The rapid shift some companies have had to make to ensure continuity when remote working has raised concerns about potential vulnerabilities when it comes to cybersecurity and compliance
Nations may have been locked down and masked by the coronavirus pandemic, but minds have been opened. For business leaders needing to adopt mass home-working policies effectively overnight and embrace digital processes, it has been liberating. But at what cost in terms of compliance?
“COVID-19 has acted as a digital transformation accelerant since it is forcing archaic systems and processes to be overhauled,” says San Francisco-based Nicole Alvino, co-founder of workforce communications platform SocialChorus. “The good news is most businesses are in the process of moving some, if not all, data and processes to the cloud.
“With this transition comes additional data, security and compliance requirements that have been in place for some time, and continue to be added as we saw with the General Data Protection Regulation (GDPR) in May 2018.”
Other businesses seeking to plug potential data leaks and minimise compliance issues could learn from SocialChorus’s approach. “We maintain the highest level of enterprise security and just passed our 2020 SOC 2 [service organisation control] type-2 audit and received our ISO 27001 certificate from the auditor,” says Alvino. “Part of these audits ensures all employees have taken compliance training that includes how to deal with documents and secure files when not in an office.”
Pandemic driving adoption of digital tools
Thankfully, technology can play a significant role in maintaining the security of business-critical documents, from sales agreements to legal documents, employee contracts, onboarding and beyond.
“Through moving to become more digital, employees can improve productivity, as cumbersome and lengthy processes involving paper or legacy systems are being replaced by more-efficient solutions,” says Andrew Johnson, managing director of meetings provider PowWowNow.
“Digital signature service providers, for example, enable deals and documents to be shared with no dependency on location. You can automate a secure evidence collection system for the online signature process while guaranteeing full security thanks to email and one-time password processes.”
I have heard chief executives say they have made five years’ progress on their plans to transform in two months
Clare Lawson, chief customer officer at advertising giant Ogilvy UK, reports a big increase in the use of digital tools during this crisis. “We had the tools before, but the pandemic has driven our adoption rate and the digital transformation of how we manage comments and approvals, as well as signatures and document management,” she says.
“We’ve long since provided digital asset management systems, like Adobe Experience Manager, for our clients as part of the service, but on many fronts the usage was patchy; not any more. We are now running multi-faceted campaigns from creative, through comments, to production and go live through a single digital platform. And it’s increased our speed to market. We recently completed a campaign, which was scheduled to take six weeks from inception to going live, in sixteen days.”
Worries over cutting compliance corners
Given the need for speed, many experts are worried that necessary shortcuts being taken by business leaders are causing challenges with cybersecurity and compliance. “I have heard chief executives say they have made five years’ progress on their plans to transform in two months,” says Nelson Phillips, professor of innovation and strategy at London’s Imperial College Business School.
Such acceleration, although great from an innovation point of view, has resulted in lots of cutting corners and ignoring best practices around compliance and security.
“While we have seen some remarkable successes in terms of organisations virtualising, we are also going to see an increase in the incidence of loss of data and a lack of security around documents,” says Phillips.
Johnson agrees. “Knowing what data your business has, where and how it is held, who has access and protecting the integrity of that data is crucial for the successful long-term operation of your company,” he says.
“During a pandemic, there is still no exception and data is at increased risk. Hackers have also evolved a strategy to leverage GDPR to extort non-compliant businesses, demanding ransom fees in exchange for avoiding fines.”
How leaders can ensure remote compliance
A new report from Atlas Cloud, an IT provider, unearthed some worrying working habits since the national lockdown began on March 23. Of the 3,000 office workers surveyed, a quarter admitted to using personal laptops for home working, while more than half the respondents revealed they are storing work files on their device, raising concerns about compliance and the security of business information.
As it is human to err, Pete Watson, Atlas Cloud’s chief executive, urges a shift towards server-led IT from a device-led model, where sensitive data is held on computers, tablets and smartphones. “Server-led IT takes control of business information out of the hands of individual employees working on individual devices, where the information is more vulnerable, and gives control back to the businesses that retain ownership of all their data in the cloud,” he says.
Finally, what steps should business leaders take to improve their remote compliance? “Put in place clear policies for remote employees, clearly outlining what can and cannot be accessed remotely, and by whom, and ensure devices are encrypted,” Johnson advises. These may be small adjustments, but they will be cost effective if they shore up defences against cyberattacks and potentially crippling compliance problems.