Daren

Lessons for Corporate Board Members from the Colin Powell E-mail Hack

Corporate Board Member Security

It’s every company’s worst nightmare: waking up to find your confidential company information plastered across The Wall Street Journal. Salesforce was a victim of just that when Colin Powell, a corporate board member, had his emails hacked and posted on DCleaks. One email contained a confidential slide deck detailing acquisition targets being considered by Salesforce. Although this information likely wasn’t what the hackers were looking for when they gained access to Powell’s private emails, Salesforce became the latest victim of this type of cybercrime.

There were 14 potential targets on the list that included Adobe, LinkedIn, Pegasystems, Box and Hubspot. Although several of these companies, such as LinkedIn and NetSuite, were already acquired this year, many others are still available and potentially in play. Powell has accidentally leaked some of Salesforce’s growth and innovation strategy, which Salesforce’s competitors are now privy to. It’s conceivable that a competitor could use the leaked information for their own benefit and swoop in to make a deal.

Many companies have strict internal information-sharing policies, but board members often are not required to follow the same rules, even though they have access to extremely sensitive information such as earnings reports, C-suite level communications and M&A target lists. Using email or consumer-grade file sharing apps to share sensitive corporate files exposes companies to a wide range of risks, and the consequences can be dire. Public embarrassment and damaged reputation aside, board members have been named in shareholder lawsuits as a result of data breaches, and activist investors have successfully removed board members after a breach.

board-business

Board members should be taking proactive steps to better protect their sensitive information and improve online security. However, it is important to remember that the ultimate responsibility for securing the board data lies with the company. The following tips aren’t groundbreaking, but they work, and are too often overlooked and forgotten:

  • Create strong, unique passwords for any site you access. Don’t reuse passwords, especially for important applications like online banking or file storage.
  • Only use file sharing services with two-factor authentication. This means, for example, that, when you log in from a new computer and enter your password, you’ll have to enter a code before you can access the account. This will rule out consumer-grade apps with a potentially lower security threshold than enterprise-level apps.
  • Separate business and personal files. It’s never a good idea to share personal information and business data through the same file sharing service or account. Many employers have rules against storing business information in consumer-grade file sharing tools, which is why they blacklist these types of applications.
  • Monitor your accounts regularly to catch theft or suspicious activity early on and reduce potential damage. In this case, Powell was a victim of a spear-phishing attack, where hackers target individuals with personally relevant information. Always assume you could be at risk.
  • Remember that email has been proven, time and again, unsafe for sharing confidential information. If a document needs to be shared externally, ensure you are using a secure file sharing system, not email, so that if the document falls into the wrong hands nobody else can open the file.
  • Consider applying expiration dates to files to time-bound documents.
  • Be extremely prudent about where you store your data.

Corporate board members ignore cybersecurity best practices at their own peril. This goes double for board members with a high profile like Colin Powell, who can be targeted by ‘hacktivists’ for a variety of reasons unrelated to their board positions. Don’t let you or your company become the next casualty in our cyber-insecure world.

By Daren Glenister

THOUGHT LEADERS

Ronald Van Loon

Impact of Hybrid Cloud on the AI Driven Future Enterprise

AI Driven Future Enterprise The cloud is one of the quickest and most rapidly growing deployment options for businesses around the globe. With the recent ...
Marty

How cloud technologies improve innovation in the healthcare industry?

How cloud technologies improve innovation in the healthcare industry? The uptake of VPS hosting in the cloud within the heavily regulated healthcare industry has until ...
Aruna Headshot

Top Four Predictions in 2020 for Unified Collaboration

Predictions in 2020 The year 2020 promises to usher in significant new developments in collaboration and communication. It’s part of an unending climb, moving higher ...
Best Wordpress Alternatives

Managed Cloud WordPress Hosting Services

Managed Hosting Providers Managed cloud servers are becoming especially popular among startups and other small businesses concerned about Web security. Prior to managed hosting services, ...
Kayla Matthews

Addressing Third-Party Security Vulnerabilities

Third-Party Security Vulnerabilities Organizations and businesses often spend a lot of time worrying about internal security, both online and off. Infrastructure is often put in ...
Automation

The Innovation of Automation Has Fueled the Fear of Machines Stealing Jobs

Automation and Job Creation What happens when humankind makes a machine more intuitive and efficient than itself? A wake of anxiety ensues. This phenomenon of ...

Cloud Community Supporters

Isc2 Logo
Aws
Hp
Ca
Cisco Logo

Cloud community support comes from sponsorship, service opportunities and collaborative network partnership initiatives.