5 Best Security Practices for Remote Teams During Coronavirus and Beyond

Social distancing measures taken by responsible employers have greatly increased the number of employees working remotely. Even in the midst of this crisis, some companies and their employees can enjoy the objective benefits of not having to waste time and money on long commutes. At the same time, plenty of businesses really didn’t have the structure in place to support a vast, full-time work-at-home workforce with the security of business processes they needed.

Remote Workforce Security Challenges During the Coronavirus Outbreak

Because employees or departments scrambled for ad-hoc solutions to remote working, they sometimes sacrificed robust security to get up and running as quickly as possible. Sadly, cybercriminals can also work from home or other remote locations, and many saw the rise in remote workers as an opportunity.

For example, one survey of security professionals found: 

  •  A majority of security employees struggled to offer strong security solutions to remote employees.
  • At the same time, almost half of the respondents reported seeing an increase in phishing attempts.
  • Most of these corporate security pros had concerns about their ability to scale security, respond to abrupt environmental changes, and the difficultly of controlling employee use of unknown and untested software.

Five Best Security Practices for Remote Employees

With the increase in cyberthreats and the concerns of security professionals in mind, it’s a good idea to consider some best practices to help keep business systems free of threats and just as important, to ensure compliance with rules that govern privacy and security in different industries.

1. Two-Factor Authentication

With two-factor authentication, sometimes called 2FA, users have to finish their login with a code that gets sent to another device, typically a cell phone. It takes a few seconds longer to access the system, but it provides better protection against phishing attacks. One CTO found that this simple measure reduced security problems in his company by almost 40 percent.

2. Use Secure Connections

Obviously, most of these home workers will rely upon their home Wi-Fi connections. Without any other protections, your security will only be as good as whatever the employee’s home internet company, router, and password can provide. To boost security, you might have employees log in through a VPN or other method of encrypting communication between their home device and your corporate systems.

3. Endpoint Security and Monitoring

No matter how well you protect logins and communication, you still can’t always avoid the threat of malicious code entering your system. On your server end, you can employ software to block threats and monitor system usages.

Even though most threats may stem from accidental vulnerabilities, it’s impossible to ignore the rise of inside jobs as a source of risks. Not only will these systems provide a firewall against malicious software, they can also send automatic alerts for unusual data use and provide a clear audit trail just in case something does happen.

4. Develop and Create Clear Security Policies

Even before the coronavirus outbreak, companies grappled with security issues that stemmed from remote workers and the rising use of personal devices.

For example:

  • In some cases, you may allow personal devices, so long as employees adhere to other security policies. For instance, you may require installation of approved security software and only let employees login to your network through your corporate VPN.
  • In other cases, you may ask employees in sensitive areas to only use the laptops or other devices that you have issued to them and to only use them in approved ways. For example, you may restrict these company-issued devices to work and not allow employees to use them to watch videos or browse social sites.

In any case, it’s important to develop clear policies. In addition to communicating these rules, you should also ensure that employees understand why they’re important and that they can incur consequences for ignoring them.

5. Deploy Secure Information Systems

Deploying intelligent and robust document and data management systems may not take as much of an effort as you think it will. These systems come designed and built to offer robust security and rule-based access for both in-house and remote workers. They also provide audit trails and guarantee recoverability, so if something suspicious happens, it’s easy to trace the issue to its source and remediate it.

How M-Files Offers the Best Solution for Remote and In-House Employees

Companies that already employed a smart data management system like M-Files didn’t have to worry about an abrupt change from working in a corporate office to a home office.

For example:

  • Access to documents could already have been set by role, so the people who needed information would have an easy time accessing it, according to their security levels. To others, that same information would be invisible. The right people could view, change, add, or delete information, and others would not even see it exists.
  • With built-in encrypted access and simple rollbacks for recoveribility, M-Files also has already been certifed as an ISO-27001 Certified Provider. This standard meets the requirements for the most sensitive data and systems.

Besides security, the intelligent features of M-Files can help improve your business processes. To learn how M-Files can help protect your business, employees, and information, schedule a custom demo today.

Source: https://resources.m-files.com/blog/5-best-security-practices-for-remote-teams-during-coronavirus-and-beyond

Why ‘Set It and Forget It’ Information Governance Matters More Than You Realize

Anyone who has ever spent an appreciable amount of time working with business information knows full well that the sheer volume of content within their deployment is growing by the day. But at the same time, the variety of content is also on the rise — which can easily lead to governance issues before you know it.

This was always an issue for organizations in the process of scaling, but it has become increasingly difficult in the wake of the still ongoing COVID-19 pandemic. With more employees working from home than ever, information management solutions have become more than just tools to store important files in the cloud. They are literally the foundation of your workforce right now, allowing people to better communicate and collaborate with one another during a time when they’re not going to be able to get back in the same shared space for the foreseeable future.

This, in essence, is why ‘Set It and Forget It’ governance is so important. Every minute that you spend trying to make sense of your infrastructure or trying to get third-party add-ons to work the way you want, is a minute that you’re not actually acting on the insight contained in your data and using it to propel your business forward. Thankfully, most IT leaders seem to understand the gravity of the situation.

The Power of ‘Set It and Forget It’ Governance: An Overview

M-Files intelligent information management solution helps achieve a ‘Set It and Forget It’ governance strategy. With workflow rules, organizations can maintain consistent records management policies. Documents in a governance workflow would be governed by a ruleset whereby any of the following would happen automatically:

  • Records would be disposed of or retained according to policy
  • Stakeholders would be notified to review batches of documents designated for a certain disposition

Files can automatically be added to this workflow, as well, through metadata. If, for instance, a file matches certain criteria — say, a type of contract — it would automatically be applied to a governance workflow.

