Cut me some Slack: the poor data practices threatening modern business

Remote working has heralded many benefits in terms of productivity for office workers across the country and these benefits are likely here to stay, with the Department for Business, Energy & Industrial Strategy consulting about making flexible working the default

But there have also been some drawbacks to remote working for businesses navigating these new waters. As personal and corporate worlds collide, many organisations may find that their data is at risk of being shared on unsecured networks and on unofficial communications channels. And no organisation is shielded from this danger. A former national security official recently spoke candidly about UK senior ministers not following policy, and opening sensitive government data to cyber-attacks. This comes two years after suspected Russian cybercriminals stole the entire cache of messages from a former cabinet minister’s email account.

Communication weaknesses, across all levels of seniority, is a real cause for concern, especially when valuable information is at stake. According to research from Veritas, the rush to digitally transform in response to the changes brought about by COVID has left many organisations dangerously exposed to data threats, such as ransomware. In fact, UK businesses estimate it will take an average of £1.88 million, 22 new IT staff each, and another two years, to resolve the vulnerabilities they are suffering.

Data management and the great remote working experiment

In the last 18 months, the rapid shift to remote working has enabled office workers to become even more acquainted with instant messaging services such as Zoom, Teams and Slack. Veritas research found that the amount of time employees spent on these types of business collaboration tools has increased by 20% since the start of the pandemic. So, it should come as no surprise that an enormous 71% of office workers admit to sharing sensitive and business-critical company data using these tools.

Although instant messaging and collaboration technologies have been critical to maintaining a semblance of ‘business as usual’ in the height of a global crisis, if the data shared via these applications isn’t properly protected, companies will find themselves at serious risk of that data being lost, leaked, or getting into the wrong hands.

Falling foul to data protection regulations such as GDPR can be very costly, as Amazon recently discovered. But losing control of data also opens businesses up to the threat of ransomware attacks if businesses have no way of even knowing what data was shared via these tools, let alone recovering any of it. As instant messaging and collaboration tools begin being treated by employees as an accepted form of business communication, companies must ensure they’re backing up and protecting the data shared via those platforms.

The question is: how do they get on top of this and protect themselves from any potential fallout?

Empowering employees with tools and training

In order to take back control of their data, businesses should begin by standardising on a set of collaboration and messaging tools that meet the needs of the business. Many businesses relied on

remote working to survive through the pandemic, and for most, work from home is set to continue in some capacity. So, the benefits of these tools, if managed correctly, are vast. But selecting just a few of these tools that employees can use for business purposes can help organisations contain data and limit sprawl.

Once a standard set of tools has been established, it’s imperative that businesses create a policy for information sharing to help control the sharing of sensitive information.

Employee training on the company policies and tools that are being deployed can help employees understand the significant risks and repercussions associated with data misuse. Training should include regular reminders on what information should and shouldn’t be shared, and the accepted channels of communication for business purposes.

Our research found that sensitive data being shared by employees on collaboration and instant messaging tools includes client information (16%), details on HR issues (13%), contracts (13%), business plans (12%), and even COVID-19 test results (13%), with less than a third of employees suggesting that they hadn’t shared anything that could be compromising. 7% of employees also admitted to sharing corporate passwords over instant messaging platforms. In the wrong hands, this type of information can be used by hackers to lock a business out of its systems.

Companies should also keep employees up to date on the latest data protection regulations. Making data protection the responsibility of all individuals within an organisation can help to reduce accidental policy breaches.

And finally, but perhaps most importantly, businesses must ensure the data sets from collaboration and messaging tools are incorporated into their data management strategy using eDiscovery and SaaS data backup solutions. This will empower employees to make the most of the tools without putting the business at risk of falling foul to regulators or becoming a victim of ransomware.

Redressing the balance

The foundation of a strong data protection strategy lies in a thorough understanding of the value and location of the data that needs to be protected. The rapid shift to remote working has meant more and more workforces rely on cloud-based collaboration platforms. But before cloud data sets can be properly protected from threats like ransomware, IT teams need to know exactly what data has been sent to which cloud services. Today, almost half don’t even know how many cloud services their companies are using, let alone what they are, or whether they’re backed up and can be recovered at scale in the event of attack.

Everyone has been stretched by the challenges of COVID, and businesses were right to prioritise the immediate challenges of rapidly adapting their business offerings and empowering the shift to remote working, as these were critical to their survival. Now though, the time has come to take action and redress the balance between introducing new solutions to their technology stack and ensuring they have the protection capabilities to cover them.

About the Author

Ian Wood is Head of Technology UK&I, Veritas Technologies. Veritas Technologies is a global leader in data protection, availability and insights. Over 80,000 customers—including 87 percent of the Fortune Global 500—rely on us to abstract IT complexity and simplify data management. The Veritas Enterprise Data Services Platform automates the protection and orchestrates the recovery of data everywhere it lives, ensures 24/7 availability of business-critical applications, and provides enterprises with the insights they need to comply with evolving data regulations.


Featured image: ©Ascannio