Companies Still Struggle with Compliance and Oversight

    Slide Show

    5 Steps for Proactive Cyber Risk Management

    How do you electronically communicate with your clients, customers, and business associates? Think about it for a moment. For most of us, we’ve moved well beyond phone calls and emails. We text. We Skype. We send instant messages. We post on social media. And those are just the ones I use on a regular basis.

    However, according to a recent study from Smarsh, companies are struggling to ensure that the increasing electronic communications outlets meet compliance regulations. And, as the report stated:

    The value of electronic communications retention and supervision also extends beyond the regulatory checkbox. Sixty-five percent of respondents report that the compliance function is responsible for handling requests to produce electronic communications data for e-discovery or other business purposes, bringing compliance into more aspects of business operations.

    My takeaway from this study is that, even though social media communications and BYOD aren’t new issues in the business world, companies continue to struggle to figure out how to monitor, regulate, and draw up policies that keep these forms of communication in compliance with industry and government regulations. For example, as eWeek pointed out:

    More than 40 percent allow employees to use LinkedIn and Facebook and have no supervision solutions in place. Likewise, 60 percent allow employees to use messaging for business communications, while nearly 70 percent fail to archive that content.

    Would it be easier to simply say “no” to BYOD or social media or messaging apps, which seem to be the worst compliance offender? Yes . . . and no. As an EnterpriseAppsTech article explained, while it might be easier for highly regulated companies and industries to Just Say No to these outside communications:

    it can serve to alienate users and is frankly difficult to enforce. In many cases, users will go around the regulations and connect unauthorized devices to the network, opening up a variety of security and compliance issues.

    So, it is better to go with the problem we know than with the one we don’t, right? Perhaps, but it is time for companies to step up their ability to monitor communications tools because if they don’t, the consequences could be catastrophic for a business. Lack of compliance could result in industry-related fines or data breaches or other security risks that could cost the company in lost business and a damaged reputation. That’s why Stephen Marsh, CEO and founder of Smarsh, warned companies that they need to rethink their approach to the use of today’s electronic communication tools, adding in a formal statement:

    Our data illustrates that too many firms are not retaining and supervising different types of electronic communication, and not performing systematic supervision as regularly as necessary. Those that do have established surveillance programs are struggling to find efficiencies under the weight of a growing volume of electronic communication.

    Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom’s Guide. You can reach Sue via Twitter: @sueporemba.

    Sue Poremba
    Sue Poremba
    Sue Poremba is freelance writer based on Central PA. She's been writing about cybersecurity and technology trends since 2008.

    Latest Articles