Board Software and Secure Communication

In October 2018, an information leak to the press from the boardroom of the European Bank for Reconstruction and Development (EBRD) compromised the career of the organisation’s president, Suma Chakrabarti. Complaints from seven government representatives had been filed in May alleging Chakrabarti’s having collected personal data. An investigation cleared Chakrabarti in May, but the leak tarnished the image of the EBRD – the investigation should have remained undisclosed to the press, but actual dossiers were made available to Reuters.

Board Software and Board Members

But how did the dossiers get leaked in the first place? It turns out that, instead of using secure board software, boards continue to use paper documents which board members take out of the building. Sensitive corporate documents get lost, are stolen or simply wind up in the wrong place all the time.

A Forrester Consulting survey of directors commissioned by Diligent in April 2018 shows that 56% of board members use personal email for their board communications, and so do a significant number of C-level executives.

Meanwhile, in the UK, a UK government 2018 survey shows that over two-thirds of firms don’t have formal cybersecurity policies, and large businesses have cut cybersecurity spending by 61% in the past year.

A Hacker Has a Seat at the Boardroom Table

Board members often do not realise that they are a vulnerable and valuable target of cybercriminals, as the website Security Roundtable points out in an article, and faulty cybersecurity gives a hacker a seat at the boardroom table.

Gaining a board member’s password is extremely useful to hackers. Board members are attractive targets for several reasons: the value of the data to which they have access, and their ability to influence others. Board members have access to information that is sensitive, timely, and materially important to the business.

To make it easier for hackers, a non-executive director might bring his/her own device to the board meeting, and this device might not have the same high grade of security that management and executive board members have. So a hacker breaks in and gains access to everything the board is discussing.

Protecting Boardroom Communication With Board Software

It is imperative for boards to understand how sensitive boardroom data should be protected – this is a vital part of the board’s role in overseeing cybersecurity throughout the organisation, and to understand how the organisation is providing protection to that data and to those who access it.

Some of the most important conversations board members can have with their peers and technical teams are around how they access data, the article shows:

There are some key questions board members should ask the next time they access data:

• What is the value of the information we have access to?
• How are we getting access to that information?
• How is that information protected?
• Given the sensitivity of the information, do we think it is protected enough?

Board of Directors Struggle With Secure Communication

The Forrester survey found that boards all over the world rated misplaced board materials or misplaced devices as their top security challenge. The use of paper board materials makes this a constant risk, and one that cannot be mitigated if there is theft or loss.

On the other hand, a device that is misplaced can be wiped remotely, so that the thief cannot access any sensitive information. If this facility is not present on your system, you need to consider a change.

Similarly, board member devices that use traditional means of communication, like email or social media, leave a gaping hole in corporate cybersecurity. They should all make use of secure communication and board software that is protected from all threats.

All materials on board member devices should be encrypted. And behind that encryption, there should be a security staff which keeps up with the latest threats, and ensures that there are no gaps in the company’s defences.

With the Diligent Governance Cloud’s board software, boards may be confident that every requisite security precaution for communication has been taken.

Diligent Board Software Makes Sure You Are Ready For All Threats

“Carefully protected internal communication services centred on security and privacy are the safest way to conduct internal communication,” the Forrester study noted.

Diligent Boards, as the long-standing market leader for high-level corporate communications and secure board software, is uniquely positioned to offer its clients the highest level of assurance around security measures. As a leader in the board portal market, Diligent’s unique position in the marketplace allows for investment in best-in-class security practices at a level that is greater than most players’ annual revenue.

As part of the Governance Cloud ecosystem, Diligent Messenger, was developed as a messaging tool for board of directors to securely communicate outside the board. Avoid using insecure communication tools such as email to mitigate the risk of breaches, leaks and misdirected messages with a secure messaging tool that’s quick to install and easy to learn.

Diligent’s Investment in Security

With ongoing investment and dedication to board security technology, resources and infrastructure that no other provider can match, Diligent clients gain a strategic partner that truly puts security first.

All members of Diligent’s Security Team are active participants in the information security community in order to maintain up-to-date knowledge and expertise. This means that they are aware of nearly anything that hackers have available, ready to thwart all the most sophisticated techniques of attack.

Diligent has established a security program based on industry standard frameworks that is dedicated to ensuring customers have the highest confidence in our custodianship of their data. Our Information Security Management System (ISMS) is ISO 27001:2013 certified and our cybersecurity framework is based on NIST standards.

Diligent Boards™ data is housed in a world-class hosting infrastructure. Co-location data-hosting facilities are operated at Tier 3 equivalent or higher standards. Diligent owns and operates its own equipment. Data stored by customers in the Diligent’s boards software solution is not hosted by any third-party cloud providers. Instead, it is stored on Diligent’s own secure servers and protected by strong physical security. Access to these data centres is limited to authorised personnel only and verified by two-factor authentication.

Data is encrypted at rest, in transit and on the users’ devices. The Diligent Boards service supports the current recommended secure cipher suites to encrypt customer data in transit and at rest. Customer data is encrypted at rest on Diligent’s storage systems and on the customer’s mobile devices that run the Boards apps. Customer data encryption keys are stored in a tamper-proof FIPS 140-2 L3 certified Hardware Security Module.

Diligent has a documented Security Incident Response Program in place to handle a security incident. Incident response procedures are tested and updated at least annually. All incidents are managed by Diligent’s Security Incident Response Team. Diligent classifies the event and determines the incident response process. In the event of a security breach, Diligent will promptly notify customers of any unauthorised access to customer data.