Is your board above-average or below-average? I’m referring here to the rate at which directors lose or misplace their board hardware, so this is one instance in which you’d probably prefer that your board be ensconced at the low end of the scale.
Depending on the number of slightly panicked calls you may or may not have received from directors or management colleagues whose hardware has gone AWOL, you may be surprised to learn that almost one in three directors of boards involved in a recent study had lost or misplaced board hardware between April 2017 and April 2018. The percentages are even higher in North America than in other regions around the globe.
Shocking or not, this information comes to us courtesy of Forrester Consulting’s October 2018 report, Directors’ Digital Divide: Boardroom Practices Aren’t Keeping Pace With Technology. The report follows the consulting firm’s April 2018 study, commissioned by Diligent Corporation, to evaluate the technology used for board governance.
Directors’ Digital Divide reflects findings from Forrester’s surveys of 411 governance professionals across 11 countries in North America, Europe and Asia Pacific. Forrester found that device usage is on the rise among boards, with directors having access to a variety of governance hardware options. Fifty-nine percent of boards make their board management software available on tablets, while 54% do so on mobile phones. A full 91% of boards make their portals/board management software available on laptops and desktop computers.
Remote Wiping for Board Portals
Forrester reported that almost 30% of directors had lost or misplaced a hardware device in the previous year. Corporate secretaries and other governance professionals know that the ramifications of such losses can be significant. When it comes to cybersecurity, hardware/device loss represents a potential form of data leakage. Unfortunately, that proved to be exactly the case for approximately one in five boards involved in Forrester’s study. Twenty-one percent of the boards reported that someone had stolen a director’s personal information during the previous year and subsequently used the director’s ID to access sensitive information.
For whatever reason, it’s North American boards that experienced the highest rates of device loss/misplacement among the three regions surveyed. On this continent, 45% of directors have lost or misplaced their device. That compares to 30% of directors of European boards and 28% of board directors in the Asia Pacific region. All regions were consistent in identifying the loss of phones, tablets and laptops as their top cyber risk/digital security challenge.
Forrester found that not only are such problems occurring across all regions involved in the study, they’re also common to boards of all company sizes.
Governance professionals are inherently discreet. So, while we know there’s a spectrum of situations in which even the most worldly of directors have stepped away even briefly from an iPad, smartphone or other piece of hardware only to find it gone seconds or minutes later, we needn’t share war stories. The manner in which hardware losses or thefts occur is not at issue; what’s pertinent is how well positioned we are to respond to such situations.
With device usage on the rise, and hardware loss an issue, you can turn to Enterprise Governance Management (EGM). EGM is a relatively new term, one that refers to the use of technical tools and resources to address governance needs. Remote wiping is one form of EGM.
These concepts are illustrative of just how much both the world of governance and your almost-encyclopedic collection of acronyms continues to evolve. Could you have envisioned, when you began your governance career, that you’d one day be contemplating not only board and committee meetings, resolutions, filings and succession planning, but also remote device wiping?
What is Remote Wiping
Remote wiping is a software solution. It enables you as an administrator to delete data, including email messages, from hardware that’s gone astray.
It’s also particularly relevant in this era of cyber crime. If a board or organization incurs a cyber breach, there are several potential ramifications. You and your board will need to consider compliance and disclosure. That includes possible implications associated with General Data Protection Regulation (GDPR) requirements that can apply far beyond European borders. Such issues are independent of loss of productivity and opportunities, and reputational and other risks.
When it comes to risks, how regularly does your board consider those facing your organization? Enterprise Risk Management (ERM) and risk registers aside, do your directors ever engage in a boardroom equivalent of the “What keeps you awake at night?” conversation? In its report, Forrester identified cyber incidents, allegations of fraud or corruption, public discussion of compliance violations, and reputational risk as among directors’ greatest fears.
Forrester also found that boards ranked the possibility of an information/data breach as one of the five most critical components to achieving successful EGM. Whether or not your board has already begun to familiarize itself with EGM, the concept of board cybersecurity needs to land on your board agenda.
Raising this issue may be among the more crucial services you can do for your board and corporation or organization. Boards need to be aware that directors and those who support them are potential phishing (“whaling”) targets. As such, directors place the board and the organization at risk of a cyber breach when using personal email, text messaging and many apps for their governance communications. The same is true when governance professionals and their colleagues correspond in kind, responding to and sending attachments to directors’ personal email addresses.
Given the prevalence of laptops, tablets and smartphones as governance tools, boards also need to understand the risks of data leakage should even a single director’s hardware go astray. With the high level of responsibility placed on directors’ shoulders, your board will appreciate knowing that the organization can mitigate risks associated with data leakage.
If your directors are typical, they’ll continue to access their governance materials from mobile devices as well as their laptops or PCs. It’s the norm for them to rely on their smartphones and tablets to share documents and communicate among themselves, as well as with you and your colleagues.
This makes your board’s choice of board portal provider, and the caliber of its board management software, even more critical. With Diligent Boards™, your investment yields more than meeting management software and the secure, real-time communications afforded through Diligent Messenger. Diligent’s ISO- and TRUSTe-certified innovations, which are internationally audited, also provide a solution the next time you hear from a director whose hardware has gone missing: You can quickly mitigate your board’s cyber risks by remote wiping that hardware.
While no director will ever feel good about losing a smartphone, tablet or other hardware, your board can breathe that much easier with the knowledge that you have the capacity to mitigate risk remotely should the need arise.