Checklist for enterprise executives and boards
Executives drive the most sensitive and confidential discussions within your business. So, it’s sobering to think that many of the work processes today are still organized and built around email, paper documents and insecure messaging and file sharing services in many Fortune 1000 companies. These conversations are often extended to board members - external parties to the organization and outside the corporate firewall.
So what are the issues executives shall consider when communicating with board members - bearing in mind that NASDAQ's survey of long term market performance had a negative 5% underperformance of companies who leaked or breached sensitive information.
Often the solutions come from technology companies unfamiliar with the work processes and requirements of Fortune 1000 executives. Wire however, together with EY, has created a unique solution that is delivered by one of the most trusted companies in world – and one that board rooms and executives at large enterprises feel comfortable with. With Wire by EY every company is ready to tackle the sensitive and confidential information exchange between board and enterprise.
Board meeting room
The risk isn’t contained to the board meeting itself. Board administrators and secretaries can spend weeks preparing a board meeting – gathering reports, conducting research, reviewing past meeting minutes, and of course coordinating schedules with the board members.
It’s actually here, in the preparation phase that you’re most exposed. And remember, the average board size is 9.2 members. That’s a ninefold chance for your most sensitive company information to fall into the wrong hands.
Your board members are in the cross-hairs
Attackers understand the sensitivity of board communications, so it’s not surprising that it’s board members who are increasingly becoming the targets for cyber security attacks.
When Salesforce board member, Colin Powell became the target of a hacking attack, the resulting leaks included details of potential acquisition targets for Salesforce – including those that were “in-play”.
For large multinationals, the risks are magnified. Not only is the business a visible target for industrial espionage or malicious leaks, but the geographical spread of board members means board administrators often rely on email, consumer-grade file sharing services, and even paper-based copies of the board pack.
What’s wrong with email?
Email remains a key productivity tool for most enterprises. However, that doesn’t mean it’s the most appropriate solution for every use case – particularly when there’s sharing of sensitive information involved.
Email was never designed with security in mind, and many senior executives would be surprised at just how easily it can be compromised.
In many instances, it’s also impossible to evaluate the robustness of a board member’s email solution. Most board members will sit outside of your own corporate firewall, and with the majority of board members actually sitting on three or more boards, many will use their own accounts – often including consumer-grade solutions. Information that’s been carefully protected within your own corporate network is suddenly uncontrollable.
What should I be doing to secure board communications?
Don’t rely on email: The most effective change any board can make is to replace the use of email with a secure messaging service such as Wire.
Wire offers complete end-to-end encryption, meaning only the communicating users are able to read the messages. It’s the number one line of defense against man-in-the-middle attacks – a form of attack that allows malicious eavesdropping on your communications. In many cases, attacks are so sophisticated that your board members might not even be aware that they’ve been compromised.
*Secure file transfer: * Under no circumstances use email attachments as a means to share files. Likewise, the use of file sharing services is to be carefully considered.
Unfortunately, many of the best-known file sharing tools don’t offer end-to-end-encryption. Slack, DropBox, Box, Google Drive, Microsoft OneDrive and Skype all have one thing in common: None of them offer you, or your board members end-to-end encrypted file sharing.
This means that if you share files through these cloud services, they're at risk of being compromised. By comparison, Wire offers fully encrypted secure file sharing – making it the most secure choice for sharing sensitive board information and files.
*Consider the use of ephemeral messaging: * Ephemeral messaging describes messages shared between users that disappear after a predetermined time. Think Snapchat but for business. Note, there are some federal and state regulations that require some types of companies (ie financial services, and healthcare), to retain specific types of documentation; however, for general board updates ephemeral messaging mitigates the risk of sensitive information languishing on an email server.
*Choose a secure solution for screen sharing: * With geographically disparate board members, board meetings occasionally have to rely on web conferencing and screen sharing.
Unlike Wire, which includes end-to-encryption as standard across your video calls and screen sharing sessions, many of the screen sharing tools available to your board don’t enable end-to-end encryption, leaving both conversations and the content of the screen share open to man-in-the-middle attacks. Even enterprise-grade products such as Webex have their own end-to-end encryption limitations.
Train your board: This is something everyone can, and should, do.
Due to their busy schedules, it’s not uncommon for senior management to miss your company’s regular security training sessions. However, due to the nature of their communications, it’s vital that you extend security training to everyone in your business, and to your external board members.
Remember, regulations such as CCPA and GDPR now impose financial penalties for the misuse of data, so it’s in everyone’s interest to stay informed and up to date with the latest tools and process.
Be secure, be future proof
Try a new and more efficient way of working that eliminates the threats and deligths the people you work with. Start your free trial today free 30-day trial of Wire Pro.