Peer to Peer: ILTA's Quarterly Magazine
Issue link: https://epubs.iltanet.org/i/1356436
78 that reaps rewards in terms of information accessibility, ease of governance in a firm's document management system (or provider's cloud portal), and long-term storage and permanent withdrawal savings. In the new operational model, day-forward scanning has become an integral tool to support the work-from-home users and its benefits extend to firms even when end users return to the office. Remote Knowledge Workers and BYOD Security Most work-from-home users were issued firm-owned laptops which allowed firms to monitor and control access like they do in the traditional office environment. Non-firm owned components and ancillary devices, such as printers, smartphones, tablets, and even WiFi connections, are more prominently being utilized by the work-from-home users. These bring-your-own-devices (BYOD) pose an information security risk to firms in the absence of well-written, effective policies that are fully understood by all users and effectively managed by the firm's information security team. BYOD's offer the firm great benefits, most notably productivity and cost savings, and should not necessarily be ruled out as part of the strategy to support the work-from- home end users. Allowing access to firm networks and files from smartphones or tablets creates great flexibility for the end user, leading to increases in productivity. Additionally, the cost of allowing end users to utilize their own devices – devices most end users already have for use in their personal life - is quite simply cheaper. While these benefits are attractive, they do not come without risk. Allowing BYOD's requires firms to have a specific, manageable policy in place that address key issues with security. These key issues include: • Define what BYOD means to your firm and outlining what devices are acceptable • Define – and enforce - specific security policies that address passwords, authorized users, and authorized uses • Be transparent with language that may require the end user to agree to wiping all data, including personal data, from a lost or compromised device • Determine what application limitations should be in place such as not allowing file sharing applications that are not firm-sanctioned Having a well written, effective BYOD policy as part of the firm's overall information security policy is key to keeping firm and client information secure while recognizing the benefits that these tools bring. BYOD's can be a critical component of a successful remote workforce and effective policy is essential to closing the governance gap this tool creates in the new operational model. Yes, You Can Govern Teams, Zoom and SMS The explosion in adoption of messaging and meeting applications such as Microsoft Teams, Zoom and Slack requires attention. Teams, for instance, defaults to retain messages indefinitely and lacks the ability to support advanced retention settings, such as governance applied to sensitive information based on keywords typical in identifying PII and PHI. While retention can be manually applied to Teams, the risk inherent with sensitive information residing in this platform should drive new, appropriate use policies. Zoom warrants mention given its availability in many flavors – free, Pro, Business and Enterprise. Only paid subscriptions allow for administrative capabilities, such as