Does your board need a security overhaul?

The extent to which boards are owning up to the risk management challenge at their companies has been an issue as of late, as more boards ponder whether they are doing enough. A recent survey by an internal audit organization of 141 heads of internal audit found that nearly one-third said their non-executive directors' scrutiny of risk management was inadequate.

This has long been an issue, so perhaps we should not be surprised that corporate boards are anything but information fortresses when it comes to the work that directors regularly undertake. Research by Thomson Reuters has found "that information provided to members of corporate boards of directors is often in unencrypted email accounts and computers, or otherwise provided in forms that are easily lost, misplaced or stolen," notes Security Technology Monitor.

The big issues include unencrypted board level communications, sensitive documents stored on home computers, information stored on mobile devices, information sent via personal email, board information accessed via unsecured networks. Recall that in February, the Nasdaq OMX Group's Directors Desk service might have been compromised. The service is used by more that 10,000 directors of corporate boards, who use it in part because it touts that they wouldn't have to worry about security issues. But suspicions were raised recently when some odd files were discovered in the system. Perhaps more boards will soon start pondering these issues.

For more:
- here's the article

Related article:
Time to revisit segregation of duties?   
Are you prepared for new security threats?