7 Steps to Ensure Secure Practices in the Boardroom

UK boards of directors must be able to provide a high level of performance. And they must provide it in a secure environment so that the risk of information leaks is controlled. To improve security practices in the boardroom, boards must: obtain third-party expertise, connect securely with management, work in the cloud, digitalise all documents and materials, and build their digital skill sets. Tools such a Diligent Messenger provides directors with the extra security they need.


Today’s UK boards need to be able to accomplish tasks successfully and to add value to the business while performing at a high level.

But the definition of UK board effectiveness is changing, warns cybersecurity expert Stephen Page. Pressure is mounting on boards to respond to the demands of active shareholders that they deliver greater visibility into board operations and enable the processes that help keep board members performing efficiently and responsibly.

“Digitalisation permits boardrooms to maximise efficiency. Enabling digitisation and its impact is essential for supporting rapid decision making and investment decisions.”

Here are 7 steps directors should take to improve security practices in the boardroom:

Step 1: Recognise the need for third-party expertise

UK companies see the need for third-party expertise to create secure practices in the boardroom, according to a survey of major economic sectors by CGI Group. Although, for now, only 15 per cent of the companies surveyed have contracted for such expertise, two-thirds say that they intend to do so.

This is a critical step for UK boards, as CGI Group points out: “True cyber specialists can give your board the complete picture on your cyber security risks and help you plan your response. Do consider that sometimes it’s easier for an independent expert to tell you the difficult truths that you may not hear otherwise.”

Step 2: Make a secure connection with management

Experts at PwC warn that the provision of information by management must be made in a secure environment. “The board should encourage the behaviours that it expects to see across the business. This requires clear and open reporting for a solid underpinning of timely and accurate management information, so both financial and non-financial impacts and performance across the business can be monitored, measured and benchmarked against relevant key performance indicators (KPIs) using a balanced scorecard approach.”

To make this possible, information systems for collecting, analysing and reporting the information securely must be maintained.”

Step 3: Find security in the cloud

PwC also recommends “significant investments in cloud technology to allow our people to collaborate more effectively and securely, wherever they may be based,” according to Jon Andrews, PwC’s UK head of technology and investments.

The volume and type of data boards handle means that security is always a major factor in determining the IT choice, he continues. “This type of collaborative technology is more than just a new set of tools: it is fundamentally changing the way we work, allowing us to be much more agile, efficient and innovative. It also helps support flexible working, both with clients and each other, increasing opportunities for different ways of working.”

Step 4: Expand digitalisation for security

Data breaches pose a substantial risk to UK directors, executives and corporations. As a recent survey of UK Institute of Chartered Secretaries and Administrators (ICSA) members reveals, a staggering 70 per cent of board members still print and carry around board documents. Larger organisations, those with 251-500 employees, proved the most reliant on hard copies, with 80 per cent of this group admitting that they still used physical documentation.

“This is the digital age: society is different, business is different, and risks are different. It is time to fundamentally rethink how technology questions are addressed at board level,” the survey says.

This is not about arguing the case for a functional line to be represented at the table. It is about building a board that has empathy for how society has changed, that can find the critical questions to fuel innovation, and that is able to handle the new and complex risks accelerated by technology.

Step 5: Develop an appropriate culture in line with board’s risk appetite

UK cybersecurity expert Stephen Page advises that boards make a culture of cybersecurity which is demonstrated from the top down. Boards should ensure that they work in a risk-free environment, and take steps to make certain that directors take the appropriate level of care with documents and boardroom materials.

Step 6: Build the board’s fitness for the digital environment

Building the board’s fitness for the digital age is an urgent task for many chairmen and nomination committees, explains ICSA in a recent report. For many companies, reliance on experts from outside the boardroom, such as technology and marketing consultants, CIOs and chief digital officers, is simply not enough. Nor is it sufficient to corral technology topics into quarterly updates that are detached from other business.

Digital and IT should be woven seamlessly throughout the board agenda. But fully embracing digital and IT means creating a different mix around the boardroom table, something that must be done with great care.

Step 7: Procure solid security management from systems

Demand improved security from your IT and other suppliers, CGI Group advises.  When you procure IT products, systems and services, ensure that you include requirements that ensure good security. Consider your supply chain and the damage that could be done to your business if they were to suffer a cyber attack. As a customer to such suppliers, encourage them to take cybersecurity seriously.

Diligent Messenger secures communications

Diligent Messenger mitigates the risk of breaches, leaks and misdirected messages with a secure board communication tool that’s quick to install and easy to learn.

Moving confidential board communications out of personal and corporate email systems is easier than ever. Diligent Messenger integrates with virtual board meeting software, like Diligent Boards, to enable secure messaging and real-time collaboration.

It operates just like the popular text and email tools directors use every day, reducing the temptation of workarounds. The platform’s intuitive features are informed by Diligent’s work with 145,000+ executives worldwide.

Diligent Messenger delivers the functions security-conscious users seek while on the go, including:

  • Auto-sync
  • Auto-sync of groups, contacts and messages across devices
  • Email controls
  • Blocks against email forwarding and ‘copy and paste,’ plus a special feature for message retraction
  • Pre-set groups
  • Pre-set groups and contacts (to eliminate an email address “oops!”)
  • Message notifications
  • Notifications for when messages are sent, delivered and read, with additional notifications for unread messages or announcements across boards

Take Control of you Boardroom Security

Take control of who sees, sends and saves what. As with Diligent’s virtual board meeting software, administrators will be able to customise settings to meet governance and regulatory requirements. For Diligent Messenger, this includes:

  • Log-in authentication and access that can be adjusted with the click of a button or the swipe of a screen
  • Secure compromised devices, swift “wiping” capabilities for lost or compromised devices


Learn how your board can improve their governance and rely on Diligent’s dedication to customer performance. Request a demo today

Board Portal Buyer’s Guide

With the right Board Portal software, a board can improve corporate governance and efficiency while collaborating in a secure environment. With lots of board portal vendors to choose from, the whitepaper contains the most important questions to ask during your search, divided into five essential categories.

Featured Blog