Can You Safeguard What You Don’t Directly Control?
Navigating a work-from-anywhere (WFA) environment is a trend that will
continue to grow and evolve in every type of organization: corporate,
non-profit, law firm, government, healthcare, education and many more.
The challenges and risks to information assets associated with
that dispersed workplace will also increase.
For example, have you considered the implications of an employee working
without supervision in a remote location deliberately sharing information with
someone? Deliberately, or inadvertently tipping someone off about insider
information, corporate trade secrets, or intellectual property? Something as simple
as misdirected printouts while from working at the local library and printing to a
public printer, exposing a screen to a bystander at a coffee shop, or talking
loudly at home in front of family can create issues with corporate records and
information confidentiality.
Where do your corporate records end up? Open to anyone in the household, or
visiting, or breaking in? In the employee’s drawer, on their desk, in the trash
barrel if they leave the company? Although some of these scenarios may sound
far-fetched, what is your comfort level with the risk of exposure, theft, or misuse of
sensitive information or corporate intellectual property?
A sound information governance (IG) program with proper oversight and follow-
through can help your organization guard itself against misuse or abuse of
corporate records wherever your employees are working. It will ensure that
proper guardrails exist in policy, protocols, and training to better protect your
organization.
Let us start with setting up corporate oversight of this vital area. What does your
organization do now? Do you assume the IT Director has eyes and ears on all?
There isn’t enough time in the day for one person to oversee all aspects of
information protection. So, who else should be involved? It is time to look at your
organizational chart and define the overlapping information oversight
responsibilities for all your executives and managers.
Some considerations:
Are your policies up to date? This would include not just your Records
Management Policy, but many related policies from your technical and human
resources departments, such as:
- Work from Home Policy
- Bring Your Own Device (BYOD)
- Acceptable Use of Corporate Technology
- Code of Conduct
- Insider Trading – risk mitigation against compromised accounts
- Client Confidentiality
- Defensible Destruction
Is your team aware of their responsibilities to secure, protect, and dispose of records
and information? If management has no solid training and auditing programs for
the organization, how can you expect to inform staff of their responsibilities
or identify any issues with compliance?
There’s no time to waste. Ensure your team has the oversight and protection of
organizational information assets – no matter where your people work.