Three steps to heightened boardroom security

Boardroom Security Blog

Data security is a major priority for many organizations in the US, and most executives are aware of the possible threat brought about by data breaches. Barely a week goes by without one breach or another reported in the press and there is a multi-billion dollar industry emerging that looks to keep organizations’ data safe, secure and private.

Yet despite that many data breaches still result from human error of some kind. Whether that’s leaving a laptop or tablet on the subway, or being careless with an agenda and board pack on the way to a meeting, many of us have been guilty of similar at some time.

With businesses holding more data than ever before, on customers, staff and more, any data breach is a concern. But if the discussions and data exchanges that take place at a board level, involving complex and confidential financial matters, ever got breached, the concern would be much greater.

So what can we do to help ensure that board executives keep data secure?

1) Get the board thinking seriously about data security

A data breach can be hugely costly, both in terms of the bottom line and also the long-time damage to a brand. This means that security has to be a board level concern.

Boards must know the company’s cybersecurity policies and have an awareness of the type of risks that the organization may face. This requires a link from IT to the board to make sure these knowledge gaps are filled, and that board members are kept up to date with latest threats. Perhaps there is

a role for a sub-committee that focuses only on the analysis of cyber threats, and reports back to the board?

2) Try and address human errors

People will always make mistakes – it happens, you deal with it and then try and minimize the impact. But board members are perhaps even more vulnerable to such errors than most employees – they travel more, have access to the most confidential and sensitive information, and may not be as technology smart as millennial staff members.

If board members bring their own tablets and smartphones to the office, devices that may have been used by other members of the family and connected to social networks, the internet of things and more, there is inherently more risk of a data breach. Put simply, a board member just has more opportunities than most to expose an organization to risk.

So the education of board members about the importance of keeping the corporate network secure should be a key element of cyber security. An added benefit is the role board members can then take in fostering a culture of compliance and security across the company – if the board is seen to be security conscious, the rest of the organization will be more likely to follow suit.

3) Get smarter with the use of technology

Boards tend to work in more traditional ways than others in a company and may capture, share and manage information in a way that security teams would ban elsewhere in the organization. So there is a real need to help board members get smarter with technology.

Tablets and smartphones can be extremely useful in keeping board data secure. The use of online board portals such as to replace paper or PDF based board packs for board meetings will not only keep data more secure, it will reduce paper at those meetings and make for a significantly more productive use of board members’ time.

They mean that board members have all the information they need and can access that information via their personal device. For people that travel a lot this negates the possibility of leaving paper documents around, and if a device is lost it can be wiped remotely, to ensure its contents remain unseen.

Board executives are potentially one of the bigger threats to an organization’s data. But with a little education about cyber security, a dotted line to IT and more widespread use of online board portals, there is no reason why board security cannot be as strong as elsewhere in the organization.

posted on & filed under Regulation and Compliance.