Today’s business collaboration platforms and tools continue to evolve, and recent headlines from Wall Street suggest that regulatory compliance can no longer be an afterthought. Theta Lake recently published its annual research, the 2022 Modern Communications Security and Compliance Report. Surveying over 500 global compliance and security leaders, the report found that two-thirds (66%) of respondents believe employees in their companies are using unmonitored communications channels, posing big risks for security and compliance.
67% expect the usage of collaboration tools across popular platforms like Microsoft Teams, Zoom, Webex, Slack and RingCentral to increase – presenting complex challenges for those tasked with maintaining compliance, security and data privacy. As new communication channels proliferate, legacy and often manual archiving solutions are leaving critical blind spots.
We spoke with Stacey English, Director of Regulatory Intelligence at Theta Lake to dive further into the report:
How has communication at work changed since Return to Office (RTO) initiatives kicked off?
While we’re seeing more of a shift towards a hybrid office environment, that hasn’t
changed the virtual working nature we’ve become accustomed to over the past three
years. The adoption and usage of unified communication platforms remain the foundation of the modern workplace, and it continues to grow. More than two-thirds of respondents in Theta Lake’s 2022 Modern Communications Compliance and Security survey report expect the usage of collaboration tools across popular platforms like Microsoft Teams, Zoom, Webex, Slack and RingCentral to increase in the next year. In fact, employees are leaning further into messaging and video for a quicker and easier way of communicating with colleagues and clients alike. That can be seen through a growing preference for the feature-rich tools available through these platforms over legacy methods of communication, with 81% using chat and 63% using video as much or more than email to communicate.
From a security and compliance perspective, the regulatory expectations remain the
same wherever individuals work. With the pandemic largely over, RTO means people
are “on the go” and traveling again. The increased use of mobile messaging and
collaboration tools presents the same risks and challenges whether employees are in
their homes, within the walls of an office, or communicating from a train or coffee shop.
What was most surprising about this research?
Collaboration platforms have been integral to business operations over the last three
years, and our research indicates that usage isn’t slowing down, making it all the more
important for organizations to have complete visibility into the channels employees are
using to collaborate. Our report uncovered a significant gap between business
communication platforms and the visibility needed to remain in compliance, with 39% of
respondents citing gaps in coverage as a top challenge.
One of the biggest surprises, and concerns, is that two-thirds of respondents believe
their employees are using unmonitored communication channels. This comes at a time
when intense regulatory scrutiny and enforcement are surrounding unmonitored
channels, like mobile messaging and WhatsApp, resulting in over $2 billion in fines from
financial regulators in the US. We can expect other regulators and jurisdictions to follow
suit, so this is a wake-up call to heavily regulated industries to implement compliance
and security tools that support modern business collaboration.
There's a line between compliance and security. How should organizations be
thinking about their approach to both?
Underlying all the compliance challenges with the usage of modern communication tools
is a fundamental concern about the security of sensitive information. In particular, the
transfer of files via chat, the ability to share links in chat or on screen and the risks of
screenshare are considered the greatest risk to compliance, security and privacy.
In practice, that leads to many compliance teams trying to control communications by
turning off key features or banning the channels they believe are the riskiest, which
leads to disgruntled employees who seek out unmonitored platforms to engage with
customers.
The evolution of workplace communications necessitates that compliance, security and
unified communications teams be interlocked in decision-making moving forward.
Organizations need to incorporate market-leading tools that support compliance
integration with rich feature sets and modernize with the compliance and security tools
that support those features and integration capabilities. By creating a positive path of
least resistance for employees, businesses can increase productivity while compliantly
communicating with customers and partners where and how they prefer.
How should organizations approach improving the security of their workplace
communications in 2023?
For compliance teams that use legacy archiving solutions, modern communication
platforms have proven difficult to oversee. For example, our report found that 85% of
organizations experienced challenges in retrieving records, while 33% used significant
manual resources to search multiple systems and modes of communication. With gaps
in coverage cited as a top challenge with current archiving tools, the findings highlight
the growing divide between tools built for email and the need for enhanced archiving and
supervision capabilities to keep pace in today’s increasingly complex communications
environment.
As businesses chart a path forward, the focus should be on picking the right subset of
the most advanced, market-leading UC tools like Zoom, Slack, RingCentral, and Cisco
Webex for compliance integration and modernization with tools like Theta Lake, that
provide tightly integrated compliance and security coverage for the full feature set of
those UC tools.
This approach will ensure organizations are protected from potential fines and sanctions
for not having visibility into or being able to provide timely, complete communications
records for investigations, litigation, data privacy or other compliance purposes.
###