Cybersecurity and risk are among the top concerns of boards. Boards of directors have access to some of the most confidential material a company owns. As the pandemic presses on, the pressure on IT teams to safeguard data even as executive teams work remotely has never been greater. Many boards are seeking ways of information sharing and collaboration that reduce risk of rising cyber attacks.
The best means of protection is to be practical, proactive, and selective in choosing your board portal software. When it comes to protecting your organization’s information, vetting technology partners to ensure they meet the highest security standards is imperative – from data storage to transit and access.
To help IT teams compare and evaluate board portals, we’ve provided a step-by-step checklist on the key areas of board portal security.
Secure board portals use dedicated, secure cloud servers so they are not prone to hardware issues. Vendors should be managing the data security and encryption of their software and systems exclusively, and not sharing with other tenants.
Review the Service Level Agreement (SLA) uptime guarantees, how often servers are monitored by security personnel, and disaster recovery capabilities.
There are two central types of encryption: how data is stored when no one is accessing it (at-rest encryption), and how data is encrypted when it’s sent from the server to a device (in-transit encryption). Choose a board portal with RSA 4096-bit encryption for data in transit and AES 256-bit encryption for data at rest.
Typically, organizations seek to store their data within their country, such as Canada or the United States. Secure board portal software solutions allow you to choose where to store your data so they align with your data governance policy. Beware of vendors who do not provide a choice in where your data is located and who only meet the legal jurisdiction of where they select your data to be stored.
Board portal software should be subject to rigorous third-party testing to ensure it meets the various agreements and compliance certifications, including ISO 27001. If your organization is highly regulated such as healthcare or a federal agency, you’ll also need to ensure the board portal is compliant to relevant industry standards, such as HIPPA or FISMA.
Check that the board portal technology meets the following certifications:
Server security alone is not enough to safeguard data. Your board portal technology needs to control how people access and use information to ensure that your data stays within the virtual board portal environment.
Features to help control user access should include:
One of the first ways to protect sensitive board material from a user perspective is to ensure the use of robust passwords. Your board portal software should encourage use of strong passwords with features such as:
Board portals with high security standards have no prior data breaches as well as comprehensive communication protocols in place to deal with one in the event that it should occur. As part of your board portal evaluation, ask your vendors if they’ve had any data breaches and how they would deal with potential problems if they arose.
Aprio protects board members from cybersecurity risk as they work, balancing convenient, mobile access to board meeting materials with the most robust technical methods to continuously protect your organization’s data.
We adhere to the industry’s highest level of security protection and provide layers of advanced security features. Choose to store and protect your data on any of our secure Canadian, US or international servers – which each adhere to independent, third-party requirements for security certifications. Arm your team with the power to control user access, guarantee compliance and remotely wipe lost or stolen devices.
Ready to see how Aprio protects your organization’s data while providing convenient access to board materials? Book a demo today.
Suite 1090, 1090 West Georgia Street
Vancouver BC Canada V6E 3V7
Suite 450, 1733 H Street
Blaine Washington USA 98230