Board security must be a top priority for every organization. If you’re considering new board software, be sure the platform includes these 4 important security features.
Boards of directors are essential to the success of all types of organizations. Typically, a seat on a board of directors comes with a whole host of responsibilities.
Oftentimes, board members are entrusted with sensitive data and information in order to carry out their duties. However, if that data lands in the wrong hands, the consequences can be devastating.
Now, more than ever, board security must be a top priority, and the security features provided by board portals and board management software have never been more important. In this guide, we’ll explore why board security matters — as well as four key board security features to look for when considering a board portal.
Why You Should Prioritize Board Security
In the midst of the ongoing COVID-19 pandemic and the rise in remote or hybrid workplaces, cybersecurity risks, data breaches, and cyber attacks are on the rise. Though outsiders execute the majority (70%, according to a recent report) of attacks, human error and internal bad actors can also play a role.
For example, there were recent reports of a credit union employee getting fired — and then getting revenge by deleting 21GB of the organization’s files before the terminated employee lost network access.
Regardless of the source, there are large (and costly) consequences when the wrong data gets into the wrong hands. Per a 2021 report, the average total cost of a data breach in the U.S. is $9.05 million, up significantly from $8.64 million in 2020. What’s more, a breach can cause lasting damage to an organization’s reputation, which can have a negative effect on the bottom line.
Many of the sectors that rely on board leadership — including hospitals, health care systems, banks, and credit unions — can be especially valuable targets for cyber attacks. For example, an Alabama hospital recently fell victim to a cyberattack. The hospital is now facing a lawsuit from a mother whose child was born during the attack, which she claims led to the hospital missing troubling signs that eventually led to the baby’s death.
What’s more, board members themselves may be more likely than average to be the target of a cyber attack. That’s because attackers recognize that board members often have access to valuable, sensitive information.
The pressure is on to ensure board security.
4 Must-Have Board Security Features
While some boards continue to use paper-based processes, a growing number are starting to rely more on technology — especially at a time when many boards have been meeting remotely. Oftentimes, boards correspond and collaborate via email, and key documents and information are shared via email attachment or a service such as Google Drive or Dropbox.
Though these methods are convenient and easily accessible, they’re not as secure as we’d like to think. In fact, this piecemeal approach to digital adoption opens up boards (and the organizations they serve) to the risk of a cyberattack.
A better approach to improving board efficiency while maintaining board security is to adopt a board portal — often referred to as a board management platform. With a board portal like OnBoard, board directors have access to everything they need before, during, and after board meetings — all within a single, secure location.
But not all board portals are the same. If data security is a priority of your board (and it should be!), be sure any board portal you’re considering includes these four critical board security features.
Encryption involves taking data from a readable format and scrambles it so it’s no longer readable. For example, a text-based message is “translated” to what is often referred to as ciphertext. The scrambled message can then be translated back to its original form by using a password or encryption key.
Encryption is a key way to protect sensitive data that’s stored on a computer system or sent through the internet. Be sure any board portal you’re considering leverages encryption. For example, OnBoard’s data centers use RSA 4096 bit encryption, which is the gold standard in the board portal industry.
2. Role-Based User Permissions and Controls
Easy access to the right information helps ensure board directors can achieve more for the organizations they serve. However, not all board directors should be granted the same level of access.
For example, members of a board’s finance committee likely require access to certain sensitive financial information, but not every board member needs to be granted access. In addition, a personal conflict of interest disclosed on a director & officer (D&O) questionnaire might indicate a director should have decreased visibility into information on a specific topic.
Be sure any board portal you’re considering allows you to set permissions and controls based on roles. That way, directors will have access to everything they need to serve in their roles — but nothing more.
3. Single Sign-On
Single sign-on (SSO) is an authentication method that allows a user to securely log in to multiple apps and websites by using just one set of login credentials. For example, a board member could log in using an identity and access management platform at the beginning of the day — and by doing so, they’d be able to access all websites, apps, and data they have permission to access.
Login credentials are often a target of cybercriminals, and each time a person logs in to a system or website, it’s an opportunity for an attack. What’s more, 59% of employees use the same or similar passwords for multiple accounts. That means if a hacker is able to access one system, they may be able to easily access others, too. On the other hand, leveraging SSO can reduce the risk of attacks because each user only logs in once per day.
When considering a board portal, be sure to find one that integrates with your organization’s SSO solution. For example, OnBoard seamlessly integrates with Okta and OneLogin SSO solutions, which means board directors can easily (and securely) access the board portal.
4. Bring Your Own Key (BYOK)
There are many advantages of using cloud-based services. However, the cloud service provider maintains access to the organization’s data — and its encryption keys. This can be especially problematic for organizations in heavily regulated industries.
However, bring your own key (also referred to as “bring your own encryption”) is an encryption model that allows organizations using cloud services to encrypt their own data and manage their own encryption keys. Be sure to look for this feature in any board portal you’re considering.
What Changed for Boards in 2021?
More Tips for Improving Board Security
Moving away from paper-based processes and procedures is an important step toward boosting board security. However, while it’s common to feel that exchanging information and documents via email, Dropbox, Google Drive, or others is secure, this isn’t the case. Instead, a better approach is to use digital documents, as well as a secure, encrypted system of record such as a board portal.
In addition to serving as a repository for key documents and information, a board portal should also be used as a hub for all board communication. Oftentimes, board directors use personal email accounts for communication.
In fact, a recent survey found 56% of board members use personal email to communicate about board matters. This isn’t terribly surprising; after all, email has become the standard business communication. However, communicating via personal email opens organizations to cybersecurity and discovery risks. Instead, insist that all communication take place via the board portal.
Finally, it’s critical to ensure cybersecurity policies and procedures are current. It’s also important to ensure board directors review these materials and are familiar with board security best practices.
It’s Time to Make Board Security a Top Priority
The chances of a cyberattack have never been higher. Board security must be a top focus of every organization.
Of course, there’s no surefire way of eliminating risk. However, leveraging cybersecurity best practices and adopting a secure board portal for all board-related information and communication are important ways to greatly reduce the risk.
About The Author
- At OnBoard, we believe board meetings should be informed, effective, and uncomplicated. That’s why we give boards and leadership teams an elegant solution that simplifies governance. With customers in higher education, nonprofit, health care systems, government, and corporate enterprise business, OnBoard is the leading board management provider.