Thanks to a lot of these features, information in all repositories across the organization are standardized with common ‘Set It and Forget It’ governance standards. Really, what this means is that there is now no longer a need to transfer important information like records or compliance documents to a totally separate repository. This approach to governance only ever worked with records that you didn’t need to use that often and created quite a significant challenge in terms of management for everything else. Active records obviously need to be available with their critical context intact — meaning in a way that allows you to retrieve all relevant documents and see all crucial tasks also quickly. Now, these types of records can be actively managed within the M-Files platform — which is really the most important advantage of all.

In the end, ‘Set It and Forget It’ governance is all about breaking down yet another data silo so that information can move freely across your organization for the first time. Rather than forcing your employees to use a number of different tools just to get work done — thus increasing the time it takes them to complete those important tasks to begin with — they should have access to absolutely everything they need, all under one roof.

But you also shouldn’t have to work very hard to get to this point — which is really what ‘Set It and Forget It’ governance is all about. It’s about making it easier to get the highest return from your IT spending and from your technological investment, not harder. You’ll still need to make sure that the business strategies that are driving your technology investments are carefully thought out, of course. You should never invest in a solution because you think you need to — it should be the right move to make given whatever you’re trying to accomplish at the moment.

Thankfully, “simple” has emerged as a recurring theme when it comes to businesses who are embracing cloud platforms and process standardization — and it absolutely could not have come at a better moment. 

Source: https://resources.m-files.com/blog/why-set-it-and-forget-it-information-governance-matters-more-than-you-realize

3 Weak Spots Where Your Information Governance Breaks Down

To say that information governance is critical in the fast-paced digital era that we’re currently living in is probably a little bit of an understatement.

Every day, businesses are creating countless volumes of data that contain the insight necessary to guarantee success for the next five, ten or even twenty years of that organization’s existence. The problem is that if you can’t dive beneath the data and uncover the true narrative playing out, the data itself is effectively worthless. Without the right information governance plan, you’re really just talking about little more than a series of 1s and 0s sitting on a hard drive somewhere.

This is all especially important during an era when more people are working remotely than ever, thanks in large part to the ongoing COVID-19 pandemic that continues to drag on. Employees are using mobile and cloud technology to stay productive while on-the-go, creating even more challenges in terms of managing information in a way that allows it to remain productive and useful.

However, even organizations that understand the importance of information governance often run into issues — as this exceptional AIIM article goes a long way towards illustrating. It outlines not one but three pressure points that usually cause information governance policies to fail, and we thought we’d take the opportunity to both recap and present our own unique solution for each one.

Weak Spot #1: Information Entry Points

One of the biggest areas where information governance tends to break down is also, for most organizations, among the most immediate: the point at which that information enters your system to begin with.

These days, even small enterprises have more information coming into their environments than ever. But a lot of organizations have thus far been slow to adapt their governance strategies, particularly to take advantage of the fast-paced cloud and mobile-driven worlds that we’re currently living in.

For example, did you know that only about 40% of businesses have automated processes to guarantee the deletion of personal information? Likewise, did you know that 85% of people see that a failure to digitize, standardize and automate business inputs is one of the key bottlenecks that appears during a digital transformation?

This is one of the biggest reasons why it’s so important to have an information management platform like M-Files. Whether you’re talking about capturing information with scanners or the native input of files and information using other tools, within M-Files, the entry point is automatically equipped with artificial intelligence-enabled metadata. This helps guide the information through its lifecycle, making it more searchable (and ultimately useable) at the same time. So regardless of being forced to focus so much on WHERE the information is, you can instead devote your attention to WHAT it is — which is exactly the way things should be.

Weak Spot #2: Information End Points

Another one of the major pressure points for information governance comes down to information endpoints — a topic that is far more complicated than most people assume.

Endpoints can be practically anything — from personal workstations to smartphones to Internet of Things devices and beyond. If you’re unable to access data on those endpoints, you’ll have a far harder time leveraging and growing historical data intelligence, validating past categorizations and much, much more. You’ll also likely be dealing with a lot of duplicate data, which can make it even more difficult to find exactly what it is that you’re looking for when you need it the most.

Weak Spot #3: Policy Administration

Finally, we arrive at policy administration: something that a lot of organizations are still trying to do manually, to mixed results.

If you’re still trying to do everything “the old-fashioned way,” even keeping your information governance policy up to date can be an uphill battle. Never forget that every minute you’re spending trying to get this right is a minute that you’re not focused on those matters that really need you. Plus, depending on the size of your enterprise, trying to demonstrate compliance may not just be difficult… It might be literally impossible.

If this describes your own situation, don’t worry — you’re not alone. That AIIM article referenced above indicated that for about 70% of organizations, key governance processes are less than 50% automated across the board. Even today, a lot of businesses still find embracing automation something to be far easier said than done.

That is, unless you leverage the right information lifecycle management tool like M-Files to do all of this for you. As stated, M-Files is built to guide information through its lifecycle with workflows as efficiently as possible. Those workflows notify all key stakeholders when a document has reached the end of its useful life, thus allowing them to quickly do something about it.

Plus, M-Files will automatically save documents that need to be kept due to regulatory compliance and much, much more. All of this makes sure not only that your information governance policy is executed and managed in just the right way — it frees up as much of your valuable time as possible so that you can focus on those tasks that actually generate revenue for your business.

Source: https://resources.m-files.com/blog/3-weak-spots-where-your-information-governance-breaks-down-4