In a flash, the world has been thrust into a new way of working. Some professionals, like software engineers and writers, have experience working from home. But for so many workers, it's an unfamiliar world. There's the financial advisor who switched from in-person client meetings to Zoom video calls. Or the dermatologist who's doing telemedicine for the first time. Millions of educators are navigating online learning on the fly. All are facing new logistical and productivity challenges.
Digital compliance professionals are navigating challenges too. The programs and procedures you put in place to protect your business were not designed for a work-from-home workforce. Many are wondering: how do we adapt and stay compliant?
At the same time, employees are concerned about reaching clients. Open and flexible communication matters now more than ever. Clients are worried about their health, their money and their families. And they have a lot of questions. Your employees are eager to provide the help they need.
To help you, we've assembled some tips for staying compliant while you enable your teams to keep your business running.
One important note: the information provided in this article does not, and is not intended to, constitute legal advice; this content is for general informational purposes only.
Compliance Tips For Your Remote Workforce
Cybersecurity Compliance Requires Take Stock of Communications
Ensure that employees continue to use the proper channels for internal and external communications. Faced with the realities of working from home, employee behaviours may be changing. Here are some things to consider:
- Have new communication channels emerged?
- Are employees using new content types, such as video, to communicate?
- Has adoption of previously under-utilised tools increased? For example, maybe you just rolled out a limited trial of Slack, but suddenly the entire company is using it.
- Do regulated employees need access to tools they didn't need before, like Microsoft Teams or Zoom?
- Are technical challenges or inconveniences leading employees to use risky shortcuts like texting or personal email?
To get answers, you may need to talk to employees. Your communications platforms may also have data you can use to understand traffic patterns and behaviours. It doesn't really matter how you get your information. The key is to understand what's really happening and where employees face communication challenges. You can use that intelligence to educate employees and adjust your compliance monitoring software and cyber security programs to current realities.
Make the most of your existing technology
You’ll also want to consider whether employees are using communication channels in ways that expose your business to risk. For example, employees new to screen sharing may inadvertently share confidential information on Zoom. Or they may create content in Slack that you can't capture.
Limiting access to certain features can be a quick fix for some of the biggest risk areas. For example:
- Consider disabling in-conference chat if you're unable to capture it
- Can you limit screen sharing to a single application window so employees can't share their entire screen?
Now's a good time to review and use administrative controls within communication platforms to limit your exposure to risk.
Here are some resources that may help you navigate the administrative controls for your platform(s):
- Managing user groups in Zoom
- Getting started with Cisco Webex Control Hub
- Assigning policies to your users in Microsoft Teams
- Adjust settings and permissions in Slack
Ultimately, in this time of restricted in-person access, employees will benefit if they can use digital communication tools as flexibly as possible. It may be best to use some controls as a short-term fix while you work out a solution for capturing more content from emerging and existing tools. Also consider separate policies for internal versus external communications, which some regulators, such as FINRA, treat differently.
You may also wish to expand your surveillance and supervision to non-regulated employees. This could help you spot high-risk behaviours that might be arising, like employees sending information in ways that are not safe or sending potentially protected information through channels that are not utilising compliance monitoring just to get the work completed. When no one's looking and overloaded networks are hard to access, employees may be tempted to turn to informal channels like personal email and put your business at risk.
Communicating your approach with employees will go a long way. Help them understand the steps you're taking to balance compliance risk and employee enablement. You may encounter less friction and frustration along the way.
If you can't use technology, educate and inform
We're dealing with humans, so technology will only take you so far. To fill in the gaps, provide employees with best practices and guidance on their compliance obligations during this time, such as:
- The proper channels to use for internal versus external communications
- How to avoid exposing private information
- Screen sharing rules
But proceed with caution. Most people are overwhelmed with information right now, in their personal and professional lives. They have limited bandwidth to absorb all the ins and outs of compliance. Focus on what's critical and make the most of the few moments of their attention that you get.
Feel free to use this template:
Subject Line: Compliance reminder
Hi Everyone,
Many of us are working from home for the first time and are adapting to new ways of communicating with clients and each other. During this time, our compliance and regulatory obligations are just as important as ever.
To help protect {Company Name} and our clients, please keep the following guidelines in mind:
- {Reminder #1, e.g. “Limit screen sharing to a single application and not your entire screen to avoid inadvertently sharing protected information.”}
- {Reminder #2, e.g. “Just as you would in the office, close and lock your laptop when away from your desk, to avoid exposing protected information to other members of your household.”}
- {Reminder #3, e.g. “Acceptable methods of communicating with clients include X, Y, and Z”}
Let us know if you have any questions.
Keep up with guidance from regulators
In recent weeks, regulators have issued guidance on the responsibility of businesses during this time. As the situation evolves, they will likely continue. Here are some resources you can use to stay up to date:
And finally, remember that everyone is experiencing this at the same time. The message of "we're in this together" has dominated the news and social media in recent days. It's no different in our professional lives. Reach out to your compliance peers, share insights, and learn together.
While the challenge is particularly acute right now, the lessons we learn today will help us long into the future. In recent years, researchers have shown that the workforce is growing more distributed. This is a good opportunity to prepare your organisation to adapt to that trend over the long run.