With the USDA’s recent announcement about developing a plan for new remote work options, a broader shift to flexible workplaces may be imminent within the government sector. Given the large amount of sensitive and proprietary information being discussed and shared within these agencies, adequate security and monitoring measures must be in place before leaders move forward with any remote work plans.
Collaboration security tools expert Devin Redmond, Co-Founder & CEO at Theta Lake, a provider of compliance and security tools for conferencing software, shares his insights on remote work risk and best practices for securing remote work in this Q&A.
Why does remote work pose more security risks than the traditional office environment?
The concept of remote work, or as I prefer to call it, “work from anywhere,” has been present long before the COVID-19 pandemic swept the world. In fact, many organizations were alerting business models to better support remote work with the adoption of virtual collaboration platforms and the pandemic only further accelerated this shift that has become the new digital workspace. The sudden shift to remote work heightened the need for organizations to enable effective communication through various collaboration platforms such as Zoom, Microsoft Teams, Slack, RingCentral, Cisco WebEx and more. Modern collaboration tools support features like cameras, chat sessions, whiteboards and other applications to provide an easy outlet for data and information to be shared. As a result, this has also increased the likelihood of sensitive information being exposed. This widespread adoption of team messaging and collaborating using technologies like videoconferencing have left companies vulnerable and unprepared for the bevy of conduct and information security risks inside the communications within these collaboration tools. Many corporate infrastructures were built in an era where email was the primary mode of electronic communications and are not prepared for the new reality of multi-faceted communications. Security and compliance practices and the supporting technology must consider new risks in our workplaces which are now dominated by information-sharing inside collaboration tools.
Are government agencies at a disadvantage in securing remote work in any way?
Federal, state, and local government agencies, like most organizations worldwide, have had to quickly adapt to a remote workforce. With the USDA’s recent announcement about developing a plan for new remote work options, a broader shift to flexible workplaces may be imminent within the government sectors and they are faced with an increased challenge to deal with information compliance and security risks inside of the communications happening in collaboration platforms, including Zoom, Microsoft Teams, Slack, RingCentral, Cisco WebEx. Given the large amount of sensitive and proprietary information being discussed and shared within these agencies, they now face a great deal of pressure to ensure adequate security, monitoring, and record-keeping are in place before leaders move forward with any remote work plans. If these communication channels aren’t appropriately monitored and supervised to ensure they follow conduct standards and are compliant with data regulation policies, government agencies can face falling victim to detrimental conduct risks and the dire consequences of leaked classified and sensitive data.
What top best practices would you share with government agencies looking to secure their remote work environments?
There are three key pillars that are critical for government agencies to secure their remote workforce:
Invest in security and compliance technology to support the new collaboration-first workplace. Beyond endpoints and governing application access, the new workplace lives inside of your video meeting and chat channels. Embedding security and compliance directly into those rich and often persistent information sharing channels provides visibility and risk mitigation where those risks are more likely to occur. Invest in technologies that integrate directly with the video, voice and chat collaboration tools organizations use without the need to deploy at the endpoint or in the network. Theta Lake, Cisco (through Control Hub, and their ability to sell integrated solutions like Theta Lake) and Microsoft (through Security and Compliance Center and their ability to sell integrated solutions like Theta Lake through their marketplace and co-sell) are among some companies that offer security and compliance technologies for collaboration.
Training, Education and Establishing Policies. Government agencies must be proactive and ensure that they provide the proper training to educate their employees about the best security practices from working from home to mitigate cybersecurity risks and leaking sensitive data. I suggest formalizing a set of standards and policies that employees are expected to adhere to. In particular, when it comes to collaboration tools, employees need to know what they are not allowed to share and are aware and even use technologies to coach them in realtime inside of the meetings to remind them they are being monitored and guide them to best practice behavior when utilizing video, chat, voice, or whiteboarding. Organizations should follow up policies with training using realistic scenarios - as not all risky situations are familiar to users.
Leverage Emerging Technologies. The implementation of deploying solutions that utilize emerging technologies like Artificial Intelligence (AI) has never been greater. Undoubtedly, this has changed the way we work, increased productivity and the response time for detecting risky behaviors that are non-compliant. For example, manual reviews of video for security and compliance risks take nearly three times as long as the video's duration, and that is without the added time to respond. AI-assisted compliance solutions can reduce hours-long reviews to minutes by automatically surfacing exact times and locations of potential risks in video and audio recordings. The key is using technologies designed for the end-to-end outcome and not just bolting on analytics to increasing amounts of data.
How does Theta Lake help secure remote work specifically?
Collaboration tools are pivotal for the workspace to remain fully functional remotely. Theta Lake provides premium compliance and security solutions that are easily integrated with collaboration platforms, including Zoom, Microsoft Teams, Slack, RingCentral, Cisco WebEx and more. Specifically, Theta Lake detects security, data loss and compliance risks in what is shared, shown, spoken, typed, and transferred inside of video, voice, chat, and document content. This includes detections of visual content including images, documents onscreen, applications shared in screen, .gifs, emojis, documents uploaded, transcript analysis and more. These risks are surfaced in an AI-assisted review workspace designed to help information security and compliance teams more effectively and efficiently identify and respond to risks. This includes advanced workflows and integrations with existing archive, eDiscovery, and alerting tools. We can pinpoint potential employee misconduct, high-risk behavior, and sensitive data being exposed in video meetings, chats, and calls, all while providing workflows and reporting to take action and share information to other systems for organizations in the event of any unexpected data loss incidents.