Uncategorized

New Breach Shows That Non-secure Board Assessment Surveys Are A Risky Business

When you do not have the right tools or resources, you can put your organization at risk. But, have you considered this – What if those “not-so-perfect tools”? Would you continue to use non-secure electronic tools?

That’s exactly what the latest data breach, of the survey company typeform, forces us to explore.

Cyberattack on Well-known Online Survey Company: It’s Complicated

Typeform is a Spanish company that specializes in online forms and surveys  that they have been victimized  by a cyberattack that took place on June 27, 2018, and that they are remedied the cause of the breach within 30 minutes. Unfortunately, the cyber criminals had a partial backup of their form before they were collected. May 3, 2018.

Some of Typeform’s customers, such as the Tasmanian Electoral Commission, Bakers Delight, Australian Republican Movement (ARM), Insurer IAG and Monzo Bank, do not touch their affected clients, notifying them of the breach. Monzo reported that about 20,000 of its clients were affected.

Typeform’s Breach Is a Web of Complexity

The Typeform data breach was similar to a 2011 data breach of the email marketing company  Epsilon . The incidents are similar because of the breach affected their clients’ customers. Customers paid Typeform to use their software to conduct customer surveys and quizzes. Typeform said they would inform their customers of the breach by email.

How extensive does this effect customers? Imagine each of the individual’s individual customers could have their own customers which could make up to 10,000’s, which could be amplified by the breach. Typeform’s customers may not have any understanding of their customers.

It was reported that type form were not exactly sure about the type of information that had been obtained through the breach except for particulars; email addresses, twitter names, postcodes, salary bands and others. The officials at Typeform do not believe that the criminals were able to get hold of subscription payment data, passwords associated with type form, payments collected via stripe integrations or audience payment data.

Typeform issued a warning to its clients that cybercriminals may have their email addresses and those affected should  be phishing scams  and spam emails. These emails often make threats and demand. Companies should advise that they do not look right, do not click on it. This incident should also be used as a warning to the general public when they give their personal information to other companies.

Using Online Surveys for Board Self-Assessment

Good governance requires self-evaluation boards, and about  57% of boards are self-evaluating .

Board administrators are learning that offering online surveys is easier and more efficient than distributing paper surveys. Online surveys so make it possible for boards to get the results of surveys anonymously. Applications such as Typeform, Survey Monkey, Google Forms, Client Heartbeat, Survey Gizmo and Survey are popular options for self-evaluation surveys.

As the type form data breach indicates, these platforms require the robust security that companies require for secure sharing data across platforms.

Boards that use personal or day-job email accounts for sending and receiving board self-evaluation surveys add another layer of risk to their annual evaluation process. Personal and business accounts also have a high level of security that boards should have for sensitive and confidential board communications.

Did you know that Diligent has board software tools to mitigate risks with board members with our Diligent Messenger for private chats and diligent Board Assessment Tool  to measure board performance?

Secure Board Assessment Provided By Governance Cloud

Diligent Board Assessment  module, part of our Governance Cloud , what it means to design and build with advanced security measures. The module uses the same high-security standards of Diligent Boards ™; for example, Diligent is ISO 27001-certified for its Information Security Management System, with SSAE 16 / ISAE 3402 (SOC 1, Type 2) controls audited for nine consecutive years.

Using Diligent’s  Enterprise Governance Management  system, board administrators can send and receive questionnaires and surveys using  Diligent Messenger  within the closed environment of the Diligent Boards platform. Industry-leading data encryption keeps board directors’ information safely out of the hands of cyber criminals.

In addition to getting strong security for board business, Diligent’s board evaluation module assists board administrators in tracking board evaluations automatically, which promotes efficiency. Evaluations can be submitted anonymously to allow for honest and objective feedback. Board administrators can therefore create customized reports and analytics to maximize the benefits of evaluating and storing their data within our on-shore data centers .

Diligent’s products are fully integrated and designed so that boards of directors can complete their board business within the platform. Boards no longer has to be compromised because of a breach in the evaluation process or in the process of transferring the surveys.

Best practices for governance  become the standard when boards implement the board assessment module. The Diligent Board Assessment module integrates seamlessly with Diligent Boards ™ to provide clients with a secure and advanced solution for board assessment. The Diligent Board Assessment module is as intuitive as it is secure and informative. As the leader in the industry, Diligent is a front-runner in innovation for total Enterprise Governance Management solutions. The right tool for boards to conduct the board is a board and assessment module, as it is offered by  Diligent’s Governance Cloud .

Featured Blog