Friday, February 26, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Featured

Boards Still Lack Basic Security & Risk Practices

by Brian Stafford
May 24, 2017
in Featured, Governance
woman reading tablet on a plan

5 Key Problem Areas

Diligent, a leading expert in corporate compliance and board governance, has recently released a report examining boardroom communications and the dangers posed by a glaring gap in directors’ digital diligence and their understanding of cybersecurity. Without an understanding of just how dangerous their online communications practices can be, the risk will persist.

I’ve said it before, and I’ll say it again: All companies, no matter the size or the industry, will eventually be targeted by hackers, cybercriminals and other bad actors. At the same time, more and more instances of cyberattacks are being carried out against high-ranking executives, many of them C-level executives and directors. Not only do these individuals have access to a company’s most sensitive and confidential information, but often, they have the least amount of oversight and the worst cybersecurity habits.

For a corporation, falling victim to such attacks is damaging enough for obvious reasons (just ask Yahoo!), but for a high-ranking business leader, the fallout is particularly embarrassing, as it signals a clear lack of awareness about basic security precautions. Further, leadership is being held increasingly accountable for a wide swath of security missteps, a narrative that all too frequently plays out in news headlines and almost always ends in the loss of a job, an investigation or legal action.

With all of these consequences considered, one would hope that leadership is scrambling to close critical security gaps. But new research from Diligent and the New York Stock Exchange’s Governance Services paints a starker picture.

Surveying leaders at 381 large-, mid- and small-cap companies, “The Price of Convenience: Communications, Cyber Risk and Cybersecurity Practices of Corporate Boards” report (access here) found that few companies are taking enough steps to reduce or mitigate basic risks when it comes to boardroom security and communication.

The five biggest problem areas identified in the report are:

Personal Email Usage

Free email service providers (ESPs) have been at the heart of many of this year’s biggest data breaches and hacking incidents, and yet this has done little to deter directors from using their personal email accounts to conduct board business. According to the report, 92 percent of respondents said they prefer using personal accounts to secure corporate accounts to communicate with fellow board members. Popular email services are never a secure way to communicate, and board members who use them are putting themselves and their companies at risk.

Security Audits

The report also showed a lack of checks and balances in the boardroom when it comes to proper adherence to security procedures. In this case, 40 percent of those surveyed were unaware of whether the board had ever conducted a security audit of its communications practices. Further, while half were unaware if their security teams monitored their adherence to corporate communications practices, nearly 25 percent reported that security teams were not involved in active monitoring.

Training & Development

Cybersecurity threats can change at a moment’s notice, and thus, it’s important for board members to receive regular training and ongoing education about evolving risks they and the business may face. While the survey showed that some companies are taking a proactive approach to training and development, a majority of those polled—62 percent—reported that their board is not required to undergo cybersecurity training at all.

Document Handling & Storage

Hectic travel schedules, unreliable Wi-Fi and the need to do work on the go continue to fuel bad behavior among directors. For example, 64 percent admitted to downloading board books or company documents on personal devices to allow for easier access in transit. Further, 22 percent reported storing digital board meeting materials on personal devices and external drives. These two behaviors can introduce an incredible amount of risk into the business, particularly if said devices are lost, stolen or even hit with malware or a virus.

Risk of e-Discovery

Although the report did not collect specific data in this area, based on the above findings, board members are strongly advised to consider the larger ramifications of their online habits. In some states, those using personal email accounts and devices for work purposes may find that their private emails, texts and files are deemed discoverable during litigation. Further, directors may be held accountable for neglecting their fiduciary duty of care by putting confidential information at risk by using unsecured platforms, particularly if more secure means for conducting business were available.

It’s clear that companies and their boards still have a long way to go in adopting today’s digital security best practices. By educating board directors on potential threats and risks, creating and enforcing essential security protocols and adopting technology solutions that offer both convenience and protection for board-level communication, companies can begin to close those gaps. With cybersecurity showing no signs of leaving the board agenda, directors must walk the walk and talk the talk in order to fully protect their organizations and to ensure effective corporate governance.


Tags: board of directorscyber riskduty of caree-discovery
Previous Post

Asia-Pacific Employees Want Corporate Fraud, Bribery and Corruption Policies Simplified

Next Post

TRACE: Siemens’ Bribery Scandal

Brian Stafford

Brian Stafford is Chief Executive Officer of Diligent Corporation. Brian is responsible for all day-to-day operations, with a focus on accelerating global growth and incorporating scale into the business in order to seamlessly manage the growth. Brian previously served as a Partner at McKinsey & Company, where he founded and led their Software as a Service Practice. Prior to his tenure at McKinsey, Brian was the Founder, President and CEO of CarOrder, a division of Trilogy Software based in Austin, Texas. Aside from Diligent, Brian is also an active seed stage investor and startup advisor. His other passion lies in the arts, and he is supportive of the NYC community as a BAM board member.

Related Posts

woman looking at horizon from mountain top

What’s on the Horizon for Anti-Corruption Enforcement?

February 25, 2021
cannabis leaf on $100 bill

The Intersection of EDD and Banking Cannabis

February 24, 2021
gold cup award on red background with stars

Ethisphere Announces the 2021 World’s Most Ethical Companies

February 23, 2021
illustration of hand holding flashlight illuminating hidden stairs

The Corporate Transparency Act: Pulling Back the Veil

February 23, 2021
Next Post
TRACE: Siemens’ Bribery Scandal

TRACE: Siemens' Bribery Scandal

Access realtime data
Addressing systemic racism in the workplace SAI Global
Dynamic Risk Assessments with Workiva
Top 10 Risk and Compliance Trends

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence fcpa enforcement actions financial crime GDPR GRC HIPAA information security KYC/know your customer machine learning monitoring ransomware regtech reputation risk risk assessment Sanctions SEC social media risk supply chain technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights