Ian Wood at Veritas Technologies explains why companies need to exert greater control over corporate data
The lines between business and personal communication channels are becoming increasingly blurred.
In the last few months, several senior government officials have been caught out using personal forms of communication for government business purposes. Earlier this year, private text messages sent in March 2020 between UK Prime Minister, Boris Johnson, and Sir James Dyson were leaked.
Meanwhile, former Health Secretary, Matt Hancock, is under investigation for breaching government guidelines by using a personal email account during the COVID-19 pandemic. And the ICO announced in July that it has launched a formal investigation into the use of private correspondence channels at the Department for Health and Social Care.
While these are high-profile cases in government, the use of personal or non-official channels for business purposes is an issue that almost every organisation is grappling with – whether they realise it or not.
In the last 18 months, the rapid shift to remote working has enabled office workers to become even more acquainted with instant messaging services such as Zoom, Teams and Slack. Veritas research found that the amount of time employees spent on these types of business collaboration tools has increased by 20% since the start of the pandemic.
So, it should come as no surprise that an enormous 71% of office workers admit to sharing sensitive and business-critical company data using these tools.
Although instant messaging and collaboration technologies have been critical to maintaining a semblance of ‘business as usual’ in the height of a global crisis, if the data shared via these applications isn’t properly protected, companies will find themselves at serious risk of that data being lost, leaked, or getting into the wrong hands.
Falling foul to data protection regulations such as GDPR can be very costly, as Amazon recently discovered. But losing control of data also opens businesses up to the threat of ransomware attacks if businesses have no way of even knowing what data was shared via these tools, let alone recovering any of it.
As instant messaging and collaboration tools begin being treated by employees as an accepted form of business communication, companies must ensure they’re backing up and protecting the data shared via those platforms.
The question is: how do they get on top of this and protect themselves from any potential fallout?
Casting a wider net
In order to take back control of their data, businesses should begin by standardising on a set of collaboration and messaging tools that meet the needs of the business. Many businesses relied on remote working to survive through the pandemic, and for most, work from home is set to continue in some capacity.
So, the benefits of these tools, if managed correctly, are vast. But selecting just a few of these tools that employees can use for business purposes can help organisations contain data and limit sprawl.
Once a standard set of tools has been established, it’s imperative that businesses create a policy for information sharing to help control the sharing of sensitive information.
Employee training on the company policies and tools that are being deployed can help employees understand the significant risks and repercussions associated with data misuse. Training should include regular reminders on what information should and shouldn’t be shared, and the accepted channels of communication for business purposes.
Our research found that sensitive data being shared by employees on collaboration and instant messaging tools includes:
- Client information (16%)
- Details on HR issues (13%)
- Contracts (13%)
- COVID-19 test results (13%)
- Business plans (12%)
- Corporate passwords (7%)
Less than a third of employees suggesting that they hadn’t shared anything that could be compromising. In the wrong hands, this type of information can be used by hackers to lock a business out of its systems.
Companies should also keep employees up to date on the latest data protection regulations. Making data protection the responsibility of all individuals within an organisation can help to reduce accidental policy breaches.
And finally, but perhaps most importantly, businesses must ensure the data sets from collaboration and messaging tools are incorporated into their data management strategy using eDiscovery and SaaS data backup solutions. This will empower employees to make the most of the tools without putting the business at risk of falling foul to regulators or becoming a victim of ransomware.
An important lesson
Over the last 18 months, organisations have undergone a rapid digital transformation to survive, with some compressing strategies that would have played out over years into just a few months. As a result, for many, digital transformation efforts have outpaced security measures, leaving companies vulnerable to ransomware or regulatory non-compliance.
To ensure working from home remains an asset and not a headache, businesses must ensure they are in control of their data regardless of where their workforce is located. Otherwise, they could find themselves having serious conversations with compliance watchdogs and ransomware extortionists. Neither conversation will be cheap.
Ian Wood is Head of Technology UK&I at Veritas Technologies
Main image courtesy of iStockPhoto.com