Board security: The vital role of board portals for board security

The work of boards of directors has always entailed very high responsibilities: the pressures are constant, the tasks manifold, and board members are expected to supervise processes continuously, accurately, and in an up-to-date manner. 

Currently, the bar of expectations is higher than ever. The instability of the contemporary world is reflected in the markets, accepting, and even multiplying, the already pressing challenges of the past: the geopolitical framework exposes business to unprecedented uncertainties, social and environmental issues are becoming more and more pressing, and the processes of corporate digitisation pose new and specific questions of corporate governance adaptation.

In this context, the issue of process security for boards plays a prominent role. This is especially true after the disruptive technological changes introduced during the pandemic, which suddenly hit the boards — in most cases there was not enough time for a mature and considered evaluation of the tools that were implemented. Having gotten past the crisis, it is now necessary to understand board security and how it can be guaranteed on an ongoing basis. This is done without increasing the board’s workload, but rather by protecting it, simplifying its tasks, making it more efficient, and providing it with truly effective and reliable tools. Not only in the present, but also in the future.

Current data shows that when it comes to security, the stakes are very high. The good news is that the road to solutions is already open. There are dedicated and specific technological tools that take the crucial role of the board of directors for corporate growth and competitiveness very seriously. 

This is where the role of the board portal comes into play, and its intimate relationship with the pressing issue of safeguarding business processes and board health. In all their aspects. First and foremost, the issue of meeting security.

Let’s start with introductions. A board portal is a digital tool designed specifically for boards of directors, facilitating collaboration between board members in an efficient and secure manner, and in compliance with regulatory standards. Board portals help simplify and protect board meetings at all stages of the meeting process: during preparation, during meetings, and in the subsequent feedback and follow-up phase.

A board portal centralises all processes related to the board’s activities in a compliant and secure manner. This means that board security is fully ensured, avoiding improvised or last-minute solutions that would entail very serious reputational, economic, and legal risks to the maintenance of business continuity. 

But what, specifically, are the main components that make a board portal a real lifesaver for board and company security?

The three pillars of board security: Security, confidentiality, and compliance

IT security

Given the growing and tangible costs of data breaches, the relationship between security and business risk is now high on the agendas of boards of directors. Cyber-attacks increased exponentially during the pandemic, as a consequence of the extension of the corporate attack perimeter, dictated by hybrid and remote forms of work. To give an idea of the surge in threats, sources noted a global volume of cyber-attacks increased by 238% in 2020 alone.¹ A trend that has continued to move upwards.

Data has shown that a change of gear is necessary. This was reiterated in a recent report by Fortinet (2022), which surveyed 1,223 managers of as many companies in 29 countries, exposing clear shortcomings in the self-protection systems of public and private systems worldwide. More than two thousand serious cyber-attacks were recorded globally, a 10% increase over 2020.² In the past 12 months, 80% of the companies surveyed admit to having suffered a cyber-attack. And another 40% claim to have suffered break-ins that cost companies more than $1 million. The title of the report is indeed telling: “2022 Cybersecurity Skills Gap”.

A board portal responds in a timely and specialised manner to the security gap identified by the most authoritative international sources, and to the serious call to provide state-of-the-art solutions for computer data security. Companies and their boards are obviously considered frontline actors in this call to arms.

On this point, the board portal presents itself as an irreplaceable ally. One of its main advantages is the protection of the corporate attack perimeter, centralising functions in a technological tool that is “aware” of the various aspects related to board security, and therefore armoured: both from external incursions and from the accidental leakage of data and confidential information.

In fact, a centralised solution makes it possible to cut down on the use of a multitude of cross-functional tools, which risk opening dangerous breaches in processes: think of the use of email, PDF documents, online platforms for video conferencing, collaborative platforms in the cloud. All routines that encourage undue incursions, exposing companies to crime and attacks on computer data security. The improvised use of different types of tools also leads to a sub-optimal and compartmentalised organisation of work, with a serious risk of loss of information.

A board portal, on the other hand, guarantees secure access to the software, through dual authentication mechanisms and by establishing different degrees of accessibility to documents. Information shared with board members is thereby traceable, keeping materials controlled and confidential. 

The watchword for board security before, during and after the meeting: confidentiality.

Confidentiality

Deficiencies in the confidentiality of materials, and thus of processes, represent a major vulnerability in board security. And the company secretariats are well aware of this. Before a board meeting, a preparatory phase for the documents to be discussed is indeed necessary. These documents often arrive from different offices and at different times. The board members must then be notified of the convocation to the meeting, and their attendance managed and validated. Each participant needs to read the materials in advance in order to adequately prepare for the topics on the agenda.

The board members must then be notified of the convocation to the meeting, and their attendance managed and validated. Often the submission process is driven by tight deadlines and the use of very different technologies: word processing software, personal email accounts, messaging systems, virtual clouds for sharing information.

