Lessons for Corporate Board Members from the Colin Powell E-mail Hack

Corporate Board Member Security

It’s every company’s worst nightmare: waking up to find your confidential company information plastered across The Wall Street Journal. Salesforce was a victim of just that when Colin Powell, a corporate board member, had his emails hacked and posted on DCleaks. One email contained a confidential slide deck detailing acquisition targets being considered by Salesforce. Although this information likely wasn’t what the hackers were looking for when they gained access to Powell’s private emails, Salesforce became the latest victim of this type of cybercrime.

There were 14 potential targets on the list that included Adobe, LinkedIn, Pegasystems, Box and Hubspot. Although several of these companies, such as LinkedIn and NetSuite, were already acquired this year, many others are still available and potentially in play. Powell has accidentally leaked some of Salesforce’s growth and innovation strategy, which Salesforce’s competitors are now privy to. It’s conceivable that a competitor could use the leaked information for their own benefit and swoop in to make a deal.

Many companies have strict internal information-sharing policies, but board members often are not required to follow the same rules, even though they have access to extremely sensitive information such as earnings reports, C-suite level communications and M&A target lists. Using email or consumer-grade file sharing apps to share sensitive corporate files exposes companies to a wide range of risks, and the consequences can be dire. Public embarrassment and damaged reputation aside, board members have been named in shareholder lawsuits as a result of data breaches, and activist investors have successfully removed board members after a breach.

board-business

Board members should be taking proactive steps to better protect their sensitive information and improve online security. However, it is important to remember that the ultimate responsibility for securing the board data lies with the company. The following tips aren’t groundbreaking, but they work, and are too often overlooked and forgotten:

  • Create strong, unique passwords for any site you access. Don’t reuse passwords, especially for important applications like online banking or file storage.
  • Only use file sharing services with two-factor authentication. This means, for example, that, when you log in from a new computer and enter your password, you’ll have to enter a code before you can access the account. This will rule out consumer-grade apps with a potentially lower security threshold than enterprise-level apps.
  • Separate business and personal files. It’s never a good idea to share personal information and business data through the same file sharing service or account. Many employers have rules against storing business information in consumer-grade file sharing tools, which is why they blacklist these types of applications.
  • Monitor your accounts regularly to catch theft or suspicious activity early on and reduce potential damage. In this case, Powell was a victim of a spear-phishing attack, where hackers target individuals with personally relevant information. Always assume you could be at risk.
  • Remember that email has been proven, time and again, unsafe for sharing confidential information. If a document needs to be shared externally, ensure you are using a secure file sharing system, not email, so that if the document falls into the wrong hands nobody else can open the file.
  • Consider applying expiration dates to files to time-bound documents.
  • Be extremely prudent about where you store your data.

Corporate board members ignore cybersecurity best practices at their own peril. This goes double for board members with a high profile like Colin Powell, who can be targeted by ‘hacktivists’ for a variety of reasons unrelated to their board positions. Don’t let you or your company become the next casualty in our cyber-insecure world.

By Daren Glenister

Mark Rochester

Why Remote Migrations are Essential for Business Continuity

Remote Business Continuity We are approaching a banner year for the cloud. The COVID-19 pandemic has highlighted the importance of cloud technology to enable resilience and business continuity, and it will be a critical time ...
Marty

How cloud technologies improve innovation in the healthcare industry?

How cloud technologies improve innovation in the healthcare industry? The uptake of VPS hosting in the cloud within the heavily regulated healthcare industry has until recently been perceived as relatively slow. There is little doubt ...
Top 10 Tech Job Skills Predicted To Grow The Fastest In 2021

Top 10 Tech Job Skills Predicted To Grow The Fastest In 2021

Top 10 Tech Job Skills Predicted According to Burning Glass Technologies, the two tech job skills paying the highest salary premiums today and in 2021 are IT Automation ($24,969) and AI & Machine Learning ($14,175) ...
Gary Taylor

6 Organizational Challenges for Cloud Services

Cloud Service Challenges Organizations have rapidly come to the realization that digital cloud services make a compelling business case for helping them navigate this difficult pandemic year. The market for cloud services is expected to ...
Mark Banfield

A Seamless Customer Experience Is Essential to Success in Today’s Digital Economy

Implement A Seamless Customer Experience The need for digital interaction has never seemed more critical than it does today. As the coronavirus continues to spread, citizens around the world are being asked to hunker down ...
Anita Raj

Can the cloud handle the streaming explosion caused by the pandemic?

The Streaming Digital Explosion From the time the coronavirus forced the global community to stay at home, a whopping 16 million people have newly subscribed to Netflix, which is more than double the number the ...