The dangers of using email for board business
A simple email can put your organisation and its financial stability at risk. Consider this scenario: Every board member receives an email, which appears to come from the board secretary. The email was personally addressed to each board member. The message asked the board members to open an attachment for information about the upcoming board meeting.
Unfortunately, two of the board members opened the link and unwittingly downloaded malware that infiltrated the organisation’s email system. Through the malware, a hacker was able to steal passwords and other sensitive information, including bank account numbers, employee social security numbers and other financial data.
Email is a ubiquitous business tool, but it’s also a potential avenue for hackers to exploit your organisation’s vulnerabilities. In addition to security issues, using email for board work has other disadvantages. Administrators have no way to know if board members have received the information they’ve sent or if messages are stuck in spam filters or not delivered. They can have trouble tracking responses, especially with a large board.
Increasingly, charity and not-for-profit boards and their administrators are looking into more secure and efficient communication alternatives to email for board matters.
The problem with using email for board business
As long as email has existed, so have email scams (remember that Nigerian prince?). However, as email become a ubiquitous business tool, phishing scams have grown more sophisticated, harder to detect and more damaging.
The board email scenario above is an example of spear phishing, where hackers clone email addresses and identities. The email looks like it’s from a legitimate source asking for legitimate information. Busy board members, even the savviest, can sometimes be fooled into downloading malware or viruses. Worse, hackers could use ransomware to force organisations to pay money to restore their data.
Another problem with using email for board business is how easily important communications can get lost. The sheer volume of email that most people receive makes it difficult to filter important messages in a timely manner.
Some boards use emails for voting purposes, which can be complicated for board administrators to track and collate voting results. When board members discuss votes or other board business in emails, administrators must also track those conversations as part of the voting process. If confidential information is included in these discussions, email is not a secure place for them.
“The danger with voting by email is that there are no clear assurances that the email vote has been actually executed by the specified board member; with hackers and imposters lurking around every corner of cyberspace, a vote could easily be fraudulent or improperly obtained,” points out Ellis Carter, a nonprofit lawyer with Caritas Law Group, P.C.
Data privacy regulations such as the General Data Protection Regulation (GDPR) consider email as personal and protected information. Laws like the Federal Rules of Civil Procedure (FRCP) require that organisations keep and store an archive of emails. To comply with these and other data privacy laws, charities and nonprofits must be careful in how they handle and protect sensitive information. Email is notoriously insecure and can easily lead to compliance violations.
If not email, what other tools could volunteer boards and administrators use to communicate securely and efficiently?
“The danger with voting by email is that there are no clear assurances that the email vote has been actually executed by the specified board member; with hackers and imposters lurking around every corner of cyberspace, a vote could easily be fraudulent or improperly obtained.” – Ellis Carter, nonprofit lawyer
What is the alternative to email?
Breaking away from business email practices requires an easy-to-use alternative that allows for secure messaging, storing board documents and online collaboration. Board management software offers a way for board members and administrators to send and receive secure messages.
Instead of pushing large documents through email servers, they can be stored on the board platform. Discussions among board members can be held in secure workrooms on the platform, rather than through email, and access can be limited to only those in the conversation.
The Louisiana Restaurant Association uses BoardEffect because of its ability to distribute large documents securely and efficiently. Being able to share documents through BoardEffect rather than via email assures that the organisation is not passing on any cyber threats to board members, as information and documents are entirely encrypted, according to President and CEO Stan Harris.
Hospital Sisters Health System, a network of hospitals in Illinois and Wisconsin, discovered the benefits of going from email messages to BoardEffect when the organisation was hit by a cyberattack. Phones and the internet were down for 15 days, but the governance team was able to function and communicate though the platform, which was not impacted by the outage.
Making the transition from email to board management software
Moving from email to a board management solution can help eliminate the risks of using email for board business.
- The first and most important choice is a secure, user-friendly board governance technology partner.
- After you decide on the solution, it’s essential for administrators to create a timeline of the transition away from email as your primary board communications tool.
- Set clear guidelines on how the software will be used for board communication and work. Board members should be aware that they will receive all messages about board work in the solution, and that they should do likewise with outgoing messages.
- A change in mindset may be required among the board, since most are accustomed to using email in their day-to-day business lives. The transition should include conversations and discussions about the importance of data security and legal compliance to the organisation. The consequences of an email cyberattack can be costly and result in the loss of the organisation’s reputation.
- Training will help ease the transition and help board members become comfortable using the new software. It’s important to choose software that is intuitive and easy to use.
The process will be easier if the board administrator sets up permissions early and emphasised the software’s central document storage capabilities and other useful time-saving features.
It’s also important to monitor and evaluate how the transition progresses, providing training for the whole board on stuck points or sessions for individual board members who are having difficulties.
Managing email risks
Board members and administrators can be better stewards of the organisations by recognising the risks in their current practices. Moving to board management software is a first step in managing email risks and providing ongoing oversight to protect the organisation’s finances and reputation.
BoardEffect is designed with the unique needs of volunteer boards in mind. Our board management software streamlines board processes, enhances communication and promotes accountability.
Not only that, BoardEffect offers secure communication channels, ensuring that sensitive discussions and information are kept confidential and off email.
See how BoardEffect, a Diligent Brand, can help strengthen your charity or nonprofit’s cyber resilience. Request a demo today.
