Unfortunately, Salesforce.com, Inc. is the latest victim of an explosive, market-moving information breach. Last night an internal board presentation containing sensitive details of M&A targets was made public as a result of an email hack.
The presentation was contained within thousands of emails belonging to former Secretary of State Colin Powell, and leaked back in September by “hacktivist” website DCLeaks. Mr. Powell sits on Salesforce’s board of directors.
The 60-slide presentation deck, titled “M&A Target Review,” and marked “draft and confidential,” listed 14 potential acquisition targets including Adobe Systems and Pegasystems. The presentation was sent ahead of a board meeting slated for May 20, in the middle of a busy acquisition period for Salesforce. The information contained in this presentation offers an insight into the confidential high-level discussions that take place in the boardrooms of all corporations.
The news is a harsh reminder that board material should never be communicated in an email that goes outside of the company’s firewall. A string of recent high-profile hacks makes it extremely clear that email is no longer a secure way for high-ranking executives to communicate and/or share confidential information.
Just to put this in context, almost all boards have members who use email addresses outside of the company’s firewall. Based on our research, about 80% of boards have at least one member using a free email address despite the growing rate of reported attacks. Our CEO Brian Stafford said:
“If cybercriminals can profit from gaining access to your company material, you are already a target. Email has inherently weak security, and is notoriously easy to hack. Using standard email to share board level materials opens up your most confidential company information to an array of risks. It’s not a matter of if a hack will happen, it’s a matter of when—and companies are sitting ducks waiting for their next vulnerability to be exposed.”
So what should you do? For one, stop sending confidential material over email – period. Instead, companies and individuals should adopt board portal technology designed to protect company information from unauthorised access and facilitate secure communication for board members and executives. This infographic highlights the risks associated with sending confidential via email compared to using a secure board portal.
Click here to learn how Diligent’s secure board portal can help.
October 24, 2018
Health Services Boards Must Act on Cybersecurity Threat
Health Services organisations in Australia are suffering more data breaches than any other sector. Health Services boards of directors must take responsibility, enable the needed protection, or face penalties and civil liability. Australian Health Services see most data breaches in the country The boards of directors of Australian Health Services…