Technology in the Boardroom: Why a Board Portal Is Not Enough

Nicholas J Price
The use of board portals has grown swiftly since the PC-based versions came on the market in the year 2000. Electronic tablets were invented around the same time, but didn't become popular until later in the decade. The tablets' larger screens made it far easier to use them than to use cell phones with their tiny screens for busy board directors who wanted to conduct board business on-the-go. Tablets also made a nice complement to board portals, giving board directors an electronic platform where they could perform their board duties using a touchscreen that was finger-friendly.

Today, about two-thirds of companies generating over $1 billion can't get by without the use of a board portal. Smaller companies are realizing the benefits of board portals as well. Companies with revenues from $100 million to $1 billion now use board portals every day. Portals are gaining in popularity for nonprofit organizations as well. On the whole, there's a lot to like about board portals because they're efficient, mobile and, depending on the service provider, some of them are highly secure.

Unfortunately, board portals don't perform all of the duties that board directors need them to. So, even if their board portal is highly secure, board directors may be using other electronic tools that aren't as secure — and that can be a very big problem. However, that's not the only problem. Many board directors know so little about how technology works that they might not know whether the electronic tools they're using are secure or not.

Cybersecurity is a rapidly moving field. Even the top cybersecurity experts often have trouble staying ahead of the hackers.

A highly secure board portal is sufficient for board meetings. However, many of a board director's duties need to take place outside a board portal. Board directors of today need to have a good understanding of technology and security, and how they relate to the other electronic tools they use.

Boards Need Directors With Technical Expertise

The fast pace of technology creates the need for closer working relationships between board directors and managers. A 2017 global survey by Gartner showed that 47% of board directors were challenging their CEOs to make progress in digital business.

Nearly every business uses technology in one form or another. In many cases, technological advances have greatly outpaced board directors' knowledge. Boards of directors are responsible for mitigating risks and planning the direction of their companies regardless of how much technical prowess they have. As a result, it has become vital for board directors to seek the assistance of board directors who understand technology and cybersecurity risks.

The newest wave of technology is machine learning and artificial intelligence. In the very near future, board directors may be using IT and AI technologies right in the boardroom to help make decisions about mergers, acquisitions and other important matters.

Some boards are solving their need for technical knowledge by recruiting one or more board directors who have expertise in technology. Another trend is for boards to add a technology committee that takes responsibility for gathering information on the latest technological advances and reports back to the board.

Technical Vulnerabilities With Electronic Tools

Learning that a computer technician could take control of your mouse and computer to help fix a problem or rid your device of viruses brought great delight to many computer users. Yet, it's this same technology that allows hackers to take control of a camera in a conference room and to take screen shots of trade secrets on confidential financial reports or other privileged information. Hackers can read your lips or listen to your audio. Their software programs are so sophisticated that H.D. Moore, Chief Security Officer at Rapid7, performed a simulation hack and was able to zoom into a conference room closely enough to detect grooves in the wood of the conference table and a small animal burrowing itself in a bush across the parking lot.

While shaking your head in utter amazement, you might be asking yourself how the hacker got past the videoconferencing equipment's security system. Most of today's videoconferencing equipment runs on internet protocol. Because its primary function is to make sure that meeting participants can see and hear each other, product developers of videoconferencing equipment placed the heaviest focus on audio and video clarity. Security isn't as robust as it could be in many units.

Security Enhancements Must Be Present and Working

Newer units have enhanced security features that will block the camera, mute the sound, or ask for a password. Unfortunately, unless the equipment is set up as it was intended, security features may provide a false sense of security. These features only work if administrators set them up inside the protection of the firewall. However, many administrators find it simpler and easier to set up the equipment outside the firewall, which means there's no protection at all.

Some of the newer systems were designed so that inbound calls could come in silently and automatically. Without proper security in place, hackers may be attending board meetings as silent guests without anyone being aware of it. Moore further demonstrated this laxness in security by writing a program that scanned the internet for videoconferencing systems operating outside firewalls that also automatically answered calls. He discovered 5,000 wide-open conference rooms within two hours.

Axis Bank of India
made headlines recently when analysts and employees prematurely released financial numbers in group discussions on the messaging app WhatsApp. WhatsApp, and other apps like it, were never designed for the confidential nature of board business. The security features are simply not up to par.

New electronic tools are making their way into boardrooms across the country. Board directors are using electronic applications for messaging, voting, D&O questionnaires, director evaluations, minute-taking and more. Board directors are using electronic apps and devices for risk solutions, compliance solutions and governance solutions of many kinds. All of these apps and solutions must have robust encryption and security of their own or be covered under the security of another product.

Most boards have figured out how helpful it is to use a board portal. Wise board directors also know that they must choose a board portal for its strength of security as well as its breadth of features. Board directors need to consider the safety and security of all the tools that they use inside and outside of the boardroom. They also need to be mindful of setting up equipment, making sure that all security enhancements are working as the manufacturer intended.

Finally, boards need regular access to people and information that will help them mitigate risk and ensure that what goes on in the boardroom, stays in the boardroom.  

What is the Governance Cloud?

Board directors are obligated to perform a host of varied duties and responsibilities. Diligent developed a suite of tried and true governance tools to help them fulfill their responsibilities accurately and efficiently. The Governance Cloud ecosystem of products includes: As board directors continue to express their needs to digitize governance processes, Diligent will continue to expand to meet these needs. Collectively, these tools enable corporations to achieve a fully digitized and integrated governance ecosystem to mitigate risk, plan for strategic growth and ultimately, govern at the highest level.
Related Insights
Nicholas J. Price
Nicholas J. Price is a former Manager at Diligent. He has worked extensively in the governance space, particularly on the key governance technologies that can support leadership with the visibility, data and operating capabilities for more effective decision-making.