Managing Security, Compliance for Remote Work
securityboulevard.com – 2020-07-27 10:00:33 – Source link
The new norm of remote work under COVID-19 social distancing guidelines hasn’t exactly been a cakewalk. Both companies and their individual employees are struggling to maintain some sense of normalcy while at the same time having to dramatically re-think their jobs and internal processes to keep the business running.
One of the biggest challenges is the need for businesses to protect private customer and employee information, intellectual property, financial data and other sensitive information against a host of old and new threats. On top of that, many employees tasked with maintaining these security and regulatory compliance standards no longer have the same secure systems and workflows they would in the office. So how can companies adjust to the new norm without sacrificing governance standards?
Addressing Remote Work Security and Compliance
Below are a few of the most common challenges facing business security and compliance practices with remote work in the current pandemic, and tips on how to overcome them:
Storing files locally creates inconsistencies and leaves data vulnerable
With most employees now working from home, it’s easy to fall into the trap of saving files directly to a computer or local hard drive rather than a shared repository. Saving files locally makes them easy for those individual workers to access, but rogue copies can create new challenges for maintaining consistency, especially for customer records and other important files that require input from multiple sources.
Storing files on local systems also opens them up to security threats, since it’s far easier for malicious third parties to penetrate a home network than a typical corporate network. Worse, the content is unlikely to be deleted when it’s no longer needed, meaning it will continue to exist unmanaged and unprotected for weeks or months, leaving it vulnerable.
The easiest solution to this problem is to set up a virtual private network (VPN) where all employees can sync their files, while maintaining the controls that would normally exist in a central repository. By taking the simple extra step to set up and edit files in this server, employees retain the ease of use of working with local files, but companies can push information governance rules down to the individual user. That way, employees aren’t bogged down in extra workflow steps and compliance officers have one less thing to worry about.
Standard review and approval processes are still essential
No matter the industry, virtually every organization has certain content review and approval processes in place. Those processes are important, not just for fact-checking and ensuring the reliability of data but also to ensure no sensitive information such as company financials, customer passwords or contact details are accidentally released.
Unfortunately, standard review and approval operations have a tendency to break down with so many employees no longer working in the office together. Standard workflow and content-sharing tools typically aren’t designed for remote use, and otherwise important reviews can be rushed to make time for other work.
Automation tools can go a long way toward ensuring these processes aren’t forgotten or ignored. Even basic automation tools can help remove much of the manual review work by extracting and verifying key information and passing those details on to the next person in the approval chain. And, as more solutions introduce built-in AI and machine learning capabilities, many of these platforms are able to determine which files contain sensitive information and classify documents accordingly. That means significantly less time and effort spent by remote employees in the typical review process, without compromising on records management policies and security.
Sharing content on traditional channels is faster, but never safe
Another challenge of working remotely is the tendency to prioritize speed and convenience when sharing content. It’s faster and easier for employees to send files via email or personal content-transfer services, but these methods lack the security, access controls and encryption safeguards that are standard in the workplace.
For businesses operating in the insurance, financial, health care and other regulated industries, sharing content via traditional means can also put the company at significant risk for fines or litigation. At a time when budgets are especially tight, that’s a mistake most organizations can’t afford.
Cloud-based content management platforms can provide an affordable and effective solution for sharing files and maintaining consistency while remote employees are collaborating. Rather than traditional on-premises management systems, cloud-based platforms allow businesses to apply centralized governance controls across all content, and as an extra step, automatically sync these controls across user’s individual desktops as needed. By ensuring all necessary employees have access to the system, regardless of their location, users can also easily share secure links via email, chat or other methods they’d normally use, without sacrificing security for convenience.
Virtually every industry is undergoing monumental changes as they grapple with the ramifications of COVID-19—and during periods of turmoil, it can easy for otherwise-standard security and compliance measures to be put on the back burner. But just because they aren’t top of mind doesn’t mean those measures aren’t still a priority. By investing in the right platforms and technologies and taking the time to educate remote staff on some basic changes to in-office policies for file storage, sharing, review and maintenance, businesses can ensure they are well-equipped to maintain the highest levels of security and compliance standards.