The COVID-19 outbreak is requiring companies to consider new policies and systems – ones conducive to a largely stay-at-home workforce. Smarsh’s Robert Cruz offers guidance on assessing solutions to facilitate this shift.
Addressing the demands of a mobile, stay-at-home workforce is not a new topic for the compliance and risk community. However, the recent global coronavirus outbreak known as COVID-19 has suddenly ratcheted up the urgency for many companies, which are now requiring employees to work from home as the best way to avoid the illness.
As a result, many firms are being forced to decide how to invest in technologies that enable employees to communicate and collaborate with teammates, partners and customers, wherever they may be. Collaboration and conferencing technologies such as Webex, Microsoft Teams and Skype for Business are widely used to overcome the limitations of email and phone calls. These well-established collaboration platforms have been joined by the adoption of newer tools such as Zoom and Slack.
Read more about compliance, risk and COVID-19
Companies advising their employees to stay home need to provide their people with access to such tools to do their jobs remotely as an acceptable alternative to the risks posed by working together in a physical office space or by boarding crowded airplanes during the crisis.
While most knowledge workers have had experience participating in a Webex meeting, supporting a conferencing technology as a primary means of collaboration and simply getting stuff done across a large organization is a different matter.
Should companies consider software that is “free”?
How should they adjust policies to outline acceptable and prohibited uses of those tools?
What cybersecurity risks, such as the possible introduction of ransomware or spear-phishing, could be introduced?
For regulated firms, how confident are they in the ability to capture, store and produce business conversations if required by the SEC, FINRA or other regulatory bodies?
And let us not forget about those CCPA and GDPR data privacy laws and the controls needed to satisfy them.
Undergoing a rapid transformation to a suddenly remote workforce involves adjustments in management processes, measurement systems, operational plans and cost analyses. Any evaluation of new technologies should consider the hard lessons learned from large companies that have already embraced collaboration and conferencing solutions. Based on findings gleaned from this group of adopters, here are five best practices to begin your evaluation:
1. Compare Benefits vs. Risks
Every organization will evaluate the benefits and risks of each new tool before choosing to allow them for business uses. The benefits include the ability to reduce the number of in-person meetings and emails, while improving access to information. The potential risks involve cybersecurity, data privacy and regulatory compliance vulnerabilities. If key stakeholders decide that the benefits exceed the risks – and that those risks can be controlled and mitigated through the use of technologies – then they tend to allow new tools to be used for business.
2. Freeware May Cost More Than You Think
Many collaboration and conferencing solutions have multiple-tiered offerings that can quickly proliferate within an organization based on free user downloads. IT leaders, along with security and privacy stakeholders, should be developing due diligence plans to choose which offering best meets the firm’s data protection objectives. Premium-tiered offerings may provide capabilities that are not essential, but they may be the only tiers that satisfy the organization’s risk threshold. Some vendors are even offering discounted or free access to premium tiers during this crisis.
3. The Need for Data Capture and Storage
Every collaboration and conferencing provider is unique in terms of the capabilities it provides to capture and store communications activities occurring on business networks. For firms faced with regulatory compliance obligations or frequent e-discovery demands, relying upon a vendor’s ability to provide timely responses to requests for historical content may not be a risk worth taking. Third-party solutions to capture and store content to meet regulatory and litigation demands should be a key component of any analysis.
4. Focus on Communications Policies
For those abruptly dropped into a new collaboration tool, it can appear to be a place to socialize and soon become a distraction from key tasks. That’s why it is important to ensure that communications and employee conduct policies are up-to-date and not centered solely on email or other existing tools. Conferencing and broader unified communications platforms offer a variety of capabilities, some of which may not be used without taking specific steps. For example, recording a conference call with an external party without first having received their permission. The features of each tool – and how those features would be used by an individual to do their job – should be considered in order to make policies relevant to those who may not have had previous experience working remotely or managing a distributed team.
5. Training Never Ends
Remote work can be a major adjustment for individuals accustomed to an office environment, and it may not be ideal for tightly-knit workgroups with high interdependencies. Those investing in collaborative and conferencing technologies for the first time should design training programs that reflect the nature, timing and business impact of key deliverables. The goal should be to minimize any disruption to the business and account for the steps needed to meet key deliverable deadlines. Ensuring that users of collaboration or conferencing systems know how to find information produced within those tools is also vital, but sometimes overlooked. Step in to ensure that the technology can deliver the promised productivity benefits – even if deployed under less-than-ideal circumstances.
The coronavirus scare has clearly accelerated the move toward working from home for many companies. In the past, heavily regulated firms would often disable or prohibit access to some of the tools that were perceived to be too risky or expensive to govern. But that risk/benefit ratio has been upended amid the current worldwide health crisis. Those same companies are now being forced to institute new policies and systems to protect their workers while still driving business results – or face being left behind by their competition.