Over the last few weeks, millions of workers around the globe have found security in home offices as we comply with government orders to shelter in place and to avoid gathering in offices. In this rush to set up remote workers, many have turned to free tools for collaboration and file sharing. Unfortunately, as we face working at home for several more weeks, or perhaps months, we’re becoming more aware of specific limitations in some of the tools we’ve chosen.
As a provider of business technologies, you should be checking in with the organizations you serve to ask what strategies, tools and procedures they have in place to help remote workers keep data secure even as they access, edit and store it at home.
How are we really using business records?
According to Global Workplace Analytics, only 7% of employers offered remote work to most or all of their employees prior to this crisis. Few could be considered experts in enabling home offices, and few leaders are experienced in the different demands of managing projects with remote employees. As we scrambled to send so many employees home, many companies simply chose the most convenient tools, rather than giving full thought to how employees really use records to work. Now that the heat of that frenzy has settled a bit, we’re once again thinking about business objectives like cybersecurity and compliance, and many companies have discovered that their work-at-home tools and processes don’t protect sensitive information the way they’d prefer.
When employees work side-by-side in an office, everything they do is protected by network security settings that lock outsiders away from sensitive information and systems. This data never hits a publicly accessible location, so it can’t be hacked as simply as data that crosses public internet services on its way between workers at distributed home offices. Further complicating the problem, collaboration tools and file store and share services often don’t meet security standards well either. Collaboration tools, while helping us communicate, don’t really keep information protected when files are exchanged between employees at different locations, and online drives and email security don’t measure up to the standards required by most common business regulations.When employees work side-by-side in an office, everything they do is protected by network security settings. It can’t be hacked as simply as data that crosses public internet services on its way between workers at distributed home offices.Click To Tweet
Start with cloud-based ECM
Enterprise Content Management (ECM) companies have been in the information management, security, and collaboration business for decades, so now is a great time to turn to these tried-and-true technologies. Most ECM systems include the ability to store a wide variety of file types with a structure and organization that allows users to securely access information from many locations and devices using a simple keyword search. In addition, these products have been enabling cybersecurity and compliance initiatives since the very beginning.
Why cloud-based? The reasons go beyond the fact that cloud-based technologies are popular and instead speak directly to why companies choose cloud over software. Many of these advantages are critical right now as companies operate with limited to no in-office personnel.
• Implementation doesn’t require IT personnel or hardware setup as part of a corporate network.
• Cloud-based systems typically work via browser-based interfaces that require no download or apps which individual users can easily download and install on their own.
• These systems are naturally mobile-friendly, making them a great choice since many of today’s work-at-home employees are using personal devices such as phones, tablets and laptops for company projects.
• The learning curve on many cloud-based systems is much shorter than their software equivalents, meaning employees become productive much more quickly.
Rather than simply filling a gap for now, cloud-based ECM also represents a solid long-term solution that can last long beyond the current crisis. Analysts at Nucleus Research indicate that cloud investments return 3.2 times the value of their on-premise counterparts. Your customers can be assured they’re making a smart choice to address today’s critical needs as well as a wise investment that positions their companies for future success.
Often overlooked but essential security capabilities
As you’re considering which systems to recommend for each of your customers, create your short list of only technologies that include encryption and password-protected, context sensitive access settings.
A note about encryption
Though encryption is common, some systems only encrypt data when it is in transit between storage and the user in response to a retrieval request, or as it’s being uploaded back into the system. Data also needs to be secured when it is simply being stored. Known as encryption at rest, this security loophole can be closed by protecting information with AES 256-bit encryption. To really lock down information security, be sure any system you recommend to customers during this crisis includes encryption both during transmission and
Password-protected, context-sensitive access guidelines
Password protected access and context-sensitive restrictions represent two of the security features found in typical ECM systems that are critically important with today’s distributed workforce. Adhere to the following guidelines when setting up users for remote work.
Set strong password policies that require complexity (length and character requirements). Strong passwords should be required—and enforced—via ECM system settings that do not allow simple passwords to even be created. Your recommended ECM should also automatically lockout idle sessions and require individuals to log back in to return to work.
Do not allow any shared or “team” passwords to access company data. Many regulations require you to maintain audit trails that keep a record of who accessed information, what they did with it, and why. Shared passwords make it difficult to truly pinpoint data breaches associated to specific user accounts.
Expire passwords regularly. Every month may be too often for your employees to remember and create effective passwords (especially if you’re requiring strong passwords), but eternal passwords that never change expose your data to further risk. We recommend expiring passwords at least once every three months.
Do not set up user passwords that give individuals the ability to see information unrelated to their job function. Encourage your customers to enhance systems with the ability to lock down access to only those documents, projects, accounts, or reports that are relevant to each employee’s day-to-day work tasks. Called context-sensitive security, this level of control can really fine-tune what information gets exchanged over the internet and enters people’s homes during this season of widespread remote work.
Must-have security features
No matter which ECM application you choose to recommend to your customers, make sure it includes the following critical security features that can help protect information when it’s being accessed and shared remotely.
(click to enlarge)
Finding a measure of peace
We’re reminded daily to maintain human connections, to get outside for a bit of sunshine and exercise, and to eat and sleep well during our confinement due to COVID 19. Why? Our leaders are concerned that this change in our routine will keep us from the measures we usually use to protect our mental and physical health. When combined with the heightened anxiety we feel due to the worldwide pandemic, it’s a recipe for unhappiness and stress. You can help your customers find an increased measure of peace, knowing their information is not only secure, but also that their company is in full compliance with regulations — no matter where employees are working and regardless of where data is accessed.