Cybersecurity has become one of the biggest topics in the boardroom in recent years, as directors realize that an organization’s cybersecurity measures are as integral to its operations as its strategy and regulatory compliance. The consequences of a security breach range anywhere from exposing client data to network shut-downs like those seen recently in the June 2017 ransomware attacks. Boards are still learning how to oversee cybersecurity, what questions they should be asking their CIOs, and what a robust security strategy looks like, but the mental shift has happened. Boards are now more concerned than ever with defense strategies and recovery plans. They’re asking how to evaluate CIO performance, what the best practices for cyber risk management are, and how to evaluate cybersecurity measure performance.

But as boards invest more time and energy into probing an organization’s cybersecurity measures, it’s also important that they take the time to question their own cybersecurity practices. Is administration sharing board books through email, Dropbox, Google Docs, or another free-to-use, vulnerable platform? Do directors know not to use untrustworthy Wifi when reading sensitive emails or typing in sensitive passwords or financial information? Do they know that they are high-reward targets for cybercriminals who use spearphishing attacks, a strategy where hackers will use personal or professional information to pose as a business partner or colleague to gain access information to the organization’s network?

What can boards do to make sure that they’re not the cause of a data breach in their organization? In addition to better education about safe practices online for directors and executives, they should also be asking about board portals. Board portals like board management software from Aprio are secure methods of distributing and discussing board documents, voting remotely, and tracking director training, preparation, and expenses.

Board portals use encrypted data designed to ISO security certification standards to prevent cybercriminals from intercepting documents through Man-in-the-Middle attacks or from sending malware that poses as a board document. It’s important that the board management software you adopt is easy to use; ease-of-use is always a factor in cybersecurity, as over-complicated solutions tend to be ignored by busy directors.

Here’s how it works with a board portal like Aprio: when admin update or upload a new document for directors to read, the directors receive an email with a link. The link takes them directly to the new document in the portal, but they must first login.

Board management software also keeps documents off device hard drives. Mobile apps that work with tablets and provide offline access to board documents mean that directors don’t put the organization at risk by directly downloading documents, knowing they want to review them on a plane or during another time when they won’t have access to Wifi.

One final security concern is that the location of the board portal’s data center should be in the same country where you operate. For example, Aprio offers board management software solutions to Canadian companies with a Canadian-located server. If your data is hosted in the United States, it falls under U.S. legislation like the Patriot Act, and can easily be accessed by authorities. You don’t get a say in the server-location of file sharing systems like Google Docs.

Your board is concerned about the security measures taken by the organization. Make sure your organization’s board is protected from data breaches as well.