The pandemic has unsettled the world, leaving us all to navigate the uncertainty. I don’t need to elaborate. We all know and feel the effects the COVID-19 pandemic has had on our economy, workplaces, and personal well-being.
However, at the time of writing this, restrictions around the world are starting to lift, little by little. And as the initial hurdle comes to a close, we are gradually shifting our attention from the panic of What now? and instead, shifting our focus to What’s next?
As a Product Marketing Manager for M-Files, I am in the game of figuring out what moves and shakes people to change, or more specifically what drives companies to invest in new technology. This pandemic has certainly offered a new driver to the mix.
COVID-19 has Forced Companies to Transform (and Transform Quickly)
Before this crisis, some common drivers across many industries included items like increasing efficiency in a competitive landscape, winning and retaining new business, and minimizing risk.
These drivers are still relevant. The pandemic, however, has presented a new driver — resilience. Namely, how can companies ensure and maintain operations in times of crisis? How can companies continue with business as usual in times when business is not usual?
While the initial hurdle of this pandemic seems to be coming to an end, there is no guarantee that the pandemic will not grow worse or that further restrictions will be enforced in the future (some news media portends the possibility of a second wave of cases globally). And as experts warned us of a possible pandemic before COVID-19, they are also insisting that we realize that other pandemics are just as possible in the future. We simply do not know. We used to operate with a false sense of certainty about the future, but this crisis has exposed just how uncertain things really are. Despite this, we are certain that the COVID-19 crisis has taught us that businesses need to transform. We can feel confident about that lesson. And when there’s need for great transformation, there’s need for great guidance.
Bring in the Consultants!
The reason I boldly claim that we need consultants now more than ever is because we’re in uncharted territory. Emotions are strong and it’s difficult, for both employees and business leaders, to wrap their minds over what to do next. Consultants, by and large, are transformation experts. We call on consultants to get us from one state to the next, because they have the expertise, experience, resources and know-how to pave a path to our objectives.
When it comes to the topic of resilience, businesses are plagued with questions around policy, leadership, technology, security, and change management while also grappling with the struggles of maintaining business today. This presents an interesting opportunity for people in the thinking industry.
The Driver: What’s driving or forcing companies to change?
The COVID-19 crisis has tested the resilience of the business world.
The Objective: What do companies need to do in response to this driver?
Companies have been forced to establish and maintain organizational resilience — to handle future crises.
Business Changes: What transformations must take place for companies to meet these objectives?
To establish and maintain organizational resilience, companies must:
- Institute a flexible and secure work environment
- Reduce costs to buffer current and potential decreases in revenue
- Enable a remote, yet effective workforce that can work either from the office or at home
- Establish policies and procedures for times of crisis and train staff on policies
- Train leadership on managing and leading in times of crisis
- Uphold excellent customer experiences in times of crisis
Business Value: What is the potential business value of these transformations?
When companies are resilient to crises, they:
- Retain more business
- Maintain business continuity in times when business is not usual
- Have better buffers for sudden revenue decreases
- Mitigate risks to security and quality — in areas like information security, safety, and compliance
- Increase workforce satisfaction and trust
So, if you’re in the service of helping businesses transform, take a moment to consider if this new driver offers your firm new opportunities. And in doing so, consider the following:
- What sort of products or services can you provide to help potential or existing clients manage this crisis?
- What sort of training do you need to better help your clients manage crises and build resilience?
- What sort of content can you develop to help your clients manage our current global predicament?
In times of global uncertainty, we need people in our corner to help us put one foot in front of the other. That’s why we need consultants now more than ever.
As more companies start to transition away from paper files and towards digital, the threat of data breaches increases as does the disasters that come with it. In 2018, the United States experienced 1,244 data breaches resulting in 447 million records exposed.
There are hordes of hackers and nefarious people that work hard to breach weak security protocols and gain access to important documents. But let’s not discount the less nefarious yet risk-laden instances of security compromise. What about employees who access files that they weren’t authorized to look at — either accidentally or on purpose? What about Alan’s termination letter that was left on the printer right next to Alan’s desk?
