Board Crisis Management and the Facebook Hack

Nicholas J Price
5 min read
Have you ever thought about how many groups or individuals your business or organization touches in some way every day? Or how much they rely on what you offer them? That's a reality that's been brought to light for Facebook since they revealed a data breach that led to the exposure of information from nearly 50 million of its users.

Facebook made its debut in 2004 as an online space where people could share comments and photos with friends and family or chat with them live. As an added perk, users can control their profiles so that they can pick and choose which of their followers can see posts.

Over time, Facebook enhanced its site by adding fan pages, business pages, and group pages. Businesses can place ads, and consumers can even order food online. Live video streaming keeps followers up to the minute and Facebook is even experimenting with monetizing videos by placing ads right at the cliffhanger.

With the huge numbers of people that connect on Facebook for personal and business reasons every day, there's no surprise that Facebook became a target for hackers. There are two lessons we can take away from this'be careful what you communicate on social media channels and be prepared for a social media crisis. Your business or organization could be the next victim of a breach.

Facebook Faces a Major Hack

Cybercriminals broke through a Facebook code allowing them to take over user accounts. Facebook is still in the beginning stages of the investigation and they haven't yet identified the identity or origin of the attackers.

Fortunately, Facebook had an emergency response plan to manage the crises. Facebook executives notified law enforcement immediately and IT experts quickly located and fixed the vulnerability. To protect their customers, Facebook also forced over 90 million of its users to log out of their accounts, which is common practice when they identify a compromised account.

In other measures, Facebook implemented strict data-sharing policies with third-parties and limited developers on how much data they can access. An audit caused Facebook to suspend more than 400 third-party apps that were connected to the site. Facebook continues to face multiple Federal investigations about their data sharing and privacy practices.

This is a major blow considering Facebook has suffered major fallout from issues related to the issue of Russian interference in the 2016 presidential campaign. The federal government is also threatening to establish new regulations to limit the power of corporations.

Perhaps the biggest loss that Facebook faces now is reputational loss. Chief executive, Mark Zuckerberg, acknowledged that Facebook and its other apps, like WhatsApp and Instagram, have a responsibility to protect their user's data. Failing to offer its users protection could result in vast mistrust. As much fun as it is to play and work on Facebook, lack of trust in the app could cause users to leave in droves.

How Board Portal Technology Can Secure Your Corporate Communications

The first lesson that we learn from the Facebook hack is to be careful what we share and where we share it. If you've become accustomed to sending business emails from your personal email account and vice versa, you're far from alone. Most likely, neither of those applications has the level of security to be sharing business or board information without being at great risk of being hacked. The seriousness of the lack of personal email security came to light when over 3 million Yahoo email accounts were breached in 2017. The Wall Street Journal reported that large numbers of developers were reading personal emails to help them produce new algorithms.

If it's risky to send confidential or sensitive information over personal and business email accounts, it's even riskier to send messages over messaging apps that were meant for novel use. Four FNB employees lost their jobs as a result of their messages on WhatsApp. Moreover, WhatsApp has come under fire for a flaw in their design that allowed hackers to change the identity of the user.

These are compelling reasons for board directors to conduct all their board business inside the safety and security of a board portal. Diligent Boards offers the highest levels of security within the Governance Cloud ecosystem. IT experts conduct regular testing to prevent against harmful leaks.

Diligent Messenger is part of the Governance Cloud ecosystem. Diligent Messenger works like other email and chat platforms and it provides secure communications without the security risks that are inherent with email and chat apps that were designed with public use in mind. Diligent Messenger now has a new feature for secure attachments, eliminating the risk of downloading files on personal and public computers and the platform fully integrates with Diligent Boards, so boards can conduct every aspect of board business with complete security.

Is Cybersecurity and Crisis Management on Your Agenda?

In the wake of Facebook's most recent scandal, executives did a lot of things right. They reported the issue to the legal authorities, fixed the issue and took steps to prevent further damage.

Does your board have a response plan in place in the event that hackers obtained confidential or sensitive data from your company? If not, has the issue of cyberattack been appearing on your board's agendas?

Your board of directors should be aware of your state's data breach laws, which may include notifying the local and federal authorities about the breach and immediately notifying your customers. Are you prepared to send a written notification to every customer that states that a data breach occurred, along with when the breach occurred, and the type of information that may be compromised?

Do you know what steps you plan to take if you discover a data breach? It's important to share what you're doing to remedy the problem and what actions your customers can take to protect themselves. Will you be able to quickly call in a forensics team to identify the leak, repair it and conduct further penetration testing? Finally, do you have a contingency plan that will allow you to continue doing business until the threat of harm is over? These are tough questions, but ones that you must be able to answer to protect your corporation or organization.

Prevent risk of data breaches by sequestering your board communications within the safety of Diligent's board management software systems. Think through how you will respond if an unthinkable data breach affects your company and make plans now. Your company's reputation depends on it.