Minimising the virtual meeting risk: Five practices boards should avoid
(Sponsored article) Months into the COVID-19 lockdown, remote workers—and board members — have become more accustomed to virtual meetings. Many have managed to find a quiet place in the house, mastered the mute and camera buttons, and may have even styled their background bookcases and ‘Zoom couture.’
Yet as virtual work becomes a way of life, not all new habits are cyber safe.
As some board members turn to personal email, apps and devices, board materials and communications have become more sensitive than ever, discussing cash flow strategies, executive compensation plans, health and safety issues, and more.
Here are five common risk scenarios—and digital tools that can strengthen protection.
1. Texting during virtual meetings
A gesture, a glance, a quick aside. During in-person meetings, attendees have a host of non-verbal tools at their disposal — many which don’t fully translate to the two-dimensional grid of a video call.
Barring these cues, many board members have resorted to text messaging to ’raise their hand’, pose questions or have sidebar discussions. But what seems efficient can actually be dangerous.
What if a sensitive message ends up with the wrong person? With autofill and board members’ extensive address books, the possibility is all too likely.
How would a private chat hold up in court? When board members use personal channels, all their text messages could be considered discoverable should a company come under litigation.
Instead of texting, consider a secure messaging platform that provides a dedicated communications channel for one-on-one exchanges and group conversations. Throughout, the company secretary has full power over whether to retain, delete or wipe messages clean.
2. Emailing confidential board materials
Email communications are similarly on the rise for COVID-19 era boards. With the shift to virtual meetings, governance teams are defaulting to Outlook, Gmail and beyond to assemble PowerPoints, edit agendas and more. It’s familiar — but not as secure or efficient as one might think.
Consider:
- What if these materials end up in the wrong inbox? As with text messages, it’s all too easy to send a sensitive email to an unintended recipient — particularly when typed in a hurry. And popular tools for personal email often lack the stringent safeguards, like encryption, which is a baseline for securing board communications today.
- Are you working on the most current document? Asynchronous communications like email make version control challenging and real-time collaboration next to impossible.
Instead of email consider secure meeting tools that can provide boards with a dedicated channel for sharing, assembling and collaborating on sensitive materials. The company secretary or general counsel can extend specific permissions to legal counsel, auditors, consultants and other relevant parties.
3. Conducting evaluations on unencrypted platforms
Throughout the COVID-19 pandemic, critical issues have arisen for board voting. At the same time, open, honest evaluations — particularly around sensitive topics—have become more important than ever. To keep these important processes moving, many nominating/ governance committees have been moving them online (using SurveyMonkey, Google Surveys and other unencrypted platforms).
However, what if confidential vote, questionnaire or evaluation data was breached? What would be the impact on company and board member reputations, shareholder perspectives and more?
Instead of unencrypted platforms: Keep board evaluations, D&O questionnaires and confidential votes out of the hands of hackers by conducting them securely through a dedicated platform.
4. Unprotected video conference links
It’s easy to control access to a physical boardroom via locks, electronic key cards and gatekeepers. Not so with a video conference platform—just click a link or dial a phone number and access code, and you’re in. Yet both types of boardrooms are places where directors convene to discuss and debate sensitive topics.
Remember that when video conference links are shared in email, they can easily be forwarded or intercepted. If this falls into the wrong hands, the consequences could be dangerous. You may have more attendees on your virtual board meeting than you planned for.
Ensure you are aware of everybody who’s dialed in. Especially on calls with many participants, uninvited guests may be hard to detect — particularly if they’re on audio-only or the camera is off.
Instead of unsecured video links consider the calendar feature in board management software, which provides company secretaries and board members a secure channel for sharing links.
5. Failing to prioritise data security
In a global pandemic, boards and management teams are receiving regular updates on employee health, which often include sensitive medical data.
How is your organisation taking extra steps to protect this data? Are you meeting regulatory standards related to GDPR or HIPAA laws? Most boards will need to bring their processes and protocols up to speed. If this data was intercepted—or if an email was accidentally forwarded — could the board prove that it had taken all steps necessary to protect this sensitive employee medical data?
Instead of unencrypted data, a secure, encrypted governance suite protects sensitive information as it flows to and from the board — and enables secure collaboration across the organisation.
Diligent’s suite of governance solutions adheres to the highest security standards, including 265-bit encryption, remote locking and two-factor authentication. And it’s all backed by industry-leading support, including 24/7/365 concierge-level employee support with unlimited user training.