Blog
/
Boards
Kezia Farnham Image
Kezia Farnham
Senior Manager

5 best practices for secure board governance & collaboration

January 5, 2024
0 min read
Members of the board of directors discussing secure board governance

Only 51% of Fortune 100 board directors have cybersecurity experience. That means nearly half of boards have potentially harmful gaps in their knowledge of and approach to board security. Yet, the stakes have never been higher. As the threat of breaches and hacks intensifies and the SEC courts new cybersecurity regulations, secure board governance, collaboration and communication is more important than ever.

Secure board governance means utilizing tools and practices that keep board business under lock. If the SEC rules pass, it also means the board of directors will need to disclose their approach to risk and compliance-related governance policies. Here, we’ll explain how to turn security into a top priority, including:

  • What secure board governance is
  • Common security risks boards face
  • Secure board governance examples
  • Best practices for secure board governance and communication
  • How board management software keeps boards secure

What is secure board governance?

Secure board governance is the practices and policies that keep any board-related activities and conversations private. In recent years, the FTC found that only 37% of board members felt confident their organization was secure. That’s a concern, given the sensitive nature of virtually all board activities.

After all, boards set the corporation’s strategic direction and make key decisions to help their team hit those goals. They also discuss privileged financial information and data that could impact the public’s investment decisions. In the wrong hands, that information could torpedo performance, damage the reputation of the board and the corporation and even introduce legal and regulatory consequences.

When boards take good governance seriously, they signal their commitment to risk-based practices that keep the entire corporation more competitive against risk.

Common board security risks

Any risk the organization faces is a risk the board may also encounter. But research from the SEC shows boards face some unique risk types as well, including:

  1. Financial
  2. Business resiliency and continuity
  3. Reputation and ethics
  4. Human capital
  5. Information
  6. Legal
  7. Regulatory compliance and liability
  8. New and emerging markets
  9. Physical, including premises and product

Secure board governance examples

What does secure board governance look like in practice? Implementing and following procedures to secure communication in all its forms. What that governance framework looks like depends on how the board collaborates.

  • Paper: Many modern boards don’t use hard-copy board books. For those that do, secure board governance practices include:
    • Storing the books where only they can access them
    • Never leaving them unattended
    • Using secure technology solutions and verified partners to create, print and distribute the books
  • Email: Boards that communicate over email should take unique precautions. Emails should only be sent between email addresses associated with the organization, and those accounts should be secured according to the organization’s cybersecurity standards (passwords, two-factor authentication, etc.). Directors should never use those emails for personal purposes or access board books using a personal account.
  • Board portal: Generally, board software has built-in security considerations. This goes beyond two-factor authentication to encrypted communication and secure cloud-based storage. It also keeps all board collaboration in a single platform, so boards have one entity to secure instead of dozens of individual accounts.

Best practices to secure board governance, communication & materials

Boards have everything to gain by securing their communication, but the path to better cybersecurity isn’t always straightforward. Many directors may feel that additional policies reduce productivity and add steps to lengthy processes. However, the time and cost of securing board governance are always less extensive than the cost of mitigating a breach.

Prioritizing a more secure board culture means:

  1. Assessing board-specific risks: Many boards delegate cybersecurity to IT and risk teams. However, the board may face risks the rest of the corporation doesn’t. The board should analyze their governance landscape and current practices to determine the risks they’re most likely to face so they can create a framework that meets their needs.
  2. Prioritizing cybersecurity expertise: Diverse boards are more effective because they represent a wide variety of skills and experience that can help navigate whatever crises may arise. Boards must ensure that at least one member has the expertise to weigh in on cybersecurity issues. This will help the board take a more informed posture for the corporation and cultivate accountability in the boardroom itself.
  3. Including secure board governance in board evaluations: When many boards think evaluations, they think performance. However, the security of corporate governance is an equally critical element for determining how effective a board member is. If that board member has valuable contributions but compromises security at every turn, they may expose the company to risks that outweigh their wins.
  4. Monitoring member activity: Integrating security concerns in assessments is a good first step, but governance shouldn’t stop there. Monitor how they’re engaging with board tools — whether that’s a paper board book or a portal — to ensure they’re following the practices the board has agreed on.
  5. Building a crisis response plan: Should a crisis occur, boards should have a plan in place to mitigate it. Include roles and responsibilities so each board member knows exactly what to do and when to do it. This can help minimize the scope of the attack and protect any data and assets that haven’t been exposed.

The future of secure board governance software

In the U.S., there are no federal cybersecurity laws; there are only regulations. But the tide is turning. The SEC may soon adopt heightened regulations, and well over half of states now have cybersecurity considerations on the books.

At the same time, boards are pulled in more directions than ever. Digital transformation, artificial intelligence, and environmental, social and governance (ESG) concerns are just a few pressing issues on board directors’ plates. Board portals are evolving too.

They’ve long been the gold standard for secure board governance, but even those solutions are evolving to centralize insights related to all issues boards face. Board management software of the future will:

  1. Offer a unified view of risk: Thanks to the rise of enterprise risk management (ERM), many boards are realizing how integrated most risk is. To keep up, boards need a more integrated view, too. Next-gen board portals are centralizing insights from audit, compliance, governance, and more, so boards can use one platform to oversee anything that may impact their organization.
  2. Integrate data from hundreds of sources: With only proprietary data, boards have an incomplete picture of both current and emerging risks. Board portals are increasingly compiling accurate industry data and internal data in a single interface to help boards see the risks they face from within and the risks that may arise elsewhere.
  3. Empower comprehensive reporting: For boards to take action on secure board governance, all that data must be actionable. More board portals are offering streamlined reporting that helps boards interpret the data and make smarter decisions for ESG, cyber risk and more.

Diligent One is one such solution, offering a singular platform to streamline GRC. Learn more about Diligent One and see it in action.

Securing your governance ecosystem: Download the essential guide

Our practical guide is your first step in identifying and addressing vulnerabilities in your governance ecosystem. Equip your board with the knowledge to stay one step ahead. Download now and safeguard your organization against cyber threats.

Join the Cyber Risk Virtual Summit

The Cyber Risk Virtual Summit (February 5-6, 2025) is an unmissable free global event for leaders committed to shaping the future of cybersecurity governance.

Find out more
security

Your Data Matters

At our core, transparency is key. We prioritize your privacy by providing clear information about your rights and facilitating their exercise. You're in control, with the option to manage your preferences and the extent of information shared with us and our partners.

© 2024 Diligent Corporation. All rights reserved.