Do negligent boardroom practices pose the biggest threat to corporate data security? asks Mark Edge, pictured, RVP of Sales and Managing Director UK at Brainloop. He discusses why the behaviour and practices of those at the very top of the company is increasingly becoming the weakest link in the corporate data security chain.
For the majority of businesses, the centre of power lies within the boardroom. It’s where all of the pivotal decisions about future business direction and strategy are made and where all of the most sensitive company information is discussed. But with great power comes great responsibility. Board members and their associates have a significant duty to ensure they are protecting this highly sensitive business information from prying eyes and hands. Unfortunately, this is far from the case in most instances. In fact, evidence suggests that archaic data handling practices and workflows are turning many boardrooms and board members into significant business security threats.
A recent survey by Brainloop, at ICSA 2015, found that despite clear data compliance and regulatory policies being in place throughout much of the corporate world, data handling and security practices amongst those at the top is worryingly lax. Of the businesses surveyed at ICSA, a third still distribute highly sensitive corporate information to board members by post, while a further third use unsecure email distribution. This may seem relatively innocuous, but post is notoriously insecure, while email is the number one cyber threat vector for organisations, according to Verizon’s Annual Data Breach Survey. As such, any business using these methods should question whether they are really appropriate communication channels for personal employee information, as well as highly sensitive company data. The answer is of course a resounding ‘no’.
However, it’s not hard to see why it’s happening. Electronic communication has revolutionised the way much of the world conducts its business. It has eliminated games of global telephone-tag and condemned the humble fax machine to the technology scrap heap. Email is fast and convenient, instantly connecting individuals together across countries and timezones. Many senior figures and board members are perpetual globetrotters, rarely in the same room as their fellow board members outside of scheduled quarterly or annual meetings. As such, email seems like an obvious and simple way to maintain communications. Unfortunately simple and secure rarely go hand in hand. With so many criminals now trawling cyberspace for highly sensitive, yet unsecured emails, its use amongst the upper echelons of a business is increasingly likely to cause more problems than it solves.
Boardroom practices
Evidence suggests that many board members are becoming increasingly tech-savvy over time. However, this won’t be enough to drive change in itself while so many boardroom methodologies and workflows remain wedded to the past. With one in six board members over 65, and the average board member aged 57 years old, it’s perhaps not surprising that so many boardroom practices remain resolutely analogue in an accelerating digital world. This isn’t confined to the distribution of sensitive information either, but also the presentation and disposal of it. Brainloop’s survey found that over 80% of board members still carry hard copies of sensitive company materials with them before, during and after key meetings. Yet 40% were unable to confirm if these materials were destroyed in line with compliance policies (or at all) at a later date. Who knows where they are now?
These kinds of practices are not only insecure, but also inefficient. In fact, it has been reported that FTSE 100 and 250 companies spend £40,000 or more annually developing and distributing printed board books. The costs of such a traditional approach can quickly spiral too when factoring in secretarial time, administration costs, print production and courier costs in preparation for meetings.
Securing the boardroom
So what can be done? Increasingly, businesses are realising that email isn’t the only form of electronic communication open to them. In fact, many are turning to the cloud and secure, web-based workspaces designed specifically for board directors and executives. Digital, cloud based workspaces offer a number of key advantages. Not only do they negate any issues surrounding the geographical locations of board members (much like email), but the centralised workspace ensures confidential papers are always securely accessible (unlike email) at any time, on any device. A digital boardroom also accelerates crucial decision-making by allowing directors to vote on issues online, from anywhere, at the same or different times.
Of course, a key factor in adoption of such solutions is ease of use. The more complex the system, the less likely it is to be widely adopted, particularly amongst those who actively resist change. However, many of the solutions available today are highly intuitive and simple to use, specifically designed to cater both for the digitally savvy and the digital dinosaur.
Meanwhile, automated solutions for administration, workflows and document collaboration make the digital boardroom far more efficient. Corporate secretaries can quickly and cost-effectively create and distribute board books, notify directors of changes, or update and amend documents in real-time. In particular, by simplifying the process of revising multiple versions of the same document, boards are far more capable of responding quickly to urgent items.
Embracing digital
Whether directly or indirectly, every business is fast becoming a digital business in some form. In order to successfully navigate today’s digital rapids, board members must learn to harness the potential of digital, not only to drive cost-savings but to fundamentally increase the security protocols surrounding some of the most important data within the company. To that end, it’s time for every business to ensure their board is digitally savvy, not a digital dinosaur. Otherwise, they might soon find themselves extinct too.
