What Are the Risks of Not Using Secure Messaging Apps?

Secure Messaging Apps and Secure Board Communication

Secure messaging apps protect sensitive communication and security threats for boards. When a directors leaves a device neglected for a few minutes, all communication is open to whomever retrieves their devices. Or, worse still, if the director loses their phone or tablet, or has their laptop stolen, all communication is open to whomever retrieves their devices.

Messaging is currently one of the most important means of communication in the UK (and elsewhere). According to the Digital 2019 study by Hootsuite: 73 per cent of UK Internet users use mobile messaging, up from 68 per cent in last year’s report. Social media penetration has reached 68 per cent, up from 65.7 per cent in 2018. Most of this messaging is not secure, yet UK boards of directors still rely on email, social media and SMS to discuss sensitive issues.

The result: Bree Kotomah, a director at a fashion business in London, used Instagram for all her communications. When hackers compromised her business’s Instagram account in November 2018, she lost everything. “That was the whole business gone,” she told BBC Radio 5 Live.

How Hackers Use Unsecured Messaging Tools For Breaches

It’s quite simple: No social media messaging app is completely secure. There are gaps in every app, according to Ori Sasson, founder of cyber-intelligence firm S2T. Each type of social media tries to update and fix vulnerabilities, but that isn’t a panacea.

“While updates can fix known defects and vulnerabilities, they can insert new unknown ones,” Sasson explains. “In software development and testing, engineers can identify weaknesses, but it is literally impossible to prove the absence of a vulnerability in an application.”

Hackers exploit these vulnerabilities. It’s not an easy thing to do: Significant research and effort is required in order to identify and exploit a vulnerability, according to Sasson. Some vulnerabilities can only be exploited when there are defects in the operating system; others require complex strategies for hackers to obtain a breach. But the potential rewards are great with popular applications that have large user bases.

Some apps are encrypted, meaning that they are transformed into code that can only be read with a key – and that key should only be in the possession of the sender and the receiver. Unfortunately, keys get stored on devices and elsewhere, and hackers can sometimes find them. They can also use techniques to get around the key; for example, if a hacker is recording what you type into your computer, then the hacker doesn’t have to worry about the encryption. This kind of hacking often takes place on mobile phones as well.

The Problem with Email Communication

The problem with email communication is, again, quite simple. Send an email without any type of security to another person, and it may be read at any point along the way. Emails pass through many servers to get from one place to another, and it’s easy to take a copy of the content at any one of these servers.

Nonetheless, 56 per cent of directors use personal email – not even their official business email – to discuss sensitive corporate issues with their colleagues, according to Forrester Consulting’s April 2018 study, commissioned by Diligent Corporation.

In fact, Forrester found that personal email usage is typical across boards of all company sizes and regions. Fifty-three per cent of North American boards communicate sensitive internal board communications via personal email; that’s the highest reported rate in the study. European boards aren’t far behind, at 51 per cent, and the percentage of personal email usage is lowest in Asia-Pacific, at 48 per cent. Across all regions, even directors with access to board portal software were found to turn to personal email for board communications.

Encryption, again, only works part of the time. Here is what the UK government advises for sending email:

“To meet the Minimum Cyber Security Standard and protect email you must:

• Support Transport Layer (part of the email network) Security Version 1.2;
• Have Domain-based Message Authentication Reporting and Conformance (DMARC), DomainKeys Identified Mail (DKIM) – these are all specialised network security protocols –and Sender Policy Framework (SPF) records in place to make email spoofing difficult;
• Implement spam and malware filtering, and enforce DMARC on inbound email; and
• Use extra encryption services.

  Discover how Diligent Messenger can help ensure that your board of directors are utilising the best practices behind secure communications to protect against any sort of data breaches.

This is a lot of technology to have enabled on a personal email platform, and it may not be present even on the corporate email; hence the danger of using either personal or corporate email accounts.

However, even with all this security in place, email with sensitive communications is under threat any time a director leaves his phone on a restaurant table unwatched for a few minutes. Or, worse still, if the director loses their phone or tablet, or has their laptop stolen, all communication is open to whomever retrieves their devices.

Your IT department should have in place a procedure to remotely wipe a device clean in case of loss or theft. But very few companies have this procedure in place, and it certainly won’t be available if the director is using some other personal device.

The use of high-quality board management software resolves all these issues, if it has high standards for security and provides ongoing development for cyber-security issues. Diligent Governance Cloud stands out in the industry for its leadership in security. 

Diligent Governance Cloud Provides the Highest Grade of Secure Communication  

Diligent, as the long-standing market leader for modern governance, is uniquely positioned to offer its clients the highest level of assurance around security measures. Diligent’s unique position in the marketplace allows for investment in best-in-class security practices at a level that is greater than most players’ annual revenue. Diligent clients gain a strategic partner that truly puts security first. For example, Diligent offers the facility to remotely wipe devices if they are lost or stolen.

As part of the Governance Cloud ecosystem, Diligent Messenger was developed as a messaging tool for boards of directors to communicate securely outside the boardroom.

This board communication tool can be used across multiple sectors, including financial services, the private sector, the public sector, charities and more. By moving confidential board communications out of personal and corporate email systems, your board can ensure that there is an easy way to communicate with the right people at the right time.

Diligent Messenger integrates with Diligent Boards, our board meeting management software. Our governance tool provides secure messaging and real-time collaboration.