The current pandemic has more people working from home than ever before, but that should not stop your organization from being diligent with information governance practices. Just like washing your hands, and social distancing can slow down the spread of germs, steps can be taken to ensure that the health of your information systems stay strong as well.
A long-time concern for security and IT teams are mobile devices that are not owned or managed corporately. Incorporating company policies that prohibit corporate data from being saved to mobile devices will help, but using company approved Email and messaging applications may be more effective.
For instance, if you are using Office 365, enforce usage of Outlook on devices and not the out-of-the-box Mail apps such as Apple Mail and Gmail. Messaging is another area of concern. If your company uses Slack for messaging, require all company-related text-based conversations to occur on that specific application. Discourage SMS messaging, unless your organization has a method for archiving them. The last aspect of mobile devices to consider is phone calls; as you likely have a VOIP system in use. Encourage users to use that application on their mobile device for company-related business instead of the devices built-in calling feature.
Home computers are usually not managed by your corporate IT team. Therefore users will need to closely follow corporate protocols to ensure they are not saving information owned by your organization to their local systems. Enforcing remote desktops usage to access corporate data and systems can be an effective way to ensure their home computer is simply a user interface. Regardless ensure end-users know how to make content a record, and where to save work in progress.
In most cases the laptops your employees use are devices that are owned and/or managed by your corporate IT team. People will normally take the shortest path to accomplishing their tasks, which may mean saving documents locally, or possibly putting records into their user share. Be sure to enforce clear policies on when and where business records belong. Gimmal also has a software tool that can scan and ensure sensitive data, business records and other data are not being stored on corporate computers.
Ensure your organization has provided end users with a consistent web meeting platform that includes video. One thing to consider is combining meetings, video, audio, and collaboration all into a single platform. There are many options, but Slack and Teams are two of the best to consider. Both offer data encryption, compliance certifications, and multi-factor authentication.
Keep it Simple
I was tempted to say KISS (Keep it Simple Stupid), but kissing is not in line with social distancing. All joking aside, if governance policies make certain tasks too hard, employees will find a way around them. It’s been proven time and again, that the tighter something gets locked down the more creative people will get looking for a way around them.
As an organization that has many remote employees in all types of positions, we understand the struggles and governance issues that may exist. If remote work is new to your organization, start by following these seven tips. You’ll be on your way to compliance during this trying time.
- Make sure corporate devices are managed properly
- Ensure there are policies in place for employees working on their own devices
- Use corporate messaging and calling platforms
- Implement a good consistent way to handle web meetings and collaboration
- Ensure users know where they should save “work in progress” content
- Ensure users know when and where to save content as a business record
- Scan laptops and workstations for different types of sensitive data and take action
Want more information on Gimmal’s information governance solutions? Join us for our next webinar! View the Gimmal event page HERE.