Months into the COVID-19 lockdown, remote workers—and board members—have become more accustomed to virtual meetings. They’ve found a quiet place in the house, mastered the mute and camera buttons, and fully styled their background bookcases and “Zoom couture.”
Yet as virtual work becomes a way of life, not all adaptive habits have been cyber safe. As board members turn to personal email, apps and devices, board materials and communications have become more sensitive than ever: cash flow strategies, executive compensation plans, health and safety issues, and more.
The good news: Technology provides a solution as well. Here are a few common risk scenarios—and digital tools that strengthen protection.
1. Texting during virtual meetings
A gesture, a glance, a quick aside. During in-person meetings, attendees have a host of non-verbal tools at their disposal—many which don’t fully translate to the two-dimensional grid of a video call.
Barring these cues, many board members have resorted to text messaging to “raise their hand,” pose questions or have sidebar discussions. But what seems efficient can actually be dangerous:
- What if a sensitive message ends up with the wrong person? With autofill and board members’ extensive address books, the possibility is all too likely.
- How would a private chat hold up in court? When board members use personal channels, all their text messages could be considered discoverable should a company come under litigation.
Instead of texting: A secure messaging platform like Diligent Messenger provides a dedicated communications channel for one-on-one exchanges and group conversations. Throughout, the company secretary has full power over whether to retain, delete or wipe messages clean.
“Messenger has been adopted with our external business partners to start and will soon be deployed to the board and supervisory board as the ONLY channel of communication. It has been used to send confidential files and to share content for the next meeting to top execs/board(s).”
– PA to Supervisory Board Chairman, Commercial Property Company
Related Article: Virtual Meetings: How to Get Your Board Up & Running
2. Emailing confidential board materials
Email communications are similarly on the rise for COVID-19 era boards. With the shift to virtual meetings, governance teams are defaulting to Outlook, Gmail and beyond to assemble PowerPoints, edit agendas and more. It’s familiar—but not as secure or efficient as one might think. Consider:
- What if these materials end up in the wrong inbox? As with text messages, it’s all too easy to send a sensitive email to an unintended recipient—particularly when typed in a hurry. And popular tools for personal email often lack the stringent safeguards, like encryption, which is a baseline for securing board communications today.
- Are you working on the most current document? Asynchronous communications like email make version control challenging and real-time collaboration next to impossible.
Instead of email: Diligent’s Secure Meeting Workflow tools provide boards with a dedicated channel for sharing, assembling and collaborating on sensitive materials. The company secretary or general counsel can extend specific permissions to legal counsel, auditors, consultants and other relevant parties.
“[Diligent] has allowed us to centralise our board communications—and it’s instantaneous. When our board members get a notification, they know it’s important…It provides us with another layer of protection knowing we’re using the securest platform available.”
-Senior counsel and assistant corporate secretary, food manufacturing
Related Whitepaper: Virtual Meeting Toolkit
3. Conducting evaluations on unencrypted platforms
Throughout the COVID-19 pandemic, critical issues have arisen for board voting. At the same time, open, honest evaluations—particularly around sensitive topics—have become more important than ever. To keep these important processes moving, many nominating/governance committees have been moving them online (using SurveyMonkey, Google Surveys and other unencrypted platforms). However:
- What if confidential vote, questionnaire or evaluation data was breached?
- What would be the impact on company and board member reputations, shareholder perspectives and more?
Instead of unencrypted platforms: Keep board evaluations, D&O questionnaires and even confidential votes out of the hands of hackers by conducting them securely through the Diligent portal. Diligent also gives boards the power to analyse data, visualise results, assign and track action items and more.
“We have needed to implement digital voting now, more than ever. We love its practicality and easy set-up. Once all of this has passed, we will keep this as our future process.”
-Board secretary, insurance company
Related Article: Best Practices for Conducting Remote Board Meetings
4. Unprotected video conference links
It’s easy to control access to a physical boardroom via locks, electronic key cards and gatekeepers. Not so with a video conference platform—just click a link or dial a phone number and access code, and you’re in. Yet both types of boardrooms are places where directors convene to discuss and debate sensitive topics. In today’s virtual meetings:
- Remember that when video conference links are shared in email, they can easily be forwarded or intercepted. If this falls into the wrong hands, the consequences could be dangerous. You may have more attendees on your virtual board meeting than you planned for.
- Are you aware of everybody who’s dialed in? Especially on calls with many participants, uninvited guests may be hard to detect—particularly if they’re lurking on audio-only or “camera off” mode.
Instead of unsecured video links: Diligent Boards, our core board management software, has a calendar feature, which provides company secretaries and board members a secure channel for sharing links. See how it works for administrators and for board members.
“Diligent is becoming the easiest way to share information [during COVID-19].”
-Governance professional, electricity infrastructure company
Related Article: Building an Agenda for Effective Board Meetings
5. Failing to prioritise data security
In a global pandemic, boards and management teams are receiving regular updates on employee health, which often include sensitive medical data. How is your organisation taking extra steps to protect this data? Are you meeting regulatory standards related to GDPR or HIPAA laws? Most boards will need to bring their processes and protocols up to speed. If this data was intercepted—or if an email was accidentally forwarded—could the board prove that it had taken all steps necessary to protect this sensitive employee medical data?
Instead of unencrypted data: A secure, encrypted governance suite like Diligent’s Governance Cloud protects sensitive information as it flows to and from the board—and enables secure collaboration across the organisation.
“[We are] relying on Diligent as much as ever. Senior management has set up a COVID Crisis meeting group and meets once a week to discuss responses to the crises that funnel up to the board as an update.”
-Director of board administration, retail banking company
Related Article: How are Boards across ANZ managing increased cyber security risks?
See how Diligent can help
Diligent’s suite of governance solutions adheres to the highest security standards, including 265-bit encryption, remote locking and two-factor authentication. And it’s all backed by industry-leading support, including 24/7/365 concierge-level employee support with unlimited user training.
Most Downloaded Whitepapers
Board Portal Buyer’s Guide
With the right Board Portal software, a board can improve corporate governance and efficiency while collaborating in a secure environment. With lots of board portal vendors to choose from, the whitepaper contains the most important questions to ask during your search, divided into five essential categories.
October 1, 2021
Know thyself: How to use a board skills matrix to identify gaps and mitigate risk
Australia has famously experienced three decades of economic growth since its last official recession, but the pandemic, climate change and the increasing threat of cyber crime has pushed risk management back to the top of the agenda for corporate boards. The proliferation of potential threats and increased investor expectations…
April 16, 2021
Top Trends in Governance, Risk and Compliance for 2021
“You need a good [GRC] system. You need the right data. You need to share the data and take those organisational learnings.” -Zeke Ward, Founder, North Star Compliance Over the past year, companies across industries have navigated diversity, equity and inclusion issues, managed intensifying…
September 7, 2020
Avoiding Cyber Confusion in the Board Room
It is imperative that Directors understand the cyber risks facing their companies and organisations. The increasingly complex internal and external landscape presents unique challenges for Boards. Several key steps can however significantly increase the cyber resilience of any company or organisation, irrespective of size. The article outlines five key steps…