Compliance Risk Management in the Hybrid Work Era

January 18, 2022by Smarsh

Subscribe to the Smarsh Blog Digest

Subscribe to receive a monthly digest of articles exploring regulatory updates, news, trends and best practices in electronic communications capture and archiving.

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.

Organizations across the country have shifted to hybrid and remote work environments. While many companies didn’t blink an eye during the transition, firms and agencies in regulated industries are now struggling to ensure that their supervisory capabilities are up to code.

Ishan Girdhar, CEO and founder of Privva, was a recent guest on Innovation in Compliance with Tom Fox to explore risk management in the increasingly popular hybrid work model. In the podcast, he highlights several key areas compliance professionals need to consider in the year ahead.

Listen to the full podcast on Megaphone.

Hybrid isn’t going anywhere

While the hybrid and remote work environment used to be a rare company perk, it’s now an expected part of many job descriptions. It’s an important recruitment and retention offering, enabling employees to enjoy greater flexibility.

“I definitely see a lot more companies going back to the office,” says Girdhar. “But I think as soon as you have an employee who's commuting five days a week, they’ll realize that working from home two or three days of the week will be more productive.”

Supervisory controls need to be firmly integrated with the firm’s technology infrastructure so that employees work seamlessly, but do so in a secure way.

“Over the past few years, we’ve moved from disaster recovery to business continuity to business as usual,” says Girdhar.

New era, new risk management strategies

Know which devices are listening or recording
Smart home technologies are often overlooked security risks. Many homes have devices such as Alexa or Google Home — devices that are always listening.

"One of the policies we created from an internal risk management perspective was to make sure you’re not doing work in the vicinity of these devices," says Girdhar.

This is especially important when employees are working on, and have access to, sensitive information.

Use AI in compliance
As firms lean on a broader set of communication technologies, manually implementing compliance or monitoring employees can be cumbersome and time consuming. Implementing communications intelligence with built-in AI technology can help firms supervise employees more efficiently.

"Using AI is a good way to make sure that you are achieving compliance. AI can streamline the process and make sure that employees are adhering to the new policy in the new norm. There are new technologies built with AI capabilities that automate many risk-based decisions or risk-based detections to increase productivity," says Girdhar.

New era, same risk management strategies

While compliance professionals may dread the idea of supervising a hybrid or remote workforce, many of the same security procedures that work well in the office also work at home:

Follow and support lexicon and communication policies
Firms need to establish clear communication policies, so employees understand how to communicate internally and externally. Compliance departments must also ensure supervisory technologies can support internal policies.

Capture communication across the organization
Employees are communicating via emails, SMS texts and encrypted messaging apps like WhatsApp. Firms need to have a unified network of devices and technologies to capture and archive the vast volume of communication content.

Stay current with communication technology
Employees are in more virtual meetings than ever. Compliance officers need to ensure their technology keeps up with the trend to capture dialogue over Zoom, Microsoft Teams, Slack and other communications channels. Equally as important, capture and archive technology need to be able to transcribe conversations and make this content searchable.

Continue employee training
Cybercrime is up 600% since the start of the pandemic. The FBI’s cyber division is receiving more than 4,000 complaints a day, with 61% of all malware targeted at remote workers through complex cloud applications.

Consistent employee training is still the most effective tool in improving cybersecurity as employees move away from the secure networks of offices and onto vulnerable home networks with weak Wi-Fi security authentication.

Know what’s changed — and what hasn’t

Employees are no longer at the office five days a week. However, having the right procedures, training and supervisory technologies in place will ensure that the hybrid era will be "business as usual."

As before, employees will continue to be the best defense against information leaks.

"Every employee has the title of chief compliance officer now. If employees aren’t acting as the steward and maintaining and adhering to policies, companies are in big trouble," says Girdhar.

Share this post!

Smarsh
Smarsh Blog

Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.

Contact Us

Tell us about yourself, and we’ll be in touch right away.