Despite all of the high-level risks, some board directors and administrators continue to email sensitive documents via non-secure platforms. Directors may even use their personal email accounts and mobile phones. This opens up your organisation to vulnerabilities such as hacks and data breaches. Using various email and mobile platforms to email or text board documents is also a headache for IT and board administrators, as levels of visibility and control can be compromised.
We’ll examine the challenges of emailing and messaging confidential board information and make the case for adopting a secure messaging app.
Emailing puts your board’s sensitive information at risk
Directors use email and text to communicate with each other because it’s easy and convenient. But vulnerabilities and risks impacting your company include the following:
Phishing attacks: Criminals are becoming more strategic and stealthy with their email phishing attacks. These attacks seek to trick users into opening email attachments that are actually a sort of virus or malware. The emails may appear innocuous, even seeming to come from a reliable source. Board members, for example, may receive emails asking for tax information or requesting bank transfers. The messages may even come from a trusted email account — one that’s been hacked and taken over. Sometimes, board members use their personal email accounts to handle board communications so they won’t get these mixed in with the emails from the companies they work for, according to an article by CSO. But the use of those relatively unsafe accounts creates a risk that hackers might exploit.
Password hacks: Some directors will use the same password for their personal and business email accounts. If an attacker gets a hold of the password for one email account, that could potentially give him access to the business at large, and an organisation’s confidential information could be compromised. For example, a cybercriminal could hack a director’s password, log in and extract sensitive information by posing as the director via their email. The information could go public and damage the organisation, or the criminal might hold the sensitive information hostage and ask for a ransom. Either way, the results could be disastrous.
Rogue apps: Employees may use these unvetted and often insecure rogue apps, which are apps that have not yet been vetted, approved and supported by the company, to improve productivity. But doing so places the company’s sensitive data at risk, as these apps may not be secure, and could have backdoors that hackers could exploit.
The case for adopting a secure board messaging app
If your board is considering adopting a board messaging app, here are some suggested strategic best practices for selecting a solution:
- Assess the security threat. What are your company’s vulnerabilities? How are your directors treating sensitive documents? Be sure the board messaging app you select delivers enterprise-level security so that you can maintain control and ensure compliance. Security is a top priority, so be sure the vendor you choose has top-notch security features.
- Get leadership buy-in earlier during the review process. Involve your leadership and board directors in the solution assessment and in the selection process. Determine what features and benefits mean the most to them and set up a comparison grid outlining the potential solutions. If you don’t get leadership’s input early, you may select a messaging app that doesn’t meet their needs and that won’t be universally adopted.
- Stick with one, and only one, solution. Using several messaging solutions creates fragmentation and headaches for your IT department. Using multiple solutions could also cause more vulnerabilities, as they may not all possess the same level of security. Just select the best solution for your needs and eliminate the rest. If board members or staff members are using their own apps for certain tasks, understand what problems they’re trying to solve, and how you can address those problems.
- Educate directors and administrators. A messaging app won’t work if board members and staff aren’t trained to use it. When deploying the solution, it’s important to educate the teams using the app. This will also help ensure that they use it properly, so information stays safe and secure.
How Diligent Messenger delivers the safer, smarter way to email and message
Don’t compromise the security of your Diligent Boards solution by emailing board materials outside of the portal.
Diligent Messenger safeguards all data with the same best-in-class security infrastructure and encryption as Diligent Boards. Because users are authenticated by your Boards and Messenger sites, you can control the potential recipients of communications.
Benefits for directors and board administrators include:
- Compliance with your organisation’s document retention policy, so messages can be retained or deleted;
- Improved communication and collaboration, which allows directors to connect instantly with other directors while reviewing board materials; and
- Real-time sharing, so users can share documents securely in real time to augment collaboration efforts.
Overall, a secure board messaging app — like Diligent Messenger — improves collaboration and communication while keeping your organisation’s information safe and secure.
November 30, 2020
The Technological Revolution: How Technology Drives Innovation in the Boardroom
If the board is not examining its own practices and not looking for better, more efficient and more process-driven solutions to routine tasks, then there’s every chance that such a laissez-faire approach to innovation and forward-thinking will permeate the rest of the business too. As Board Agenda’s Managing Editor Gavin Hicks noted in the recent Diligent/Board Agenda webinar: “Companies that innovate succeed. Those that don't often fail.” So what practices should boards be evaluating to utilise the technological revolution and embrace innovation?
September 19, 2019
What is the Diligent Governance Cloud?
In the quest for good governance, companies have focused heavily on finding efficient, cost-effective solutions for risk and compliance issues. Even while the market has placed the importance of practising good corporate governance in the limelight, governance solutions have lagged behind risk and compliance solutions. Diligent designed the…
November 16, 2018
Cybersecurity – The Disconnect Between the Chief Information Security Officer and the Board
Chief Information Security Officers (CISOs) need to better communicate strategies and initiatives to board members. UK companies are under threat from cyberattacks, yet only about five per cent have a Chief Information Security Officer, either on the board or working with the board, a recent Deloitte poll shows.