How to Stay Compliant With Mobile

Innovation Exchange Webinar Recap

August 18, 2020by Robert Cruz

Subscribe to the Smarsh Blog Digest

Subscribe to receive a monthly digest of articles exploring regulatory updates, news, trends and best practices in electronic communications capture and archiving.

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.

Remote work has drastically impacted nearly every facet of our professional lives. For most of us, our status on Microsoft Teams, or appearance in a Zoom cube is more indicative of our “presence” than the address where we happen to be stationed. As the study of this transformation is often a discussion of collaboration or video conferencing technology, we tend to overlook one other important variable in the equation: our mobile devices.

Let’s face it — if you are not on a video meeting or chatting with a colleague on Teams, you are likely doing something on your device. In fact, you might be doing both of those things from your device. You might also be sending a text to a client, using an app like WhatsApp, or multi-tasking by taking a call in the middle of a Zoom or Teams meeting.

This topic — how to stay compliant with mobile — was the focus of our most recent Information Exchange webinar, with guests Sean Moshir, Co-Founder and CEO of CellTrust, along with Brandon Leatha, Founder and President of Leatha Consulting.

Stay-at-home workforces flock to mobile communications technologies

As we’ve stated before, COVID-19 has merely accelerated us down a path we were already on. Leading this has been a newer demographic of clients and employees who prefer the responsiveness and engagement of a text message or chat over an email. 

As Sean noted, even prior to the pandemic, financial services firms were embracing the use of mobile devices for business. "Just having a slight advantage of being able to communicate with your client through text message provides a quick response, and that directly drives more business.”

Brandon agreed, adding the universal axiom that, wherever business goes, litigation will follow. He said, "mobile used to be a secondary data source. More and more, we're seeing that the desktop may be the secondary, and the primary source for communications relevant to a matter may be coming from mobile or from some communication application.”

Since the Pandemic, Sean estimated that CellTrust has seen a 50% increase in just texting and voice, which was echoed by the attendee survey that also showed a significant increase in the use of mobile apps. This data is also consistent with other industry information. Since February 2020:

  • Call recording is up 600%
  • SMS recording is up 250%
  • Slack use increased by 40% in one month
  • The average length of a mobile call increased from 2 minutes to 6 minutes
  • Microsoft Teams meetings & calls up 500%, while the use of video went up 1000% alone in March
  • WhatsApp saw a 40% increase in usage

The heightened mobility risks

Our panelists agreed that the biggest risk impact of this sudden change depends on how well prepared the firm was prior to the event. Some firms have struggled with the use of personal mobile devices for business, as they had not yet issued policy guidelines or implemented control mechanisms on all devices. Others had noted the challenge of employees who had downloaded freeware or other unauthorized apps onto their devices, such as Signal, Marco Polo, House Party or Discord.

They also agreed, however, that the greatest concern surrounding mobility for firms large and small, prepared and unprepared, is the opening of potential cybersecurity exposures due to out-of-date security patches, the use of unsafe apps, and the recent rise in phishing, credential stealing, ransomware, and other advanced security risks. They emphasized security exposures, but also noted concerns over:

  • Discovery/compliance risk: created by the challenge of collecting and reviewing non-email content, such as persistent chats
  • Application risk: caused by the use of downloadable applications that lack reliable means of accessing historical data, as well as the use of easily accessible "freeware" versions of enterprise apps that lack important features or controls
  • IP leaks and internal policy risks: stemming from the lack of controls to guard against the misuse of information assets on new communications platforms. Also cause for concern is the challenge of spotting workplace infractions such as harassment now that they are happening in the virtual world
  • Privacy risks: there is no discussion of mobility without referencing data privacy requirements such as the California Consumer Privacy Act (CCPA), and the need for firms to maintain full transparency on how they are using personal information

Sean highlighted the risks associated with increased data volume, referring to the 3x increase in the length of the calls and volume of text messages. This generates greater compliance burden and risk if these sources are not captured and preserved in a compliant way.

Brandon added that this also impacts discovery & investigative burden dramatically, as targeted sources are now whatever your clients and your colleagues are using. He noted, “I work with some teams that I've communicated with using text, using chat, using in-meeting chat phone calls just with a single exchange. When you add encryption, employees think they're doing the right thing by using a secure or encrypted channel.  But, from a forensics perspective, you may or may not be able to get that information if it's needed for regulatory or compliance reasons.”

How do you plan to govern a mobile workforce?

The discussion took place at a point where we can now look back at what has taken place, what have we learned from it, and what we should carry forward, to whatever the new normal is. Two-thirds of financial services organizations will continue to operate in some virtual or flexible mode for the foreseeable future. They can now think about how to invest in people, processes or technology that can meet today's and tomorrow's needs. So, what should firms do to make sure that mobility is a central part of their risk mitigation strategy?

Our webinar exit survey results indicated that this remains an open question for many, as 36% of respondents submitted that they have not yet updated their mobility strategies to address stay-at-home mandates. An additional 24% indicated that they continue to prohibit registered representatives from communicating with prospects and clients over mobile devices.

Brandon offered a path forward. “The first step with any process to improve your current posture would be awareness: understanding the risks, which apps users are communicating on, whether they have the ability to manage and collect information from those apps, and whether they can prohibit the use of the rest. Then, once you're aware of your risks, develop policies around those risks. Those written policies need to be very clear and fresh and outline those risks and what the company's position is, followed by training that can't be a one and done.”

Sean concluded by stating that organizations "need to do their due diligence, making sure that they pick the right tools without creating an added burden on the user who is trying to do business. Unlike using your laptop, the mobile infrastructure doesn’t change, whether you're using it at work, using work wi-fi or your wi-fi is using the tower. There's still a mobile technology knowledge gap that requires education. But, under competitive pressure, employees will use their mobile devices, and so that gap will close as time moves forward.”

Watch the full Innovation Exchange webinar here.

Share this post!

Robert Cruz
Smarsh Blog

Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.

Contact Us

Tell us about yourself, and we’ll be in touch right away.