09/25/2013

Board Communications: A Better Security Approach to Managing Data Risks

by Jim Brashear


Thomson Reuters recently published its 2012 Board Governance Survey Report, Meeting Expectations of Board Governance: Board Oversight, Communications and Technology in a Global Landscape. The report notes the increased workload for the Corporate Secretary. On average, among responding corporations, 92 board books are created annually – each an average of 116 pages. That’s over 10,000 pages of board materials per year! Much of that material is sent to outside directors and advisors electronically. A disturbing aspect of the report is "a surprising absence of security measures taken in board communications." This includes:

    Unsecured email risk - A majority of survey respondents said they regularly use unsecured personal email addresses, such as Gmail or Hotmail accounts, to send confidential board material to their directors.

    •The report says "47% of respondents indicated that they never encrypt their board materials, and 18% indicated that they only occasionally encrypt their information. This is of concern, considering the risk for both the Directors and the company in terms of reputation, monetary fines, potential for discovery and negative publicity associated with board materials getting into the wrong hands."

    Bring-Your-Own-Device (BYOD) risk
    - Directors using their own, unsecured mobile devices (laptops, tablets and smartphones) to download and transport confidential board materials.

    •63% of respondents said their Board members keep confidential board documents on their private mobile computing devices.
    •9% of respondents reported their directors had their mobile devices lost or stolen, thereby putting confidential information at risk.

Most companies’ efforts to manage these risks apparently are limited to making these confidential electronic records subject to a document retention policy. Only 30% of survey respondents were confident that directors destroy all copies of board-related emails and documents, potentially making those records subject to electronic discovery in investigations or litigation. Many companies do not routinely include in litigation holds their outside directors’ personal devices and personal email accounts.

A better approach to managing these risks is to:

    •Transmit confidential information using encrypted email or a secure board or email portal
    •Ensure personal devices are encrypted and device access is secured by a reasonably strong password (not a 4-digit PIN) or by biometric authentication, such as on the new iPhone 5S
    •Require two-factor authentication for access from mobile devices to online email accounts
    •Enable BYOD security solutions that keep confidential data off of portable devices entirely through streaming (a method of accessing data stored in the Cloud and viewing it on the mobile device without actually downloading it to the mobile device); if data does need to go to the device, use remote wiping solutions

For information about ZixCorp’s industry-leading email encryption or its innovative BYOD solution ZixOne, please visit zixcorp.com.

Posted: 9/25/2013 12:00:00 AM by Global Administrator | with 0 comments
Filed under: Board, BYOD, Communication, corporate, data, Email, Encryption, Governance, Industry, Legal, protection, Security


Recent Posts

10/16/2018

New Email Attack Shows How Hackers Can Hijack a Legitimate Email Thread

by Guest Blogger David Bisson

View Blog Post

10/04/2018

Unified Search Is a Seamless Solution for Increasing Regulatory Burden

by David Wagner

View Blog Post

09/26/2018

What the NIST Small Business Cybersecurity Act Means for You

by David Wagner

View Blog Post