Given the multitude of tools, document security risks abound. As the number of people and tools involved in the organisational flow increases, so do the risks of unauthorised access to systems and leakage of sensitive information. This jeopardises the secrecy and integrity of information managed by the board of directors, the true heart of corporate progress and health. With the multiplication of channels involved, establishing responsibility in the case of attacks on computer data security is very difficult. 

This compromises integrity of the entire process, with a direct effect on the credibility of the board as a whole.

And this only for the pre-meeting process. The next phase of the Board Meeting, including its hybrid and remote forms, must also be considered. Improvised access to documents, the presence of paper materials, different versions of sheets and files due to mistakes and last-minute corrections pose further critical issues in terms of document security, and more. Not to mention the audio and video sharing of meeting materials and confidential information, in the absence of protected tools and prior verification by IT specialists. 

And finally. Computer data security risks also occur in the concluding phase of meetings, such as when approving meeting minutes and voting.

The board portal is able to ensure concrete help and secure corporate affairs, because it allows full control over the material distribution process to be maintained within a secure and encrypted platform that is accessible only to authorised users. This cuts down on the massive reliance on email, with the typical risks of errors in forwarding, or important documents getting lost in the mail. Such a tool ensures the security of IT data, and the safeguarding of board activities within a compliant regulatory framework. Compliance constitutes the pillar of board security.

Compliance

The role of the board of directors is also crucial in assessing the adequacy of the organisational structure from a legal perspective. Therefore, the topic of board security must also be addressed in its legal and compliance aspects.

This is significant, because compliance with legal requirements, despite its importance, is typically not the first topic that comes to mind when discussing security. Nor is this crucial aspect brought to the foreground when considering board responsibility. This oversight constitutes a potential source of corporate liability. 

Undoubtedly, cyber data security legislation is a fundamental reference point through which the board of directors can adopt appropriate organisational arrangements to prevent and minimise the impact of cyber-attacks or incidents. It follows that during the process of choosing a provider for a board portal, regulatory compliance should be considered not only with regard to the company concerned, but also with regard to the evaluated provider. When a high level of IT data security is required, the location of suppliers is an essential criterion for assessing the level of compliance.

It is very important to understand what data protection legislation the provider is subject to, especially with reference to the European Data Protection Act (GDPR) and the US Cloud Act. Compatibility problems between the two regulations can expose companies to major risks: while the GDPR aims to protect data protection for EU citizens, the US Cloud Act allows authorities to access the data of US cloud service providers, including data stored abroad by their subsidiaries.

Therefore, for a European company an ideal board portal should ensure compliance with the European GDPR, while at the same time not being affected by the US Cloud Act. This is the case with the service provided by Sherpany. Being based in Switzerland, GDPR-compliant archiving is ensured without risk of conflict with overseas legislation.

Cloud hosting is offered in Swiss data centres that meet the highest standards of computer data security. In addition, Sherpany offers its customers a dual strategy, combining the advantages of a private cloud with data storage at the company itself (hybrid cloud). For a company and its board, it means avoiding fines of up to EUR 20 million due to compliance conflicts. This is also part of board security.

Another aspect of security: The importance of synergy between tools based on analysis

As mentioned previously, since the beginning of the pandemic, many board meetings have made use of a variety of tools. We have talked about the risks associated with the multiplication of these systems, but some of them have become fully embedded in business practices.

One example is MS Teams, which in many contexts is considered a sufficient tool to support all aspects of meeting management. In reality, however, this approach exposes the company to significant risks. On closer inspection, Teams is a platform that was created for other purposes, and adapted in the emergency phase to cover a number of functions outside its original scope. Such a platform can conceivably support collaboration around pre- and post-meetings. However, it cannot be considered a well-prepared solution for what may happen in the heat of board meetings, as it does not provide ad hoc productivity and safety functions for formal leadership meetings. What can be done? 

Suggesting the adoption of a board portal, and assessing the suitability of the various tools already in place, does not translate into the uncritical elimination of all existing solutions. Assessing the suitability of a tool means first of all examining the possibility of a virtuous integration between the systems, and exploring the possibility of synergy, while keeping board security and process efficiency as top priorities. In this sense, good software designed for the management of formal meetings should allow smooth collaboration with MS Teams, while respecting the valid functions but correcting those involving procedural approximations and security problems. 

Sherpany is an example of how the maturity of a specific tool for formal meeting management can support board meetings - not necessarily as a substitute, but rather as a partner of Teams and its more “generalist” functions. The importance of collaboration also emerges at this juncture: if health and efficiency in meeting management is truly the objective, there are no incompatibilities of principle. Rather, there is a commonality of purpose based on a rational analysis of risks and benefits. For truly state-of-the-art board security.

¹ “2022 Cybersecurity Skills Gap”, Fortinet Report, 2022.
² Ibid.

Aura Tiralongo

About the author

Aura Tiralongo is a professional writer with many years of experience, and a Lecturer at the IULM University in Milan. At Sherpany, she works as a Content Manager, conducting interviews and writing in-depth reports for the Italian market.