Every day, troves of sensitive electronic data flow through corporate governance software: confidential strategy documents, M&A materials, discussions on litigation, executive compensation and more.
One leak or hack can affect stock and share prices, reputation and send revenues plummeting, not to mention the legal repercussions for organizations and directors alike.
The Need: Safeguards that keep up with the times
Maintaining a secure board portal and board software is more difficult than ever.
Cyber threats are intensifying in size, scope and sophistication — from the phishing scam that led Gmail users to a fake log-in screen to the WannaCry ransomware that infected hundreds of thousands of computers across the globe. People are paying attention, including regulators.
The State of New York, for instance, now requires that all financial services firms doing business in the state (and all companies doing business with them) have cybersecurity plans covering everything from audit trails to access to customer data, with board sign-off.
Boards are looking at cybersecurity with a new level of scrutiny and applying that scrutiny to their own operations. Are their agendas, minutes, reports and supporting documents safe against escalating online threats?
The Answer: Cyber protection that understands how boards work
From a governance standpoint, a secure board portal relies on the right people (and only the right people) accessing the right information at the right times, with no exceptions. Among customers and users, permissions to access data must be fine-tuned to a user and document level. Safeguards must prevent unauthorized sharing.
If sensitive information does fall in the wrong hands, encryption offers another layer of protection. Here, data is encoded in such a way that only authorized parties can access it. For sensitive board information, encryption needs to follow industry best practices, which evolve as threats do.
Does the board portal operate on smartphones, laptops, and tablets? Make sure there’s remote “wiping” capability built in, should a device be lost or compromised. If board security involves a cloud solution, don’t forget to look at the physical location where the data is housed. This, too, needs to be secure and run by vetted and cleared employees.
The word “vetting” is key here — particularly when an organization is evaluating potential technology partners. Any vendor can claim secure board software or a secure board portal. But is it ISO-27001 certified? Is it subject to rigorous third-party testing?
Solutions guided by global governance experience
A world of governance and IT knowledge informs the security behind our Governance Cloud ecosystem, which includes Diligent Boards, Diligent Messenger, Diligent Evaluations, and Diligent D&O. Data is hosted on secure servers and a world-class infrastructure that Diligent owns and operates. As part of Governance Cloud, all Diligent solutions are ISO and TRUSTe-certified and internationally audited, with robust customizable encryption and data access. If a device is lost or compromised, our remote wiping capabilities allow you to swiftly mitigate risk.
put board self-assessment data at your fingertips
access secure communications
move D&O reporting online