Welcome
Tech & Telecom Law News

Corporate Boards Face Cyber Test as Covid Forces Meetings Online

June 15, 2020, 10:04 AM

Corporate boards forced to move meetings online during the coronavirus pandemic are trying to guard against cyberattacks with secure communication platforms and instructions for members on notetaking and eavesdropping.

Boards are gravitating to platforms such as Cisco Systems Inc.'s Webex, LogMeIn Inc.'s GoToMeeting, and Microsoft Corp.'s Teams, according to directors and consultants. Nasdaq Inc. has added 2,000 customers over the past few months for its board platform that offers secure messaging and presentation aids, the company said.

The move has forced corporate leaders, often better at networking in-person than virtually, to burnish their technology skills. “Everybody’s online now, including the board,” said Bob Zukis, CEO and founder of the Digital Directors Network, which advocates for corporate governing bodies to add technology experts to their ranks.

Boards are building security into online meetings because the items they discuss, like layoffs and government loans, make them attractive targets for hackers. That’s driving demand for digital portals such as Nasdaq’s and one from Diligent Corp., which offer secure means for discussions and document sharing compared with more-easily-compromised apps.

“Companies are scrambling to make sure they have these tools,” said Dottie Schindlinger, executive director of Diligent’s research arm, the Diligent Institute.

Using video platforms, instead of gathering around a board table behind closed doors, raises new questions for how directors conduct meetings.

For example, because the technology easily allows recording, should boards capture their meetings? Lawyers advise against it if meetings haven’t been recorded in the past, Schindlinger said.

Boards have been leaning on in-house cyber teams and outside consultants to answer such knotty questions and to help them monitor security.

Before the pandemic, directors typically met six to eight times a year, with scheduled sessions throughout the day and dinners at night. Now boards and management are interacting more frequently to address Covid-19-related crises, said Claudia Allen, a senior adviser at consulting firm KPMG’s board leadership center.

That trend of virtual check-ins between meetings may stick around post-pandemic because it has worked so well, Allen said.

Eavesdropping

Directors participating in board meetings from their homes have to worry about a threat the boardroom didn’t present—eavesdropping.

Company executives used to warn board members against taking calls in airports or other public places when discussing sensitive topics. Now they are telling home-bound directors to go to a separate room or wear headphones to prevent family members or others from hearing confidential discussions.

Companies are also giving board members dedicated tablets or other devices for work so they can avoid using their personal computers.

“I’ve always kept my information for board meetings on a separate device,” said Judith Craven, a physician who sits on a mutual fund board for American International Group Inc.

Craven said her grandchildren sometimes ask to use her computer. “That’s not the computer I want them to have access to,” she said.

Cyber Culture

The virus has been “a wakeup call” for boards to evaluate their makeup and consider adding at least one member with high-tech expertise, said Kelly Bissell, who leads Accenture Security globally.

“One problem a lot of boards struggle with is they’re not experts in cyber,” Bissell said.

Only about a quarter of boards for U.S.-listed companies with more than $1 billion in revenues were deemed “digitally savvy” in a 2019 study by the MIT Sloan Center for Information Systems Research.

Members may want to create a technology-focused committee on the board, said Nicholas Donofrio, a 44-year IBM Corp. veteran who sits on the governing body of the National Association of Corporate Directors. Donofrio said he helped create a board technology committee at Advanced Micro Devices Inc. and chaired one at Bank of New York Mellon Corp.

Only 11% of S&P 500 boards have a technology committee, and fewer than 1% have a cybersecurity committee, according to 2019 research by MyLogIQ.

Board Portals

Some directors are avoiding online platforms they view as having insufficient security protections, such as Zoom Video Communications Inc. Organizations, including Elon Musk’s SpaceX and Tesla Inc. and New York City’s Department of Education, banned usage of Zoom early during the pandemic because of privacy flaws the video platform has since pledged to resolve.

“The board meetings I’ve had aren’t on Zoom,” said Eileen Kamerick, a director at Associated Banc-Corp., Hochschild Mining Plc, and two other boards. “The ease of using a platform is always directly correlated to how easily it’s hacked.”

Boards are urging directors to avoid using their personal email accounts, which could be more vulnerable to phishing or other attacks than company-provided email addresses.

Such advice may be needed. More than half of directors have communicated about board matters using their personal email, according to a 2018 survey by Diligent Corp.

“Boards are dealing with highly sensitive and confidential information,” Michael Bartels, global head of Nasdaq’s Governance Solutions, said.

That’s why Nasdaq’s board portal has seen increased demand during the pandemic, he said. “They want to have the security to feel comfortable.”

For boards that can’t meet in person, and aren’t comfortable using online platforms, there is another option, according to the National Association of Corporate Directors.

Some directors, the association says, have been holding their most sensitive conversations over the phone.

For additional legal resources, visit Bloomberg Law In Focus: Coronavirus (Bloomberg Law Subscription)

Related documents: https://www.bloomberglaw.com/product/health/page/infocus_coronavirus

To contact the reporter on this story: Andrea Vittorio in Washington at avittorio@bloomberglaw.com

To contact the editors responsible for this story: Keith Perine at kperine@bloomberglaw.com; John Hughes at jhughes@bloomberglaw.com

To read more articles log in. To learn more about a subscription click here.