Three Security Threats to Board Information

electronic circuit board with a security lock on top of it

4 minutes

When choosing board collaboration tools, consider the end-to-end activities of board members, as they access, review and communicate.

Cybersecurity has always been top of mind for IT departments, and these days, it’s an increasingly important issue for boards as well. Gartner estimates that by 2020, virtually all large enterprises will need to report annually to their board of directors on cybersecurity and technology risk, and this timeline seems conservative. It will likely be a standard requirement much sooner.

With this increased focus on security, what about security of board information itself? Board communications bring challenges above and beyond internal company data. Part of a board administrator’s job is to coach and oversee how directors communicate, to ensure that they don’t unintentionally leave credit union data unsecured. 

Directors are busy, mobile, and sometimes less than tech savvy. How many of them right now are saving documents outside your safety protections and onto their personal computers? How many are conducting board decision debates over email?

While IT often laments human behavior, the fact is that administrators need to safeguard against those things we all know “people shouldn’t do”—but do. Whether you’re using board portal software or board meeting management tools like email, Dropbox, SharePoint or an in-house system, there are three key threats to watch.

Threat #1: Data can be downloaded. When you send information electronically to your board members, they need to review it and, depending on how data is sent, directors can put data at risk when accessing documents.

Email is notoriously insecure and will require directors to download material outside of their email. Dropbox may seem secure due to its AES 256-bit encryption but, similar to email, your data will not stay within Dropbox. It will be opened by directors and potentially saved elsewhere (e.g., their desktops).

With SharePoint, documents are only secure when they reside within the system. As soon as they’re saved elsewhere, you’ve lost control.

Board management software can provide administrators control of whether documents may be printed or downloaded and can track who has accessed documents—all designed to protect sensitive material.

Threat #2: Decisions and communications are data. When you use Dropbox, SharePoint or another in-house system for board communications, you need to put in place a separate platform for discussion and decisions to remove the temptation for directors to discuss decisions over email.

Beyond being a one-stop source for board materials, a board portal provides instant tools for directors to annotate documents and discuss board decisions. Whether these discussions are across the whole board or with select directors, all related data is kept secure. Administrators can also post questions to the board through surveys. These features help keep sensitive topics out of everyone’s inbox.

Threat #3: Lost devices doesn’t mean lost data. No one intends to lose their tablet, phone or laptop, but mistakes happen to the best of us. The key issue for board administrators is whether you can remove data from a lost or stolen device if you need to. Email, documents and even potential Dropbox access are instantly at risk.

The ability to purge data is essential for confidential material. Board portals allow for rapid response if a device or laptop is lost, with instant remote data-wiping.

The challenge with security is the complexity of board communication. When choosing board collaboration tools, you need to consider the end-to-end activities of board members, as they access, review, and communicate.

These five security-focused features will help keep your data safe:

  • Encryption during transit and at rest
  • Ability to restrict downloads if required
  • Easy, secure forum for shared notes (e.g., annotations within a portal)
  • Easy, secure way to record decisions (e.g., survey tool)
  • Ability to wipe data remotely, upon a lost or stolen device

Last year, the cost of cyber security to companies rose 22.7 per cent to an average of $11.7 million, primarily due to security breaches. Protecting your board will help ensure that you don’t become part of this statistic.

Ian Warner is president/CEO of Aprio, a strategic partner of CUES. Aprio is a board portal company, headquartered in Vancouver, British Columbia, that helps credit unions big and small to achieve transparent communication, efficient decisions and well-run board meetings. Before joining Aprio, Ian was COO of Vancity, Canada’s largest credit union, and was CEO of Vancity’s subsidiary Citizens Bank of Canada for four years.

Register for the webinar, “Securing Board information—Simple Steps for Protection,” at 1 p.m. June 27.

Request a demo of Aprio's portal.

Compass Subscription