Depending on your cybersecurity efforts, your IT department might already be using the latest firewalls, malware detection, and anti-virus software, so that the perimeter of your company’s documents are always secure. Having a strong external security system in place to prevent hackers from getting in is necessary for any company to function. But do you have a system in place to protect your documents from internal breaches?
Whether intentional or not, an employee may have unintentional access to emails that contain sensitive information, get forwarded important documents, log in to a public computer and forget to log out, and many more possible scenarios that result in a data breach.
To help protect your files from internal data breaches even as your company grows, intelligent information management (IIM) solutions like M-Files could be your first line of defense. IIM solutions ensure that all your unstructured files, documents, and business processes are stored, captured, managed, preserved, and delivered on a centralized network for easy retrieval. Below I’ll discuss how an IIM platform can help you protect your data from internal breaches.
The whole takeaway here is that data security should be enforced, not only as protection from outside intruders, but at the document-level for internal security.
“It has long been realized that encrypting content at rest, and particularly content in motion, is the only way to secure sensitive and potentially damaging content,” according to this AIIM report. “But suppose that instead of building protective walls around places where sensitive documents are held, we embed security into the document itself?”
Permissions and Access
It goes without saying. Sensitive documents should only be accessible to those who need access. It’s easy to have control over a few employees and the content they access in the first stages of your company. However, for growing companies, the ability to scale permissions access can get unwieldy.
With M-Files, you can set access permissions for whole classes of documents and data objects, in addition to specific documents, and even for different versions of the same document or object – including assigning roles that give different levels of access to different users or user groups, such as managers.
M-Files ensures that information is accessible to the people who need it, and inaccessible and unseen by those who don’t need it or aren’t sanctioned to access it. Access permissions can be controlled by user, group, role, as well as any metadata property — no need for scripting with the flexibility to address unanticipated future needs. Take these two examples:
Employment documents. Employment agreements can be tagged to selected employees, making the agreement visible to that user, their supervisor and the HR department, but no one else. If there’s a management or organization change, just change the supervisor property of the employee and all related documents become visible to the new supervisor.
Sensitive project documents. When project team members are assigned to a project, all associated documents will be visible to only them. Brought on a new team member? Simply assign them to the project group. No need to micromanage and examine permissions for every piece of information related to the project. This approach simplifies onboarding new team members, and also makes it easy to allow external users such as partners and customers to securely access project-related documentation and participate in related processes and workflows.
M-Files also supports the concept of “faceted permissions” — where multiple metadata properties together can define the permissions of a document. In the project-based scenario above, for instance, if permissions are created for project group members, you can make certain document types — like an agreement or contract — visible only to project managers of the related project.
In regulated industries where compliance is key and audits by customers, vendors and regulating bodies are required, M-Files consistently enforces access control policy. M-Files enables businesses to easily prove they are following required procedures and follow regulations.
Audit Trails and Proactive Reporting
Audit trails and proactive reporting are useful during or after a data breach. You can use them to determine who has been accessing files, when they were doing it, and which documents they were after. Your IIM solution will notify you of any suspicious activity that occurs so you can attend to it as needed.
As an example, your IIM can notify you that a finance department staffer, who has access to all invoices, payroll, and tax-related documents is conspicuously downloading confidential information. The information consists of a few vendor invoices, employee payroll, and company tax documents while they’re on vacation, without notifying you of their intent. If you suspect something untoward, once you’re notified, you can block access to all documents until further investigation is conducted.
Sometimes we all hold on to documents or belongings that we should’ve thrown out. While hanging on to a few personal items isn’t disastrous, doing the same with company files presents risk. Although there are certain documents that a company must retain for protection purposes, not all of them have that same weight.
An IIM solution will notify you when certain content has been idle for too long and is taking up space. It’ll then ask you if you want to keep or discard it. If you have no more use for content, you can discard it which ensures that no one has access to old documents that still contain sensitive information.