Identity management is crucial when sharing business-critical information. If the wrong people gain access to internal networks, it can result in data corruption or theft, which can damage sales, share price and brand reputation (customers and commentators don’t look favourably on companies that fail to protect their digital assets), writes Charlie Horrell, pictured, Managing Director, Europe, Middle East and Africa for Diligent.
In the past, identity management was the concern of IT managers. However, a number of high-profile security breaches in recent years have placed the issue on the agenda of senior management teams and board directors. With senior-level employees having access to highly confidential data, compliance and good governance are clearly very important considerations. IT security systems must be able to prevent unauthorised access to sensitive information.
But while security, compliance and corporate governance are undoubtedly important, so too is the ability for senior execs to access crucial information from anywhere in the world, from any device, so they can make properly informed decisions. For example, if information about a crisis situation isn’t instantly available to Board members, how can they take the most appropriate course of action? Unfortunately, many organisations haven’t addressed identity management at the detailed level it deserves, and are still using solutions like Dropbox or Google Drive to provide general access to information and apps. And some are really taking a risk by emailing PDFs of highly sensitive corporate data over unsecured networks.
Whatever solution you’re using, there are ways to shore up the defences. Here’s how you can provide execs with all the business intelligence they need, without sending your IT department into a cold sweat.
1) Educate the board
This is crucial for Board members and senior employees who aren’t ‘digital natives’. Fundamentally, cybersecurity is a technology issue – but it’s also a human one, so it’s important to highlight how bad habits can leave the company exposed, no matter how advanced the IT security in place.
Lead by example and work with your IT department to provide any training needed. It might seem like an inconvenience at the time – especially for time-poor execs – but when you consider the loss and embarrassment it could save the company in future, it’s certainly worth it.
2) Provide 24/7 access…
In today’s 24-hour economy, the nine-to-five working day is increasingly rare – especially at board level. We work wherever and whenever it suits us and our companies, so it’s no longer practical to leave the IT department in sole control of identity management. If a board member needs access to a specific document on a Friday night, or needs a password reset from the other side of the world, it’s simply not feasible to postpone access until Monday morning.
3) … offline access …
There are times when board members and execs don’t have access to the internet, or have a very weak connection. So simply providing a good online experience of accessing confidential information isn’t enough. They need a seamless, secure offline experience as well, through an app that instantly syncs when they re-connect to the internet.
4) … and user-specific access
It’s great that administrators can give users access to a specific document – but what if an employee is only supposed to be able to see a specific page or section of that document? Being able to set access to this detailed level not only bolsters security, it also adds value. Execs don’t have to wade through large files, when only a small section is actually relevant to them. For example, a report covering a full day of meetings could easily run to dozens of pages. Providing execs with access just to the parts pertinent to them saves valuable time and a lot of frustration, particularly in a high-pressured crisis situation.
5) Offer 24/7 support
People forget passwords, push the wrong buttons and can get confused using any IT solution. And when they do, they often ‘work around’ any carefully considered security procedures and unwittingly put company data at risk.
That’s why 24/7 support is so important. And we’re talking proper support – access to real people who can fix problems in real time.
6) Use a secure portal to access confidential, Board level information
The easiest, most secure way to communicate Board-level information is to use a board portal. This lets authorised users access information securely, via an app or browser.
It ensures the latest information is available instantly, and eliminates version-control issues (it’s particularly useful for crisis documents, which are often updated regularly). You can also pre-load a board portal with crisis plans, which are activated within minutes of the crisis breaking. Some portals enable electronic signatures for written consents, or have voting features to establish a consensus on an issue.
