Unfortunately, Salesforce.com, Inc. is the latest victim of an explosive, market-moving information breach. Last night an internal board presentation containing sensitive details of M&A targets was made public as a result of an email hack.
The presentation was contained within thousands of emails belonging to former Secretary of State Colin Powell, and leaked back in September by “hacktivist” website DCLeaks. Mr. Powell sits on Salesforce’s board of directors.
The 60-slide presentation deck, titled “M&A Target Review,” and marked “draft and confidential,” listed 14 potential acquisition targets including Adobe Systems and Pegasystems. The presentation was sent ahead of a board meeting slated for May 20, in the middle of a busy acquisition period for Salesforce. The information contained in this presentation offers an insight into the confidential high-level discussions that take place in the boardrooms of all corporations.
The news is a harsh reminder that board material should never be communicated in an email that goes outside of the company’s firewall. A string of recent high-profile hacks makes it extremely clear that email is no longer a secure way for high-ranking executives to communicate and/or share confidential information.
Just to put this in context, almost all boards have members who use email addresses outside of the company’s firewall. Based on our research, about 80% of boards have at least one member using a free email address despite the growing rate of reported attacks. Our CEO Brian Stafford said:
“If cybercriminals can profit from gaining access to your company material, you are already a target. Email has inherently weak security, and is notoriously easy to hack. Using standard email to share board level materials opens up your most confidential company information to an array of risks. It’s not a matter of if a hack will happen, it’s a matter of when—and companies are sitting ducks waiting for their next vulnerability to be exposed.”
So what should you do? For one, stop sending confidential material over email – period. Instead, companies and individuals should adopt board portal technology designed to protect company information from unauthorised access and facilitate secure communication for board members and executives. This infographic highlights the risks associated with sending confidential via email compared to using a secure board portal.
Click here to learn how Diligent’s secure board portal can help.
December 28, 2020
What Role Does the Board Play in Business Continuity Planning?
Continuing in the face of adversity has been the dominant theme of the past year. When the scale of disruption caused by COVID-19 became clear, businesses worldwide were forced to adapt rapidly to the restrictions that came into force overnight. While many organisations have business continuity plans designed to keep…
December 21, 2020
Business Continuity Plan Maintenance: A Step-by-Step Guide
A business continuity plan (BCP) is a living, evolving document. Designed to be activated when unplanned disruption strikes, it must be flexible enough to guide actions regardless of the specifics of the situation. In a fast-changing environment, business continuity plan maintenance is an essential part of the business continuity programme…
December 8, 2020
Board Meeting Minutes Best Practices and Guidelines
Guidelines for Board Meeting Minute Taking In order to keep the courtroom from invading the boardroom, the most basic rule is, “saying less is often better,” warns the London-based law firm Bricker & Eckler in a recent note. “Today’s business climate places heightened…