It’s almost impossible to overstate how rapidly technological advances are transforming the way we work and communicate. For example, organizations are not only embracing mobile devices that allow employees to work remotely, but a growing number are encouraging staff to do so whenever possible.
Consequently, companies and their employees are creating, sharing and storing information at unprecedented levels. Data flows between our smartphones, tablets and laptops, creating an increased potential for overlap between our personal and professional lives.
This revolution in technology and communication has presented widespread business opportunities, empowering companies to develop better products and services, and offering them the chance to stay competitive by collaborating on a global scale.
But just as information sharing has flourished, the risks to personal and professional privacy have grown. A recent spate of high-level corporate data breaches – from major retailers to online service providers – has shone a spotlight on the challenge of data management and security in an era of online shopping, worldwide connectivity, collaborative innovation and flexible work arrangements. The emergence of cloud computing and the bring-your-own-device (BYOD) trend have only exacerbated the problem. I’m left wondering if BYOD could be viewed by some as Bring Your Own Disaster.
As a result, many business leaders are conflicted by the need to adopt mobility policies that manage data risk and improve bottom-line performance, while attracting millennial workers who demand technological and workplace flexibility. In this new reality, rigid data controls and rules simply don’t work. In fact, they defy the contemporary management ethos, which champions independence, decentralization, flexible supplier networks and free thinking.
Establishing a comfort level in a hyperconnected age is no easy task, but forward-thinking corporations are finding solutions to this dilemma. There are so many risk factors such as confidentiality, privacy, security, theft, competition and reputation. In my work with some of the world’s leading organizations, I’ve seen them take a more focused but balanced approach to digital security and leveraging technology – while meeting employee expectations of mobility and connectivity and still protecting data privacy and confidentiality. Here are three strategies to put your business on the right path.
1. Make confidentiality and security focal points of employee orientation and training
Forward-thinking organizations have employee onboarding processes that teach the importance of keeping data secure, while also describing their information management policies in detail. Highlighting the value of flexibility and mobility is a critical aspect of that training. Remind new staff that although protecting information is of paramount concern, that doesn’t mean it will compromise their ability to innovate and to work with colleagues, wherever they may be.
It’s important to highlight the interconnectivity between personal and corporate privacy risks. If BYOD is a company policy or benefit, make sure that the employment agreement addresses the implications related to ownership of data. Managing employees’ expectations is important, but organizations must also understand corporate legal issues such as data ownership and privacy, as well as the cost related to investigations or litigation matters that would require sifting through personal versus business data on a device.
2. Understand that security and functionality go hand in hand
Security concerns shouldn’t make it more difficult for employees to interact internally or with their clients and their professional network. Forcing them to use an awkward system or to follow cumbersome rules all but guarantees non-compliance. First steps to product information could include issuing corporate hardware to all staff with the potential for remote work access, using virtual private network (VPN) connections, introducing mandatory encryption on storage devices and restricting where data can be saved. Time locks and biometric systems such as fingerprints or retinal scans on devices can add another dimension to security infrastructure that avoids the pitfalls of passwords. The goal is to protect data when using technology, while maintaining relative ease of use.
3. Develop, communicate and monitor information management policies
Employers need clear information management policies that state expectations around the type of data that will be protected and how it should flow within the organization and to clients. Introduce checks and balances to ensure staff compliance, but in a way that also helps maintain that vital focus on innovation and collaboration.
To find this middle ground, you must know your organization’s culture well and understand that employees need flexibility to do their jobs. In some cases, I’ve seen companies create substructures that let staff surf the Internet at work, but still restrict access to certain websites over content or malware concerns. In others, businesses with BYOD policies have taken the added step of vetting a range of smartphones or tablets and allowing employees to choose models that best suit their personal and professional needs, but they are technically approved from a software security perspective. Technology can provide the framework we work within, but policies that govern its use must be a constant reminder to staff, including a method of regular monitoring.
Data sharing and mobility will only increase as the boundary between workers’ professional and personal lives continues to blur. Companies must implement important safeguards that will maintain security and confidentiality, with the understanding and need to mitigate any negative impact it will have on business processes. Policies related to corporate information governance must drive behaviour that ensures workflows in the technology environment will flourish.
Organizations that find ways to confront this challenge – and seize the accompanying opportunities – will enjoy success. Those that don’t will be left behind.