Months into the COVID-19 lockdown, remote workers'and board members'have become more accustomed to virtual meetings. They've found a quiet place in the house, mastered the mute and camera buttons, and fully styled their background bookcases and "Zoom couture."
Yet as virtual work becomes a way of life, not all adaptive habits have been cyber safe. As board members turn to personal email, apps and devices, board materials and communications have become more sensitive than ever: cash flow strategies, executive compensation plans, health and safety issues, and more.
The good news: Technology provides a solution as well. Here are a few common risk scenarios'and digital tools that strengthen protection.
Barring these cues, many board members have resorted to text messaging to 'raise their hand,' pose questions or have sidebar discussions. But what seems efficient can actually be dangerous:
Instead of unencrypted data: A secure, encrypted governance suite like Diligent's Governance Cloud protects sensitive information as it flows to and from the board'and enables secure collaboration across the organization.
Yet as virtual work becomes a way of life, not all adaptive habits have been cyber safe. As board members turn to personal email, apps and devices, board materials and communications have become more sensitive than ever: cash flow strategies, executive compensation plans, health and safety issues, and more.
The good news: Technology provides a solution as well. Here are a few common risk scenarios'and digital tools that strengthen protection.
1. Texting during virtual meetings
A gesture, a glance, a quick aside. During in-person meetings, attendees have a host of non-verbal tools at their disposal'many which don't fully translate to the two-dimensional grid of a video call.Barring these cues, many board members have resorted to text messaging to 'raise their hand,' pose questions or have sidebar discussions. But what seems efficient can actually be dangerous:
- What if a sensitive message ends up with the wrong person? With autofill and board members' extensive address books, the possibility is all too likely.
- How would a private chat hold up in court? When board members use personal channels, all their text messages could be considered discoverable should a company come under litigation.
"Messenger has been adopted with our external business partners to start and will soon be deployed to the board and supervisory board as the ONLY channel of communication. It has been used to send confidential files and to share content for the next meeting to top execs/board(s)."
-PA to Supervisory Board Chairman, Commercial Property Company
2. Emailing confidential board materials
Email communications are similarly on the rise for COVID-19 era boards. With the shift to virtual meetings, governance teams are defaulting to Outlook, Gmail and beyond to assemble PowerPoints, edit agendas and more. It's familiar'but not as secure or efficient as one might think. Consider:- What if these materials end up in the wrong inbox? As with text messages, it's all too easy to send a sensitive email to an unintended recipient'particularly when typed in a hurry. And popular tools for personal email often lack the stringent safeguards, like encryption, which is a baseline for securing board communications today.
- Are you working on the most current document? Asynchronous communications like email make version control challenging and real-time collaboration next to impossible.
"[Diligent] has allowed us to centralize our board communications'and it's instantaneous. When our board members get a notification, they know it's important...It provides us with another layer of protection knowing we're using the securest platform available."
-Senior counsel and assistant corporate secretary, food manufacturing
3. Conducting evaluations on unencrypted platforms
Throughout the COVID-19 pandemic, critical issues have arisen for board voting. At the same time, open, honest evaluations'particularly around sensitive topics'have become more important than ever. To keep these important processes moving, many nominating/governance committees have been moving them online (using SurveyMonkey, Google Surveys and other unencrypted platforms). However:- What if confidential vote, questionnaire or evaluation data was breached?
- What would be the impact on company and board member reputations, shareholder perspectives and more?
"We have needed to implement digital voting now, more than ever. We love its practicality and easy set-up. Once all of this has passed, we will keep this as our future process."
-Board secretary, insurance company
4. Unprotected video conference links
It's easy to control access to a physical boardroom via locks, electronic key cards and gatekeepers. Not so with a video conference platform'just click a link or dial a phone number and access code, and you're in. Yet both types of boardrooms are places where directors convene to discuss and debate sensitive topics. In today's virtual meetings:- Remember that when video conference links are shared in email, they can easily be forwarded or intercepted. If this falls into the wrong hands, the consequences could be dangerous. You may have more attendees on your virtual board meeting than you planned for.
- Are you aware of everybody who's dialed in? Especially on calls with many participants, uninvited guests may be hard to detect'particularly if they're lurking on audio-only or "camera off" mode.
"Diligent is becoming the easiest way to share information [during COVID-19]."
-Governance professional, electricity infrastructure company
5. Failing to prioritize data security
In a global pandemic, boards and management teams are receiving regular updates on employee health, which often include sensitive medical data. How is your organization taking extra steps to protect this data? Are you meeting regulatory standards related to GDPR or HIPAA laws? Most boards will need to bring their processes and protocols up to speed. If this data was intercepted'or if an email was accidentally forwarded'could the board prove that it had taken all steps necessary to protect this sensitive employee medical data?Instead of unencrypted data: A secure, encrypted governance suite like Diligent's Governance Cloud protects sensitive information as it flows to and from the board'and enables secure collaboration across the organization.
"[We are] relying on Diligent as much as ever. Senior management has set up a COVID Crisis meeting group and meets once a week to discuss responses to the crises that funnel up to the board as an update."
-Director of board administration, retail banking company