Terry Hancock, CEO of the Easy I Group, succinctly describes the importance of protecting corporate information in this statement, “The complexity and criticality of information security and its governance demand that it be elevated to the highest organizational levels. As a critical resource, information must be treated like any other asset essential to the survival and success of the organization.”
Corporations have many products and processes to protect, including research, patents, trademarks, product development, manufacturing, shipping and much more. The board of directors is responsible to protect all of the company’s processes against the risk of loss and to reduce any negative impact to the company, its people, its customers, its shareholders and its operations. Information technology involves people and their relationships with others inside and outside of the company.
Board meeting minutes nearly always cover some portion of the corporation’s operations and processes in some fashion. For this reason, board members need assurance that their board meeting minutes are secure. Information that gets into the wrong hands may result in loss, operational disruptions, unauthorized disclosure or legal liability.
Board meeting minutes are a legal record of the decisions and actions of the board. As chief overseers of corporate planning, board members have a duty to protect board meeting minutes as securely as they would any other important asset.
Why Is Security Necessary for Board Minutes?
Board security should never be an afterthought. More and more boards are starting to use secure board portals to conduct board business because they understand the prevalence of cybersecurity risks that could negatively impact their companies. However, not all board portal service providers incorporate a minute taking software program into their portals, which means that this process may not have the same veil of security protection that their board portal has. Why is this a problem?
Lack of security is a problem because the board meeting minutes contain a plethora of important and confidential information. If this information were given to competitors, it could destroy any competitive advantage the company has. In a worst-case scenario, it could even lead to bankruptcy. In addition, cybercriminals, while hacking away trying to find an inlet into board meetings, might be able to uncover confidential reports, trade secrets or other information that they could steal or use for the purpose of extortion.
Getting Back to Basics: The Purpose of Meeting Minutes
To get a better grasp of why it’s so important to keep meeting minutes secure, it helps to get back to the basics of the value that board meeting minutes hold.
Meeting minutes offer legal protection. They prove that boards are complying with federal, state and local laws. They provide proof that the organization’s tax returns are accurate and that the company is giving the IRS their fair share of tax money.
Auditors, the IRS and the courts view meeting minutes as legal documents. Most lawyers subscribe to the notion, “If it’s not in writing, it never happened.”
While there is no universal standard procedure for taking meeting minutes, they provide an identifiable structure for interpreting how the board came to its decisions. The minutes also act as a timestamp for the date, time and location of the meeting, as well as who attended. It provides a record of conflicts of interest, votes and abstentions, as well as the actions and decisions of the board.
Much of the board’s work happens in committee meetings. Their reports are often attached to meeting minutes. This information could be gold for someone looking to use it to harm the company or its reputation.
The board minutes drive action. They provide a record of what has been done, what is being done and what needs to be done, as well as who will be held accountable for whether or not things got done. Board members who abstain or vote against the majority may be granted legal protection in the event of a lawsuit.
Information in the Minutes That Requires Confidentiality
Essentially everything in board meeting minutes needs to remain confidential. Strategic plans that boards develop may include trade secrets and competitive strategies. The board needs to protect its research and development planning, product development, marketing plans, branding strategies, long- and short-term goals, and much more to position the company ahead of its competition.
The premature release of financial reports may result in allegations of insider trading and lead to expensive and litigious investigations.
Certain portions of board meetings may be subject to attorney/client privilege at times when board members may need to meet with attorneys to discuss legal matters. If board members wouldn’t want certain information released in a court of law, they certainly wouldn’t want it released to the general public.
It is not only the most recent board meeting minutes that are at risk of being hacked. Past board meeting minutes also hold much sensitive information, which, when put together with other minutes of board meetings, could be used for criminal or unethical purposes.
How Can We Define Secure Technology?
Most cybersecurity experts agree that security means having robust IT security systems, complete with the latest knowledge in security measures. Security means taking all protective measures possible. Protective measures should include performing third-party tests and simulations to look for security gaps.
Companies need to have a plan for how to respond to a security breach and a strategy for how to communicate the breach to the masses.
Taking all possible security measures means using a highly secure software program that incorporates layers of security measures into a minute taking software program.
Minute taking software that has the highest level of security is the best defense against the potential for the content of board meetings to leak out and cause harm to your company. Information breaches cause a loss in the company’s market value, as well as reputational loss. Cutting corners on minute taking software with lax security will likely do your company more harm than good.
The IT Governance Institute recommends embracing a perspective of information security governance, as outlined in this whitepaper. Board members need to ensure that any electronic tools they use are truly secure, including software for meeting minutes. The stakes of not taking that step are simply too high.