Nobody likes a leaky roof, a window that does not close or a door that sticks. When we experience problems like at home, we act quickly to get them fixed. Patch the roof, fix the window, adjust the door.
But when it comes to cyber security, data breaches and securing sensitive information, too many organisations have water and wind coming in through the cracks. Worse, too many passwords, databases, financial reports and proprietary IP leaking out.
As cybercrime and cybercriminals continue to evolve, they are proactive and take appropriate measures to protect your organisation and guard its valuables. This is beyond the bounds of what is being addressed in enterprise risk management (ERM) reports and threats to protect your organisation against data leakage and cyberattacks.
Just like any leak, you can seep out of your organisation through even the smallest of cracks. Yet as of Spring 2018, barely one-third (32%) of North American boards, less than half (48%) of European boards and just over half (54%) of Asia Pacific boards include secure board portal software in their governance operations, as preparing and distributing board packs, discussing sensitive operational matters or sharing confidential documents.
This is just one of the findings of Forrester Consulting’s October 2018 report, Directors’ Digital Divide: Boardroom Practices Are not Keeping Pace With Technology. The report follows Forrester’s April 2018 study, commissioned by Diligent Corporation.
Secure Your Board
If your organisation has not invested in a board portal or secure board software package , how do you ensure the security of meeting packages for your board members (directors)?
In many organisations, the corporate secretary sends PDF documents (ideally, but not always, password-protected) via email. Other governance professionals continue to produce hard copy packages (and entrust external directors’ packages to courier services). When it comes to internal recipients, you may hand deliver their packages or rely on inter-office distribution. This is not only time-and laboratory-intensive, it’s also less secure than a modern, digital process.
But of course it’s not just hard copy that poses data leakage risks. If you send PDFs to directors’ personal email addresses, then they’re definitely at risk. C-level executives and business email systems can be easy to use.
Recognising the risk associated with data leakage may serve as the tipping point when it comes to your directors. If Enterprise Governance Management (EGM) is a new concept for you and your board, it may be one that you’ll welcome.
In simple terms, EGM is the application of technical tools and resources to address governance needs; a portal itself is one component of EGM. As a governance professional, you can not achieve efficiencies when you shift from hard copy or PDF agenda to a board portal, you mitigate risks to your directors and the organisation itself.
Beyond board packs, email and communications are another area of potential data leakage. Indeed, ‘phishing’ attacks – targeted emails intended to receive valuable information (such as logins and passwords) – have a director, director’s staff secretary or assistant, senior manager is targeted.
Email is a potential source of data leakage – are you confident that your messages are secure?
Use a Board Portal to Manage Risk
Do you and your board send any emails in the last quarter that discusses director evaluations, retreats, succession, agenda or strategic planning, external or labor relations, legal issues, a risk register, prospective acquisitions or minutes? Were any of those messages sent to or from a personal email address?
If so, you have been exposed to a great deal of security, both digital and physical. Lost or stolen mobile devices, such as laptops, tablets and phones – Forrester reported that 30% of directors lost or misplaced their devices.
Still, if your sensitive messages and data have gone out of personal email, you’re not alone; in fact, you’re in the majority. Forrester reports that 56% of directors use personal, rather than business-regulated, email to communicate with fellow directors and their contacts within the organisations they lead. Fifty-one percent of C-level executives take the same approach.
Across all regions, even directors whose boards provide board portal software. Forrester’s study highlights some critical misperceptions; for example, while a significant amount of information is being provided.
Making your board aware of these vulnerabilities is just the first step; the next is to identify a solution, search as Diligent Messenger. A practical tool that enables you to communicate with and share attachments, Messenger allows users to send messages and attachments to the entire board, or to specific committees, groups or individuals.
Communicate Better, Not Just Safer
Diligent Messenger allows directors to message each other directly, similar to a text message. You can seamlessly integrate with Diligent Boards ™ or as a stand-alone secure messaging application.
Forrester reports that some 87% of boards are at lease ‘mildly’ concerned about the security of their communications and data sharing; 41% were ‘very concerned’. This is a problem which makes them more likely to embrace an effective EGM solution. After all, what’s what boards do best: identify problems and implement solutions. What are you waiting for?
Want to learn more about why board members using personal or email? Download the full Forrester Report and see how your board should improve their communication practices.
January 29, 2021
Business Continuity Strategy: Options, Best Practice Approaches and Examples
There’s no shortage of things to consider when you’re upgrading your business continuity strategy. For instance: What should your plan cover? What are the critical inputs to the business continuity strategy? What are the different approaches and solutions available? What should the recovery strategies look like within your business…
September 7, 2020
Avoiding Cyber Confusion in the Board Room
It is imperative that Directors understand the cyber risks facing their companies and organisations. The increasingly complex internal and external landscape presents unique challenges for Boards. Several key steps can however significantly increase the cyber resilience of any company or organisation, irrespective of size. The article outlines five key steps…
August 20, 2020
Minimising the Risk of Virtual Meetings: 5 Practices Boards Should Avoid
Months into the COVID-19 lockdown, remote workers—and board members—have become more accustomed to virtual meetings. They’ve found a quiet place in the house, mastered the mute and camera buttons, and fully styled their background bookcases and “Zoom couture.” Yet as virtual work becomes a way of life, not all adaptive…