Do Your Board Members Pose a Security Risk?
When it comes to risk management, corporate board members may be surprised (and dismayed) to know that they themselves pose security risks to the business, according to a new Thomson Reuters survey.
The Thomson Reuters annual Board Governance survey -- which covers more than 125 general counsel and company secretaries across a wide-ranging cross-section of industries and geographies globally -- shows that corporate board communications present genuine security risks.
Here are a few of the survey's key findings:
- Too many board materials. One-quarter of respondents produce more than 100 board books per year. On average, each book is 179 pages long. This means that board members are wading through a sea of confidential information -- 16,010 pages on average! -- every year. That gives companies 16,010 reasons to be concerned about data leaks.
- Too many board members. Boards are getting bigger, with 43 percent reporting more than 11 members, up from 29 percent in 2012. Remember, the bigger the board is, the greater the potential security risk.
- Unsecure distribution channels. More than 75 percent of the surveyed firms said they don't use secure email and almost half send out information unencrypted. Especially problematic, almost half of boards still rely on paper-based board books, making sensitive information vulnerable to being lost, stolen, or misplaced. In fact, more than 67 percent of respondents aren't sure if their board members even destroy all print copies of board materials in line with their own policies.
- Unsecure retention processes. Most devastating (and yet, not terribly surprising), 62 percent of companies said they had heard of board members leaving sensitive information in public places, representing a 12 percent increase from last year. But given the shocking amount of confidential information board members are expected to retain (16,010 pages!), can you really blame them?
The Survey's Takeaways
The moral of the story: Security of board communications is essential to the security of your company. So what steps can you take to improve security?
Brevity is your best friend. Encourage board members to develop briefer reports and presentations.
Also, consider going paperless. The most secure alternative is to use a private mobile board portal to share your sensitive board information. You certainly wouldn't be alone: 52 percent of organizations are already doing it, according to the survey.
As a first step, board members should fill their cybersecurity knowledge gaps and make security a priority.
(Disclosure: FindLaw is a Thomson Reuters business.)
Follow FindLaw for Consumers on Google+.