Common Sense Steps to Board Portal Security

When entrusting important information to a third party, like a board portal platform, it is imperative that you are sure that party has robust board portal software security policies and practices in place and all of the necessary industry certification pertinent to document security. But beyond a critical security environment, what else should you be aware of?

Let’s start by acknowledging that as end users we aren’t security experts and probably never will be. But there are some basic board portal software security principles you can be aware of and put into practice.

1. Strong Passwords

From a user’s perspective, security starts with a robust password. The password utilized should be unique to the app and known only to you. Jeanette Thomas, Govenda Chief Technical Officer, explains, “People would like it if you could just use 1-2-3-4-5-6. However, since this is sensitive board material being viewed, there has to be a trade-off between how difficult the password is and how easy it is to enter.”

2. Data Encryption

Board portal software should allow you the convenience of downloading board books and other collateral material to view off-line but maintain that data in an encrypted state. This means the only way you can view the information downloaded is through your portal app. If your iPad or laptop is stolen, the thieves will never be able to access your sensitive board material because they won’t know your portal password. BoardBookIt’s encryption allows for ease of usability while maintaining stringent board portal software security.

3. Automatically Log Off Idle Users

Thomas points out that another important board portal software security feature is an auto log-out function. “You don’t want someone to be able to pick up your iPad and see your information,” if you had previously signed into the portal. Each user will need to find their own level of comfort with this feature because there may be a time when you’ve had a conversation during a meeting and attempted to go back to your board book only to find you’ve been logged out if you don’t have your auto sign-off set high enough. Govenda allows you to set the time before you’re logged out of the app up to 100-minutes, providing what most board members find as an acceptable compromise between convenience and security. Thomas adds “It would be easier for most board members if they were never logged out, but from a security standpoint that’s not acceptable.”

4. Tiered User Management Permission Configuration

Board portals can further strengthen their security by allowing different tiers of access, ensuring committee members and directors see only the information to which they are entitled. It does no good to have a strong password and an app that logs out users after non-use if anyone can see all of your board materials once they gain access to your portal. Govenda allows for groups, committees and boards to see as much, or as little information required.

In practical terms, this means that a junior member of your marketing committee will never have access to the sensitive material accountants and Vice Presidents need on your financial committee. It also allows for small groups of one or two members, so your senior administrator and CEO can share reports that aren’t ready to be viewed by the entire board. When groups and committees are used correctly in Govenda, or any other board portal, your directors will have access to all the information they need to effectively perform the functions of their job but not to other, more sensitive material.

5. Preservation of Recorded Data

The integrity of your board books, committee reports, documents, etc. must also be considered. Govenda allows only for PDF documents to be stored within the portal. This is important because the information being used can’t be changed and fraudulently distributed. It may seem convenient to allow access to Excel or Word documents, but this is one place where you should carefully consider the balance between accessibility and security.

6. Data Center and Server Security

Finally, it’s vital to consider what information can be viewed by the company maintaining your server and database. Documents should all be encrypted even in the databases where they are stored, ensuring only appropriate people can view those documents. In the event of a server being hacked, this also prevents thieves from viewing your secure data.

7. Decoding Levels of Board Portal Software Security

Thomas sums up the concept of board portal software security, saying “there’s security from an access standpoint, there’s security at rest (that’s the documents and files in the database), and then there’s security in transit; careful consideration of the security at all three of these levels is crucial to properly maintaining stringent data protection.”

Common Sense

Of course your board portal software can have all the security in the world, encompassing biometrics (something Thomas says Govenda is vying for future updates); 14 digit passwords using combinations of letters, numbers and characters; multiple levels of access and an encrypted database, but it won’t mean a thing if your directors don’t use simple common sense. It’s a good idea to remind your users from time to time not to leave their iPads or laptops in cafes or hotel lobbies and to wait to review sensitive material until their out of public view so someone can’t view your new marketing plan or loan application over a member’s shoulder.

Board Portal Software Security Done Right with Govenda

Done right, a company can maintain the board portal software security and integrity of the information they share with their directors while providing a modern, convenient platform that provides quick access to all the data needed. To find out how Govenda can help your company provide a secure, simple portal schedule a demo with us today!

Interested in learning more? Click here to download our handy checklist, The First Ten Questions To Ask When Considering a Board Portal.