Digital communication: how board members are inadvertently putting an organisation at risk
With security and confidentiality key governance issues, boards are increasingly ranking cyber risk as a key strategic issue that requires their focus, leadership and governance. Yet day-to-day digital communication behaviour of directors – from how they communicate, to where they keep their board information – is inadvertently increasing their exposure to cyber risk. This leaves organisations vulnerable to data breaches, leaks, litigation, regulatory fines, sanctions, and financial or reputational losses.
A Diligent survey of 118 directors, governance professionals and senior executives across more than 350 listed companies in Australia and New Zealand in 2017 revealed that three key communications practices are putting organisations’ profits and reputations at risk.
Personal email is a common means of communication
Email is notoriously difficult to secure. Most people are aware of the cyber security risks associated with unsecured personal email accounts, such as Gmail and Yahoo!. Increasingly, business email systems are also being compromised through spear phishing and ransomeware attacks.
Despite the obvious threat, the Diligent survey found that personal email ranks in the top three communications channels, behind face-to-face meetings (98%) and on par with corporate email (82%).
Directors frequently download papers to personal devices
Adding to the risk of unsecure email accounts, the survey also found that three-quarters (75%) of respondents download board materials onto personal devices such as PCs, laptops, tablets or smartphones. Every single respondent in the survey reported they use a PC, laptop or tablet for at least some of their board preparation, with some using more than one device. Close to half (43%) say they download board information ‘always’ or ‘most of the time’.
Company servers are the most popular location to save downloaded board materials (38%). More than a quarter of respondents use file-hosting services such as Google Drive (28%) or personal or USB drives (also 28%).
Technology use results in multiple copies of board papers
Almost half of the survey respondents (47%) said they needed paper copies of board information more often than not, even when board papers had already been provided electronically. Fewer than one in five respondents (17%) said they never needed printed information.
Every time an electronic document is emailed, downloaded outside a secured software platform or backed up on a personal drive, a digital copy is created. These copies can be cached and stored across multiple devices and systems, each of which is subject to cyber risk. Avoiding this issue by printing the papers does not alleviate the risk of data security as papers can be misplaced or not stored or disposed of securely.
An organisation’s cyber defences are only as strong as their weakest link. Although digital communication behaviour is not the only cybersecurity issue, it remains a critical element in protecting the security of board communications. If communication methods are not secure as a result of director behaviour, trust and credibility in the organisation can be severely undermined
See how Diligent Governance Cloud can help ensure that your board of directors are utilising the best practices behind secure communications to protect against any sort of data breaches.