Employees are taking data out of the control of the businesses that employ them and exposing the companies to risk, a recent Veritas Technologies report, the Veritas Hidden Threat of Business Collaboration, found.
While employees are using collaboration tools to close deals, process orders and agree pay raises, many are doing this despite believing that there will be no formal record of the discussion or agreement.
To find out more about this study’s findings, iTNews Asia spoke with Andy Ng, Vice President and Managing Director for Asia South and Pacific Region at Veritas Technologies.
iTNews Asia: From a data perspective, what exactly are the risks companies are exposed to when employees misuse IM?
With work-from-everywhere, business data is sprawling across different locations. Deals are closed, orders processed, and sensitive personal information are being shared on collaboration platforms such as Zoom and Teams.
From a data perspective, companies are exposed to data breaches, legal and compliance risks when employees misuse IM. For example, 58% of employees globally (Singapore: 54%) are saving their own copies of information they share over IM, while, conversely, 54% of employees (Singapore: 53%) delete it entirely.
Either approach does not serve the company well – the former could potentially lead to data falling into the wrong hands of cyber felons while the latter could subject companies to hefty fines if the regulators ask to see a paper trail.
With many organisations putting priority on “just making things work” since the onset of the global pandemic, policies for creating, storing and sharing data are either not in place or have not kept up with the rapid evolution of information sharing. The use of IM is a double-edged sword.
- Andy Ng, VP and MD for Asia South and Pacific Region at Veritas Technologies
On one hand, it offers an efficient way of communications and sharing information. However, the lack of content filtering or archiving makes it difficult for IT department to discover potential breaches of policy, hold individuals accountable for any misuse or have a paper trail for important decisions.
iTNews Asia: What are the steps that businesses must take to regain control of the data being shared over IM and collaboration tools? What is the importance of backing up such information?
In the Asia Pacific region, external threats (which includes data breaches and ransomware) and internal attacks (which includes leaks and employee errors) are the top IT concerns cited by organisations.
The purpose of backing up data is to have a secure archive of critical business information such as classified documents for legal and compliance use or customer databases. In the unfortunate event of data loss, businesses would be able to restore devices quickly and seamlessly, to ensure data and applications are always available to meet operational and regulatory requirements.
We recommend the following steps for businesses that want to regain control of data being shared over messaging and collaboration tools:
- Standardise on a set of collaboration and messaging tools that meet the needs of the business – this will limit the sprawl
- Create a policy for information sharing – this will help control the sharing of sensitive information
- Train all employees on the policies and tools that are being deployed – this will help to reduce accidental policy breaches
- Incorporate the data sets from collaboration and messaging tools into the businesses’ data management strategy using eDiscovery and SaaS data backup solutions – this will empower users to make the most of the tools without putting the business at risk
iTNews Asia: What are the common mistakes businesses are making that only adds to the “data gap” they’re experiencing now?
As companies drive digital transformation to gain a competitive edge, the gap between digitalisation and IT resiliency will continue to widen.
With less than half of respondents in our Ransomware Resiliency Report tested their disaster recovery plans within the past two months, and an IT environment that is becoming increasingly siloed and complex, enterprises have to do more robust resiliency planning.
The impulse given to accelerated digital transformation by COVID-19 has also resulted in a gap where technology transformation has outpaced the implementation of data management tools.
The rise of the hybrid working model has also led to companies rushing to provide mobility solutions such as laptops and tablets and remote access to data and applications without setting up a proper data protection and management policy to ensure data is both protected and compliant. This will expose companies to greater risks as malicious actors can now target more end-point client devices.
With the acceleration of cloud adoption and rising multi-cloud complexity, businesses are also grappling with the issue of ensuring workload portability, with stored data and diverse applications located across on-premises and cloud-based infrastructure.
To address this data gap and ensure business resiliency, organisations must regain control of their data and deploy optimised data protection solutions that deliver visibility and security, no matter where data resides.