By Dohsung Yum, ASG Technologies
Despite communities starting to reopen, remote work is far from over for many enterprises. Understanding that the world won’t return to “normal,” IT managers must anticipate long-term needs and lay a foundation that enables them to remain agile amidst uncertainty.
While many organizations have been digitizing, few were prepared for what prolonged remote work would require of their IT ecosystem. One of the biggest differences in managing a remote workforce is that employees are now using personal networks, which introduces a new type of risk for data privacy and protection. While new IT infrastructure can’t be built overnight, as the second GDPR anniversary passes, organizations can still buttress existing compliance and governance efforts and add specific protocols to reduce risk.
Here are five best practices that IT leaders should embrace to ensure they are serving their organizations and setting up employees for success—during the COVID-19 crisis and moving forward.
Ensure A Mature Data Environment
To respond nimbly in uncertain times, organizations need a mature data environment in which users can find the data they need to do their jobs and trust that it is contextualized, governed, shareable, and tied to the right business policies. Trust is critical to enabling the informed decision making required in volatile times. “Bad” data should not be IT and business leaders’ biggest barrier in developing plans that ensure their organizations can adjust and thrive—especially when the pressure is on. Yet, according to ASG’s 2020 survey, 63 percent of respondents believe bad data has been used to fuel business decisions in their organizations. Companies must be able to trust the data, as well as the people accessing that data. Users must be authorized to view the data, and they must be given enough access to perform their jobs, while still adhering to the principle of least privilege.
This is especially pertinent when trying to establish compliance with data regulations such as the GDPR or CCPA. If organizations don’t understand what intellectual property they have collected and stored—i.e., what or where it is—they are automatically at greater risk. Companies cannot assume their data assets are confined to the data center, especially those whose workforce has been moved permanently. The data center perimeter has expanded to include home networks that IT cannot directly secure. How can companies comply with regulations when data assets could be held outside the traditional network perimeter?
To get their arms around trustworthy data, organizations should implement a data inventory. Specifically, they must choose one that can look across the enterprise, including the “extended datacenter” of remote employees. This solution helps them to understand the entire data ecosystem, identify dark and siloed data, and confirm where data is and who has touched it—even as it leaves the organization. With this capability, organizations can confidently confirm compliance, even across a remote workforce.
Reinforce Content Management
With employees working remotely, IT practices can easily become vaguer, or messier, over time without realizing it—especially if an organization is supporting a remote workforce for the first time. IT leaders must implement controls to protect information and to regulate who has access to shared content. Organizations should assess existing data governance and privacy processes to protect personal information as it is shared internally and externally.
Content management solutions support governance strategies with key capabilities such as event-based retention, redaction, and a secure repository—all of which are critical when sharing sensitive information outside the organization. Departments such as HR that handle abundant personal employee data will need to continue vigilantly redacting unnecessary information, for instance. What's more, with the GDPR’s “right to be forgotten” stipulation, organizations must ensure they are not retaining information for longer than is allowed by industry regulations or by individuals’ demands. Content management solutions can automate retention so information doesn’t fall through the cracks. Companies can consider using other automation tools, such as robotic process automation (RPA), to optimize business processes and reduce the need for humans to interact with confidential data, such as PII.
Additionally, to ensure critical data is not stolen or used maliciously – which becomes more challenging with a remote workforce – companies may need to supplement content management tools with data loss prevention (DLP) tools. These tools make sure data that is accessed and/or downloaded is not stolen or used outside of legitimate business purposes.
Don’t Forget About Login Credentials
Companies must view their employees’ home network as an extension of their data enter, and as such, they must be able to trust both the device and user who authenticates into the VPN session. On the user end, a username and password alone are not enough on their own. Multi-factor authentication is a proven way to trust the user. On the device side, only corporate devices that are managed by IT should be allowed to connect to the VPN. There is no guarantee that an employee’s home machine will have the protections (e.g., antivirus software) or the policies that minimize the risk of breaches.
As having more logins can feel unruly, it may be wise for employees to adopt a password vault or manager to keep track of every password securely.
Use Video Conferencing Wisely
There has been a fundamental shift in the importance of collaboration technology, security exposure, and change in IT support needs. Even the most seasoned managers have had to adjust their approach to a remote workplace. Many managers who used to rely on in-person interactions to lead and communicate with their teams are now turning to video conferencing tools. While this capability is immensely helpful—if not essential to enabling seamless remote work—ease of use can come with more risk.
Growth in online collaboration tools has opened new avenues for breaches and privacy risks. For instance, there have been accounts where hackers obtain the Zoom installer and add a larger install package, which includes dangerous malware. To avoid falling prey, employees must confirm they install or obtain Zoom links from a trusted source. In other cases, hackers have obtained fraudulent access to a Zoom meeting or silently lurked to display inappropriate content. Zoom has recently released an update to address these privacy and security problems, but IT teams and users should remain vigilant.
To enable this hyper-vigilance, IT leaders should reconsider how they allocate human and IT resources. Organizations and their employees may have increased or different IT needs while remote. More users are accessing software, meaning more customers—also now remote—may need increased support. Leaders must ensure that IT teams are robust enough to support this increased usage and that there is an adequate number of licenses and seats available so everyone can use the right tools as needed. They should also standardize on tools with proven security and frequent improvements and software updates.
Invest In Team Identity
Many IT leaders were managing teams remotely before the COVID-19 pandemic, so they are familiar with the challenge of establishing a team identity when individuals are scattered across different locations. Communication is essential to unite a remote workforce, and especially important for individuals who were used to daily in-person interactions with colleagues. Managers must consider ways to make employees feel seen, heard, and engaged. Sending email updates that cover necessary corporate information while showing personality is a great place to start—and employees should be encouraged to reciprocate. The tone of internal communications is critical for team bonding, knowing it may be more difficult to gauge what is going on in an employee’s life.
If IT leaders start with these five best practices, they can lay a foundation that will help stabilize the current uncertainty and create a resilient runway for the future. Quick fixes can only last so long—the way organizations respond today will make a lasting impact.
About The Author
Dohsung Yum is the SVP and CIO at ASG Technologies.