workplace app

Along with Increases in Productivity and Reach Come Real Risks

New collaboration platforms such as Slack and Facebook Workplace are rapidly gaining traction in businesses large and small, especially among younger workers and millennials who gravitate to these tools because they are much more immediate and efficient than trading emails or voice messages. However, such gains in workforce productivity can come with unforeseen compliance risks, especially among heavily regulated financial companies. In this latest piece, Mike Pagani shares how to protect these new communication platforms, which are subject to the same regulatory and compliance requirements as other forms of electronic communications, such as emails and texts.

It feels like it was not that long ago that emails drove the reactive part of our business days, reading and responding to the urgent ones as they popped into our inboxes. Not so, lately.

If your business environment is like most these days, a growing number of your employees are spending more cumulative time in Slack (or a different collaboration platform) on a daily, and sometimes nightly basis for team-related internal communications instead of using email. If you are a private sector business, then your marketing department is also using social media channels and apps to reach new customers and communicate with existing ones a lot more compared to email marketing as well.

As a result, we now tend to “catch up” with reading emails every few hours, and it’s these new collaboration platform messages and social media app notifications that get our attention and our immediate responses. These new team-oriented collaboration platforms and social media app-driven channels are shifting the way we communicate electronically for business purposes and how we work with each other. Let’s take a closer look at both.

Collaboration Platforms

Slack is the originator for the new category of collaboration platform offerings, but they are only one of several platforms that are rapidly gaining traction and competing to be the corporate standard for team-based non-email communications. Other vendors in this emerging space include Microsoft, with Microsoft Teams; Facebook, with Workplace by Facebook; and Cisco with Cisco Spark. There are more, but these are the ones I have most frequently seen gaining adoption.

As Chief Evangelist at Smarsh, I often speak at conferences for regulated businesses. Throughout this year, I have been asking the audiences primarily made up of compliance, legal and IT professionals if they are currently using, or if they are planning on using, a collaboration platform like Slack, Microsoft Teams or Workplace by Facebook in their business. Six months ago, only a few hands would go up. Now, nearly the whole room has their hand in the air.

Using Slack as an example, the numbers we are now seeing for adoption and daily usage backs up what we are experiencing in our work days and my show-of-hands instant polling results out in the field.

Last October, Slack announced that it had passed the 6 million user mark. A year prior, in October 2016, they had 4 million users. The other stat that caught my eye recently is the amount of time these users are active on Slack during the business week, which is 320 minutes plus per day on average according to numbers published by DMR. Given that the amount of hours in a day has not changed, it would be reasonable to say that those five-plus hours of activity in Slack each day have been stolen from time spent in email.

The answer as to why is very simple: Productivity, and the direct impact it is having on the workplace. These collaboration platforms allow us to get a lot more done — and much quicker – when compared to using email to work together on a common task, goal or initiative. Email was not designed for that type of task and breaks down quickly when trying to keep a group in sync as we answer older messages in a rapidly evolving thread or inadvertently spawn a new thread that complicates things quickly.

Contributing to the productivity factor, while being the right tool for the job, these new collaboration platforms feature instant messaging (IM), persistent chat, video/audio calls and online meetings, plus file and document sharing with version control all in one integrated, unified platform to use versus employees needing to go in and out of separate individual products for each all day.

Social Media Channels

When looking at social media app-driven channels, the business value is also significant. Marketing and communicating with the customers we need to reach and service in an effective and responsive way is being driven more by social-media-based initiatives and activities these days because of the results that are being achieved with them when compared to email. This shift is due in great part to the wide adoption and preference for people to use mobile apps for staying up on what’s important or for being reached in a time-sensitive way. They too are not keeping their eyes focused on their email inbox as much, but rather the social channels that they are members of.

All of this is great news, and the collaboration and social platforms will only mature and become more capable as they add more features, but there is a downside for regulated businesses.

As we’ve seen earlier this year, the regulators (FINRA, SEC, etc.) have been very clear in their communication and published guidance that all forms of electronic communications being used for firm business need to be captured, retained and adequately supervised/reviewed for compliance purposes, regardless of the method chosen. Although the guidance was specifically targeted at social media and mobile text messaging, these new collaboration platforms are also subject to the same regulatory compliance requirements.

Just like with social media and text messaging, prohibition and restrictive usage policies are very hard to enforce with confidence knowing that individuals will utilize these forms of communication at times when the needs of the business necessitate it or for other valid reasons, such as increased productivity or to satisfy a time-sensitive issue. No ill intent, but a compliance risk all the same if these messages are outside your compliance perimeter and not being archived and actively supervised alongside all the other electronic communications channels being used by your firm.

The complicating factor with Slack adoption is that it is happening in a non-prescribed way within firms. Users can download the free Slack application from the web and deploy it as a team in a matter of minutes, and all without the need to ask for any help from IT. This is a big part of the reason that the number of Slack users is growing so rapidly. Slack monetizes on this freemium model later when the business starts to demand more advanced functionality that goes beyond what the free version provides.

This is the latest example of “Shadow IT” and is a very real situation for most firms we talk to these days. So, if you know your employees are using Slack (or another collaboration platform) within your financial services business and you are not actively archiving and supervising its use as you would your email or any other allowed channel, you need to be. If you’re not aware or aren’t sure about whether a collaboration platform like Slack is being used in your firm, I am willing to bet it is if you specifically go looking for it and ask your employees.

The good news is that comprehensive archive technology has advanced, and the leading vendors have active relationships with Slack and other collaboration platform vendors to provide archiving connections that directly capture the messages, index, supervise and store them in a search-ready state alongside all other forms of electronic communications being used by the firm.

Bottom line here is this: the business goal today needs to be achieving both compliance and productivity as new technology emerges so you don’t succeed with one at the expense of the other.

Mike Pagani

Mike Pagani is the Senior Director of Product Marketing and Chief Evangelist for Smarsh. Mike is a seasoned IT professional and recognized subject matter expert in the areas of mobility, identity and access management, network security and virtualization. Prior to joining Smarsh in November 2014, Mike held executive-level corporate and technology leadership/spokesperson roles for Stay-Linked, Quest Software, NComputing, Dell Software and others.

Related Post

Got Compliance News?

We do!  Sign up for CCI’s free weekly eBlast to get GRC news, views, jobs & events delivered to your inbox once a week.  Cancel anytime.

Click to Subscribe.