Boardroom Technology

How to use Board Management Software for Crisis Management

On 23 May 2018, the Australian HR recruitment platform PageUp announced that it had detected a major breach of data: A hacker had accessed the personal information of a large number of users. The breach includes exposure of email addresses, telephone numbers, street addresses, gender, dates of birth and employment details. These are more than enough for a hacker to use to break into bank accounts or other financial sites.

A month later, it became clear that the company was not prepared to control the breaches. The CEO, interviewed at the time, could not give a definite amount of how many users’ files had been breached, Although estimates were published placing the figure at about 120,000 in Australia.

PageUp has been pulled by a number of its major clients, and its reputation has been severely damaged. The General Data Protection Regulation and the aspect of the infringement are still being investigated.

James Turner, a cyber security consultant, says PageUp’s experience should be reminiscent of a cyber incident.

“All businesses should have a security plan in place and for large organizations not doing so could be negligence by the board. It is not inevitable that a breach will occur, but the probability is high. New Zealand Technology Industry Association’s Chief Executive Graeme Muller , “The technology is making good business sense .”

There is a considerable reason for concern by ANZ businesses. There were 812 data breaches reported to the Australian Information Commissioner (OAIC) ​​in 2018. In New Zealand, the number of breaches was 347 in 2017 (latest available statistic).

Australian and New Zealand Boards Must Put Response Plans In Place

A crisis of this sort requires rapid action to be taken in the information system, and in the process of managing the crisis – stakeholders, the press, the authorities. Given that there is a legal obligation to provide the data protection authority with accurate information about the breach in a very short time.

In a recent survey , the New Zealand Office of the Privacy Commissioner found that some organisations had no processes in place to deal with queries raised by data subjects and were not equipped to handle data security incidents.

It also revealed:

  • Organisations were generally found to be quite good at giving initial data protection training to staff, but often failed to provide refresher training.
  • 25% say they had no program in place to conduct self-assessments and / or internal audits.
  • About 50% of the organisations surveyed indicated that they have no incident response procedures, and that they are not up to date.
  • Nearly 15% of organisations have indicated that they have no processes in place to respond appropriately to the event of a data security incident.

Board management software is part of an effective response

In a well-thought-out response plan for a data breach crisis, board management software can play an important part.

Stage 1 – Communicate and Assemble the Crisis Response Team

The first element of a response plan involves communication, and it is sensitive communication – imagine the consequences of a leak, warns a recent article in CIO magazine. The first hour after a breach is the so-called ‘Golden Hour’ dedicated to isolating the intrusion and reaching out to all the actors who need to get started on a response. These include the CEO, the chairman of the board, the general counsel, and the public relations team.

Top-notch messaging and calling software with the highest possible level of security is nearly indispensable. The board management software therefore wants to provide background and insights needed to help take the appropriate actions. And the software should make sure the virtual meeting rooms are available for meetings at any time.

Stage 2 – Crisis Containment

What caused the breach? How did the criminals gain access? Have credentials been stolen or is this the result of third-party vulnerabilities? What have they stolen?

“Unless you know what caused the initial breach, you can not contain it and you can not contain it, you can not mitigate the financial costs and reputational damage to your organisation,” the CIO article warns. This is the time for IT forensics to go to work, getting facts and numbers together.

Again, the high-quality board management software can provide all the information needed in a secure environment, as well as providing rapid written communication among directors and operations experts.

Stage 3Impact Assessment and Reaction

Once the full depths of the data breach are known, the board and the PR team can assess the best way to react. Certainly, a statement should be drafted and released as soon as possible – delays in making this matter.

All of those affected by the breach must be reported within 72 hours, according to the GDPR rules. Most countries impose short delays in their legislation. These permits the victims to take action as much as possible.

With high-quality board management software, boards and teams can work together on virtual whiteboards to collect information and draft statements. They can also use secure channels of communication to notify major shareholders.

Diligent Governance Cloud enables rapid reaction in crises

With its cutting-edge communications software, robust collection of applications, and secure environment, Diligent Governance Cloud enables directors to respond rapidly in a crisis.

Board members can call and message each other, as well as management, in complete security. Applications to write and research external communications are also available. And virtual meeting rooms with controlled access are also available as directors to make use of them.

Diligent, as the long-standing market leader for high-level corporate communications, is uniquely positioned to offer its clients the highest level of assurance around security measures. Diligent’s unique position in the marketplace allows for investment in best-in-class security practices at a level that is greater than most players’ annual revenue.

With ongoing investment and dedication to security technology, resources and infrastructure that can not match, diligent clients gain a strategic partner.

Diligent has established a security program based on industry standard frameworks that is dedicated to ensuring customers have the highest confidence in our custodianship of their data. Our Information Security Management System (ISMS) is ISO 27001: 2013 certified and our cyber security framework is based on NIST standards.

Board Portal Buyer’s Guide

With the right Board Portal software, a board can improve corporate governance and efficiency while collaborating in a secure environment. With lots of board portal vendors to choose from, the whitepaper contains the most important questions to ask during your search, divided into five essential categories.

Featured Blog