No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Featured

Boards Still Lack Basic Security & Risk Practices

by Brian Stafford
May 24, 2017
in Featured, Governance
woman reading tablet on a plan

5 Key Problem Areas

Diligent, a leading expert in corporate compliance and board governance, has recently released a report examining boardroom communications and the dangers posed by a glaring gap in directors’ digital diligence and their understanding of cybersecurity. Without an understanding of just how dangerous their online communications practices can be, the risk will persist.

I’ve said it before, and I’ll say it again: All companies, no matter the size or the industry, will eventually be targeted by hackers, cybercriminals and other bad actors. At the same time, more and more instances of cyberattacks are being carried out against high-ranking executives, many of them C-level executives and directors. Not only do these individuals have access to a company’s most sensitive and confidential information, but often, they have the least amount of oversight and the worst cybersecurity habits.

For a corporation, falling victim to such attacks is damaging enough for obvious reasons (just ask Yahoo!), but for a high-ranking business leader, the fallout is particularly embarrassing, as it signals a clear lack of awareness about basic security precautions. Further, leadership is being held increasingly accountable for a wide swath of security missteps, a narrative that all too frequently plays out in news headlines and almost always ends in the loss of a job, an investigation or legal action.

With all of these consequences considered, one would hope that leadership is scrambling to close critical security gaps. But new research from Diligent and the New York Stock Exchange’s Governance Services paints a starker picture.

Surveying leaders at 381 large-, mid- and small-cap companies, “The Price of Convenience: Communications, Cyber Risk and Cybersecurity Practices of Corporate Boards” report found that few companies are taking enough steps to reduce or mitigate basic risks when it comes to boardroom security and communication.

The five biggest problem areas identified in the report are:

Personal Email Usage

Free email service providers (ESPs) have been at the heart of many of this year’s biggest data breaches and hacking incidents, and yet this has done little to deter directors from using their personal email accounts to conduct board business. According to the report, 92 percent of respondents said they prefer using personal accounts to secure corporate accounts to communicate with fellow board members. Popular email services are never a secure way to communicate, and board members who use them are putting themselves and their companies at risk.

Security Audits

The report also showed a lack of checks and balances in the boardroom when it comes to proper adherence to security procedures. In this case, 40 percent of those surveyed were unaware of whether the board had ever conducted a security audit of its communications practices. Further, while half were unaware if their security teams monitored their adherence to corporate communications practices, nearly 25 percent reported that security teams were not involved in active monitoring.

Training & Development

Cybersecurity threats can change at a moment’s notice, and thus, it’s important for board members to receive regular training and ongoing education about evolving risks they and the business may face. While the survey showed that some companies are taking a proactive approach to training and development, a majority of those polled—62 percent—reported that their board is not required to undergo cybersecurity training at all.

Document Handling & Storage

Hectic travel schedules, unreliable Wi-Fi and the need to do work on the go continue to fuel bad behavior among directors. For example, 64 percent admitted to downloading board books or company documents on personal devices to allow for easier access in transit. Further, 22 percent reported storing digital board meeting materials on personal devices and external drives. These two behaviors can introduce an incredible amount of risk into the business, particularly if said devices are lost, stolen or even hit with malware or a virus.

Risk of e-Discovery

Although the report did not collect specific data in this area, based on the above findings, board members are strongly advised to consider the larger ramifications of their online habits. In some states, those using personal email accounts and devices for work purposes may find that their private emails, texts and files are deemed discoverable during litigation. Further, directors may be held accountable for neglecting their fiduciary duty of care by putting confidential information at risk by using unsecured platforms, particularly if more secure means for conducting business were available.

It’s clear that companies and their boards still have a long way to go in adopting today’s digital security best practices. By educating board directors on potential threats and risks, creating and enforcing essential security protocols and adopting technology solutions that offer both convenience and protection for board-level communication, companies can begin to close those gaps. With cybersecurity showing no signs of leaving the board agenda, directors must walk the walk and talk the talk in order to fully protect their organizations and to ensure effective corporate governance.


Tags: Board of DirectorsCyber Riskduty of caree-Discovery
Previous Post

Asia-Pacific Employees Want Corporate Fraud, Bribery and Corruption Policies Simplified

Next Post

TRACE: Siemens’ Bribery Scandal

Brian Stafford

Brian Stafford

Brian Stafford is Chief Executive Officer of Diligent Corporation. Brian is responsible for all day-to-day operations, with a focus on accelerating global growth and incorporating scale into the business in order to seamlessly manage the growth. Brian previously served as a Partner at McKinsey & Company, where he founded and led their Software as a Service Practice. Prior to his tenure at McKinsey, Brian was the Founder, President and CEO of CarOrder, a division of Trilogy Software based in Austin, Texas. Aside from Diligent, Brian is also an active seed stage investor and startup advisor. His other passion lies in the arts, and he is supportive of the NYC community as a BAM board member.

Related Posts

tech fluency_n

Not Your Grandpa’s C-Suite: Improving Tech Fluency at the Top of the Organization

by Jim DeLoach
January 18, 2023

In our hyper-connected world, just about every company is a tech company. As commerce and technology become increasingly intertwined, it’s...

cisa website

What Can Your Organization Learn From the New CISA Strategic Plan?

by FTI Consulting
January 11, 2023

Cyber threats against organizations of all sizes are only rising as scammers and fraudsters become more and more sophisticated. Kyung...

hottest takes

The Hottest Compliance Takes of 2022

by Staff and Wire Reports
December 14, 2022

Nobody was canceled for anything they wrote for our pages in 2022 — at least that we know of. But...

data minimization practices_w

Ransomware Threats Are Growing. How Can Boards Protect Mission-Critical Assets?

by Jim DeLoach
December 14, 2022

As the sophistication level of cyber attackers continues to rise, there’s probably not a business on Earth that isn’t at...

Next Post
TRACE: Siemens’ Bribery Scandal

TRACE: Siemens' Bribery Scandal

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT