Enterprise Governance Management, Improving UK Board Security

UK boards still suffer from leaks and data breaches that reveal sensitive information to the general public. These leaks hurt corporate reputations, but they are also costly in financial terms. Most companies simply don’t have the right tools. Diligent Enterprise Governance Management (EGM) supports boards of directors with the highest grade of security. Working with nearly all devices, it maintains threat protection and encrypts all communication and materials. While most UK companies still lack control of their cybersecurity, EGM can, in one fell swoop, give them the risk management they require.

UK Boards suffer leaks; EGM offers solutions

In March 2018, information was leaked from the board of the UK Institute of Directors to the press regarding inappropriate statements allegedly made by then-chairman Barbara Judge. A recording of Judge’s statements was reportedly the source of the leak.

Judge resigned shortly after the leak was made public, as did two other directors. The Institute’s Director General, Stephen Martin, has declared that the changes are “a victory for good governance.”

The Institute, which is itself an authority on governance, will no doubt reorganise its board skilfully in the wake of the incident. But this is only one example of many such boardroom leaks that cause tensions, division and troubled dynamics among directors – and which affect the board’s ability to do business.

EGM provides a robust solution, a framework and an operating structure to secure boards’ and management’s communications and sensitive data. Supported by Diligent’s best-in-class security practices, the EGM system takes charge of both policy and implementation.

UK Boards must engage EGM

UK boards lag those in much of Europe for data protection, according to a report from Big Data London. This  is despite the fact that the Data Protection Act of 2018 imposes serious fines and even criminal penalties for board inaction. The study found that only 15 per cent of UK boards and management are now fully in charge of data protection. Last year, this figure was zero, so there has been some progress, but the vast majority of boards are behind in their responsibilities.

“Effective cybersecurity must be aligned with your business strategy, and cyber risk must be an integral part of your corporate risk management strategy,” warns the Boston Consulting Group in a recent report.  “This cyber risk strategy must be guided by an engaged board of directors who understand the technology and the risks, and who can work well with management.”

EGM provides the structure and the implementation for boards to meet the vast challenge posed here. Instead of struggling to meet one threat or another as they continually emerge, EGM enables protection against all threats.

“Companies must take steps to address many types of risk – financial, operational, reputational, and others. But as business becomes ever more reliant on technology, addressing catastrophic risk – losing all data, production systems, or intellectual property – must also be on every board’s agenda,” the report continues.

“Cyber security demands management at the highest level,” agrees Raj Samani, chief scientist at security firm McAfee. When that is lacking,  organisations tend to develop unsustainable security infrastructures, characterised by a huge proliferation of tools, and Samani says that’s impractical.

Getting the right tools to implement cybersecurity effectively is a major challenge to most boards. The boardroom itself, and communications among board members outside the boardroom, are all areas that need special attention to avoid leaks.

Diligent Governance Cloud – a powerful Enterprise Management Governance system –  provides board members with the security they need against leaks, threats and hackers of all kinds.

Diligent makes sure you are ready for all threats

Diligent, as the longstanding market leader for high-level corporate communications, is uniquely positioned to offer its clients the highest level of assurance around security measures. Diligent’s unique position in the marketplace allows for investment in best-in-class security practices at a level that is greater than most players’ annual revenue.

With ongoing investment and dedication to security technology, resources and infrastructure that no other provider can match, Diligent clients gain a strategic partner that truly puts security first.

In order to maintain up-to-date knowledge and expertise, all members of Diligent’s Security Team are active participants in the information security community. This means that they are aware of nearly anything that hackers have available, ready to thwart all of the most sophisticated techniques of attack.

Diligent has established a security program based on industry standard frameworks that is dedicated to ensuring customers have the highest confidence in our custodianship of their data. Our Information Security Management System (ISMS) is ISO 27001:2013 certified and our cybersecurity framework is based on NIST standards.

Diligent Boards data is housed in a world-class hosting infrastructure. Co-location data-hosting facilities are operated at Tier 3 equivalent or higher standards. Diligent owns and operates its own equipment. Data stored by customers in the Diligent Boards solution is not hosted by any third-party cloud providers. Instead, it is stored on Diligent’s own secure servers and protected by strong physical security. Access to these data centres is limited to authorised personnel only and is verified by two-factor authentication.

Data is encrypted at rest, in transit and on the users’ devices. The Diligent Boards service supports the current recommended secure cipher suites to encrypt customer data in transit and at rest. Customer data is encrypted at rest on Diligent’s storage systems and on the customer’s mobile devices that run the Boards apps. Customer Data encryption keys are stored in a tamper-proof FIPS 140-2 L3 certified Hardware Security Module.

Diligent has a documented Security Incident Response Program in place to handle a security incident. Incident response procedures are tested and updated at least annually. All incidents are managed by Diligent’s Security Incident Response Team. Diligent classifies the event and determines the incident response process. In the event of a security breach, Diligent will promptly notify customers of any unauthorised access to customer data.