WEDNESDAY 21 SEP 2011 9:58 AM


Companies are jeopardising their reputation through lack of security, says a Thomson Reuters survey.

Security gaps allowing information provided to boards of directors to travel through unencrypted networks, personal computers and email accounts was revealed after Thomson Reuters Governance, Risk & Compliance polled general counsel and board members at global corporations across a variety of industries.

A lack of security in a company's communications can damage corporate reputation, because it leads to stakeholders - such as investors - doubting the ability of a business to maintain confidentiality. In February 2011 a memo from Nokia CEO Stephen Elop to the company's employees leaked, exposing the company's negative perception of their position in the telecoms marketplace and a lack of confidence in their ability to keep up with competitors.

Unencrypted board communications, board documents stored on personal computers and mobile devices, sensitive information sent via personal and non-commercial email addresses and/or available via wifi or unsecured networks were among the most common problems. Corporations also do not always account for all the computing devices board members are using to access and store their documents.

"Communications and information handling with board members represents a weak link in the chain of corporate information security," said David Craig, president of Thomson Reuters Governance, Risk & Compliance.

"Boards of directors handle some of their companies' most critical and sensitive information, including business strategies, discussion of executive hiring and compensation, legal issues, internal investigations and more.”

Craig also said that board information is at risk of loss, theft and exposure because many board members are outside directors who operate outside the corporation’s strict internal security policies.