Modern Governance

The security concerns of free email service provider use

Thanks to modern collaboration tools, today's workforce can be more secure, efficient and powerful than ever. However, leading organizations recognize that security threats are evolving, and agree that mitigating cyber risks is a job for everyone ''' from the sales team up to the board of directors. Yet, a recent Ponemon study found that 35% of board members admit cyber security is not on their agenda and 26% reported having minimal to zero cyber security knowledge. Board members, who often sit outside the firewall, and top level executives in the organization, who often are working with the highest level of confidential materials (e.g., mergers, acquisitions, divestitures, quarterly results), are not safeguarding their operations and are often opting for a free email service provider ''' putting the entire business and their partners at risk.

The reality of using a free email service provider

Every executive has their preferred way of working - whether it's on mobile devices, tablets, laptops, or even smart watches (maybe, someday). And there are also a host of different communication tools for those devices, from secure corporate tools to free SaaS applications to antiquated systems that have never been replaced. Due to all of these working styles, security best practices are taking a back seat to convenience and personal preference.

We recently took a look at board members' primary form of communication - email - and found that more than 30% of US board members are using free email service providers (ESPs) as a means to communicate. Among the free ESPs used, the top domains were:

  • Google - 44%
  • AOL - 17%
  • Yahoo! - 9%
  • Comcast - 7%
  • Others You've Likely Never Heard Of - 23%

While free ESPs may offer a variety of compelling functions in a familiar user interface that make them good for personal use, companies simply need better protections for confidential messages, especially those of the board of directors. These older and less tech-savvy executives may pose a high risk to the organization and are vulnerable to basic attacks, like phishing, brute-force password hacks, and other exploits. To combat this, the following best practices will help any organization secure communication amongst their company's leadership.

Rules to secure communication and secure the team

There are five key rules for keeping communication secure and efficient within boards and executive teams. Leading companies have adopted these practices, and so should companies struggling to identify the best ways to balance employee expectations, market pace and security.

Simplify. Security has evolved, and the strongest security today is not always the most complex, cumbersome or lengthy processed for the end-user. To executives, time is a luxury and they have enough work on their plate. Security should not feel like another exhausting responsibility. Keep the heavy lifting behind the scenes and out of their view; otherwise, they'll seek a less secure and more convenient option (i.e. personal email). Explore the latest, best technology offerings - it may not be the cheapest, but it should always be the most secure and the simplest. In addition, make sure the solution you choose for your board members and executives includes exceptional, white-glove support, in case someone ever encounters an issue. Internal IT teams cannot be expected to be on call 24 hours a day but when there's no one to help, people start looking for (less secure) work-arounds.

Mobilize. Communication and technology need to be accessible while on-the-go, and that means it has to match your executives' style. This could range from a Windows 10 tablet to an iPhone - so you'll have to cover a security across multiple devices. But don't forget the most overlooked feature with mobile: offline access. This is especially important to have so that apps can still be used safely when internet access is not available, like flights, taxis or areas of poor reception.

Privatize. A common frustration is the inability to know, at a glance, that you're speaking to the right person. Have you ever accidentally sent a note to 'Mary Smart' when you meant to send it to 'Mary Smith?' It's happened to the best of us, and we've all wished for an 'Undo Send' button. Leading secure executive communication provide options to limit the group of people within the application, creating a private network, and ensuring one slip of a finger won't send confidential data to the wrong person.

Contain. While it's essential for high-ranking executives and board members to have access to pertinent information and strategic documentation, it is also important that they are able to restrict access in the bat of an eye, especially when dealing with lower-level employees or people outside the organization (such as travel scenarios where a device may be easily misplaced or stolen).

Comply. At times, laws and regulations pertaining to executive and board-level communication may become relevant and require close compliance to local or industry-based rules. It's essential to be aware of how different ways of working are regulated in different regions, and to be able to control settings to ensure compliance is met, such as message retention, expiration policies and audit trails. In the spirit of compliance, the board should also ensure they're 'eating their own dog food' and are operating in harmony with these best practices. If those at the top of the organization can't be bothered to take charge of security, how can they expect anyone else to do so?

Security communication rises in importance

The stakes have never been higher. A hack ten years ago likely meant minor embarrassment or, worst-case scenario, theft of a non-life-threatening amount of money. These days, hacks become front-page-news. There are calls on social networks for boards and executives go to jail. Companies are crippled and huge amounts of value are destroyed. And all of this is compounded by how easy it is to make a mistake. Click one phishing email or send one unencrypted email and game over.

Fortunately, world-class security no longer has to interfere with a good user experience. The right technology can allow for seamless access for the user but meet the highest security standards by keeping the data encrypted in transit, at rest and more. Popular examples today include board portals that help keep document distribution and review secure, dedicated messaging systems that are replacing simple text messaging with hyper-secure platforms and new applications that can safe guard information even if the device is compromised.

By selecting the right safe guards for your company, it can compensate for the less technically savvy among us and provide protection to sensitive online materials for board and executive teams.