Issues : Risk

The Need for Secure Communications in the Boardroom


communication-5-21-19.pngBoards need to keep director communications secure, timely and accurate.

Communication can be a major challenge for busy board directors who need to touch base with their peers regularly, and it can introduce major security risks for the institution.

Boards tend to use different applications or multiple email accounts; the numerous multiple electronic platforms means that directors need to remember multiple user IDs and passwords. Directors sometimes resort to using their personal email accounts out of frustration with other systems or for personal convenience.

Many boards send sensitive internal governance communications through insecure communication channels. The use of personal email for internal board communications is widespread. A report Diligent Corporation conducted with Forrester Consulting discovered that 56 percent of directors use personal email for their board communications. Governance professionals and C-level executives also sometimes use their personal email for governance communications.

This is not a good practice. Cybercrime continues to evolve; attacks are increasingly sophisticated, and they are occurring with increasing frequency. Attacks are also becoming more complex, and recovering from digital breaches may become increasingly difficult.

Hackers specifically target directors, C-level executives and the people who support them in a tactic known as “whaling.” Hackers are keenly aware that boards regularly deal with information that is highly sensitive and confidential. Cyber criminals are likely to target high-profile individuals, threatening them with the release of private information unless they pay a ransom. When directors and other notable individuals use personal email accounts for corporate business, they are prone to falling victim to phishing and malicious cyberattacks that could harm the corporation.

Best practices for corporate governance require directors to communicate in ways that are secure, timely and accurate, and that reflect good governance principles. Encapsulated within the principles of good corporate governance is the need to use the right technology to support these efforts. Specific technology that protects the board’s internal communications can also streamline various processes. However, boards should look for specific tools with features such as remote wiping, given that nearly 30% of directors report losing or misplacing a phone, tablet or computer at some point.

The only way to keep sensitive and confidential information private is to use a secure digital messaging application. Look for applications that can work with existing digital infrastructure but are also secure. Some solutions help augment governance and accountability functions, which can address liability issues that email and other types of communications can sometimes create for board administrators and general counsels.

Probably the most difficult element of using secure communications in the boardroom is actually getting directors to use the technology. Getting board directors to change their habits can be a daunting task and something that can take time. However, with the right support and training, directors will be more willing to make the change.

Directors need to understand the importance of using the right technologies and why their current communication methods open the board up to risk. Assessing the security threat demonstrates to the board that the discussion topics and documents are highly sensitive and cannot risk being leaked. The right communication application should provide control to the administrator, with security being a top feature to ensure directors are protected.

Additionally, getting director buy-in from the start is crucial. It is important that boards realize what could happen if their emails are hacked and why they need to adopt secure communications avenues.

Providing your board of directors with the right reasons for needing secure communications is half the battle. Make sure your bank properly evaluates the various technologies to ensure that they will have the right training to properly leverage the tools.