Is a Board Portal Secure?
By Mark Anderson, CEO/CFO | Posted December 4, 2017
Board portals are designed to give directors secure, electronic access to the information they need to prepare for meetings and fulfill their other responsibilities. But are they really secure? Do they provide a safe environment where directors can view agendas, minutes, financial data and other sensitive information? Can they keep information from being accessed, altered and exploited by unauthorized users?
These are all good questions to consider, especially given the increasing frequency of data breaches and cyber attacks. Major companies have been attacked, exposing highly sensitive information about customers, employees, business partners and strategic corporate initiatives. Even government agencies have been hit by hackers.
A key issue around data security involves preventing the unauthorized access, loss or corruption of an organization’s information assets. A critical part of data security involves protecting the availability, confidentiality, integrity, and authenticity of information assets. Imagine how detrimental it would be for a company’s strategic initiatives or proprietary information to be accessed by unscrupulous people. Or think of the potential damage that could be caused if a customer’s health records, financial data and other personal information ended up in the wrong hands.
Realistically speaking, I know full well there’s no guarantee for achieving 100 percent security. But there are different levels and types of security, and organizations can take steps to secure their information as best as they can. Thankfully, a board portal has built-in features to minimize the chance of data breaches and security incidents.
The following are examples of how board portals incorporate different security measures to protect information.
In a sense, password protection is the first line of defense when it comes to keeping data safe inside a board portal. Requiring users to log in with a valid password helps to ensure that only authorized people can view the information inside the portal. It also enables directors to confidently log into the system and access the data they need to perform their duties. But it’s important for directors and other users to create strong passwords—generally those containing at least one capital letter, character and number—that other people can’t easily guess.
A board portal also offers a level of security through the use of encryption technology. Essentially, encryption places a protective hedge around data while it’s being transmitted or stored inside the portal. With encryption, the information is written with a special code, and it can only be read by authorized individuals. More technically speaking, data is encrypted using an encryption algorithm and an encryption key. This process generates ciphertext that can only be viewed in its original form if it’s decrypted with the correct key.
Encryption has broad applications. It can be used to protect data being transmitted from all kinds of devices across all sorts of networks—not just the Internet. Whenever someone uses an ATM or makes an online purchase, makes a mobile phone call or even presses a key fob to unlock a car, encryption helps to protect the information being relayed.
Control of Documents
A board portal has built-in features that give directors better control over the integrity and authenticity of information. For instance, permissions, workflows and approvals can help keep track of documents. And all of the original documents within the portal are version-controlled. This means that revisions to all documents are captured and the previous versions of the information is permanently retained for future reference. This extra security measure reduces the risk of the original information getting lost. A board portal also keeps a record of who accessed which data and revised specific files.
Best Practices and Education
The security of a board portal is only as good as the practices in place to protect it. Security is about following guidelines and procedures—and making sure all users take personal responsibility to protect their organization’s sensitive data. So it’s up to organizations to educate board portal users about how to minimize the risk of a security breach by correctly using passwords as well as log-in/log-off procedures. These basic practices alone can help prevent a number of potential problems.
Actually, the digital nature of a board portal automatically adds an element of security because there are no hardcopies to get lost in the mail or stolen from a brief case. And if a laptop or tablet containing board materials is ever stolen, administrators can use remote wiping to erase the data from the device. Of course, the best-case scenario is to keep mobile devices physically secured and away from the wrong people. Likewise, servers and network equipment should be kept in restricted or locked rooms to create a well-managed, host-based security solution.
Obviously, safeguarding information, software and hardware can be a challenge for organizations. Board portal security isn’t a single undertaking. It requires an ongoing effort from everyone involved to ensure that the information within the portal remains available, private and secure. But the more steps organizations take to maintain good security practices, the less risk directors will have when using a board portal.
|Previously:||Why Get an Intranet?||Next:||Are You Capitalizing on the Best Features of Your Enterprise Content Management System|