this message”. Again, we have flags on the actual message group.

Veronique: You just mentioned groups. There was another question about groups. “You can also create groups like you can with other messaging apps?”

Marco: Yes. Exactly.

Let’s use a sample of a board. If you just want the main board to communicate securely, clients set that group with those participants. When they log in to the app, they see that on your group, but end users, be it directors, executives can also create their own sub groups. They can call it “Sub Nominating Committee” and then they can add the chairmen and maybe 3 other board members. We allow end users to create sub groups to have smaller disclosed messages, that they can control, they can then add or remove or delete at any time.