How your remote employees may be sharing sensitive data

The shift to remote work means that organizations are more reliant than ever on messaging apps and collaboration tools. But this reliance also carries certain risks, especially when it comes to dealing with business data. A report released Wednesday by data management firm Veritas revealed how employees are sharing company data while working remotely and offers advice on how businesses can regain control of that data.

SEE: Navigating data privacy (free PDF) (TechRepublic)

For its Hidden Threat of Business Collaboration report, Veritas polled 12,500 office workers across 10 countries. Among the respondents, 71% admitted to sharing sensitive and business-critical company data using messaging and collaboration tools.

In the U.S., for example, 58% said they save their own copies of business data shared via messaging, while 51% delete that information entirely. Either action could expose organizations to fines if regulators ever want to see a paper trail, Veritas said.

Sensitive data shared by remote employees in the U.S. includes client information, details on HR issues, contracts, business plans and even COVID-19 test results. Regular business is also being conducted using messaging and collaboration tools, with the agreements being taken as binding. In the U.S., 24% of employees have used these messaging and collaboration tools to accept and process an order, 25% have accepted a reference for a job candidate, and 20% have accepted a signed version of a contract.

As employees increasingly use collaboration tools to execute deals, process orders, and agree to pay raises, the problem is that there is no formal record of these discussions or agreements. Only 56% of the U.S. respondents said they believe that employers are saving this type of information.

SEE: Working from home: How to get remote right (free PDF) (TechRepublic)

Organizations are certainly aware that sensitive data is being shared this way. In the U.S., 39% of employees said they’ve been reprimanded by their bosses for these actions. However, 75% said that would continue to share information this way in the future. Asked to cite which methods they see as a reliable confirmation of an agreement, 93% of respondents would trust instant messaging, 89% would trust a text, and 68% would trust social media.

“Business data is now everywhere,” Ajay Bhatia, general manage for Digital Compliance at Veritas, said in a press release. “Deals are being done, orders are being processed, and sensitive personnel information is being shared, all through video-conferencing and messaging platforms. It is now critical for companies to include this rapidly growing volume of data in their protection and compliance envelope. If they don’t, the implications could be huge.”

To help organizations gain back better control of sensitive data, Veritas offers the following four tips:

• Standardize on a set of collaboration and messaging tools meeting the needs of the business to limit the sprawl.
• Create a policy for information sharing to help control the sharing of sensitive information.
• Train all employees on the policies and tools being deployed to help reduce accidental policy breaches.
• Incorporate data sets from collaboration and messaging tools into your data management strategy using eDiscovery and SaaS data backup solutions. This will help users maximize the tools without putting your organization at risk.

Contents show

1 Cybersecurity Insider Newsletter

2 Also see

Cybersecurity Insider Newsletter

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays

Sign up today

Also see