Written by Paul Stark, General Manager of OnBoard
In the midst of the ongoing COVID-19 pandemic and the rise in remote or hybrid workplaces, cybersecurity risks, data breaches, and cyber-attacks are on the rise. Though outsiders execute the majority (70%, according to a recent report) of attacks, human error and internal bad actors can also play a role.
Regardless of the source, there are large (and costly) consequences when the wrong data gets into the wrong hands. Per a 2021 report, the average total cost of a data breach in the UK is more than £3 million.
Many of the sectors that rely on board leadership — including hospitals, health care systems, banks, and credit unions — can be especially valuable targets for cyber-attacks. The infamous Wannacry cyber-attack on the NHS remains front of mind for many.
What’s more, board members themselves may be more likely than average to be the target of a cyber-attack. That’s because attackers recognise that board members often have access to valuable, sensitive information. The pressure is on to ensure board security.
Four security features a board must implement
Often boards correspond and collaborate via email now, and key documents and information are shared via email attachment or a service such as Google Drive or Dropbox.
Though these methods are convenient and easily accessible, they’re not as secure as we’d like to think. In fact, this piecemeal approach to digital adoption opens up boards (and the organisations they serve) to the risk of a cyber-attack.
A better approach to improving board efficiency while maintaining board security is to adopt a board portal — often referred to as a board management, board portal directors have access to everything they need before, during, and after board meetings — all within a single, secure location.
But not all board portals are the same. If data security is a priority of your board (and it should be), OnBoard recommends considering includes these four critical board security features.
Encryption involves taking data from a readable format and scrambles it so it’s no longer readable. For example, a text-based message is “translated” to what is often referred to as ciphertext. The scrambled message can then be translated back to its original form by using a password or encryption key.
Encryption is a key way to protect sensitive data that’s stored on a computer system or sent through the internet. Be sure any board portal you’re considering leverages encryption.
Role-Based user permissions and controls
Easy access to the right information helps ensure board directors can achieve more for the organisations they serve. However, not all board directors should be granted the same level of access.
For example, members of a board’s finance committee likely require access to certain sensitive financial information, but not every board member needs to be granted access. In addition, a personal conflict of interest disclosed on a director & officer (D&O) questionnaire might indicate a director should have decreased visibility into information on a specific topic.
Be sure any board portal you’re considering allows you to set permissions and controls based on roles. That way, directors will have access to everything they need to serve in their roles — but nothing more.
Single sign-on (SSO) is an authentication method that allows a user to securely log in to multiple apps and websites by using just one set of login credentials. For example, a board member could log in using an identity and access management platform at the beginning of the day — and by doing so, they’d be able to access all websites, apps, and data they have permission to access.
Login credentials are often a target of cybercriminals, and each time a person logs in to a system or website, it’s an opportunity for an attack. What’s more, 59% of employees use the same or similar passwords for multiple accounts. That means if a hacker is able to access one system, they may be able to easily access others, too. On the other hand, leveraging SSO can reduce the risk of attacks because each user only logs in once per day.
When considering a board portal, be sure to find one that integrates with your organisation’s SSO solution.
Bring Your Own Key (BYOK)
There are many advantages of using cloud-based services. However, the cloud service provider maintains access to the organization’s data — and its encryption keys. This can be especially problematic for organizations in heavily regulated industries.
However, bring your own key (also referred to as “bring your own encryption”) is an encryption model that allows organisations using cloud services to encrypt their own data and manage their own encryption keys. Be sure to look for this feature in any board portal you’re considering.