By Achi Lewis, EMEA Director, NetMotion
Compliance is integral to any professional services organisation. Whether you are a legal firm or an accountancy practice, if you don’t follow these regulations, your organisation will be punished financially. Aside from any fines levied by the pertinent regulatory body, the firm is likely to sustain reputational damage which could prove even more costly. I’m sure this is quite obvious to you all, but as working-from-home (WFH) becomes the new normal for many of your firm’s employees, are you prepared for remote working in a way that does not result in compliance issues for your organisation?
COVID has affected the professional services sector in much the same way as any other sector – firms have had to quickly revise their everyday working practices. Ensuring that your people can deliver service levels that clients have grown accustomed to, has certainly thrown up a multitude of new challenges. And before you rush to embrace any new tools or technology that support remote working, they should also allow employees to carry out their duties without impacting the user experience. A more positive and seamless user experience results in less frustration and greater productivity, but should not skimp on compliance in remote working scenarios.
Security and Visibility
It’s not difficult to sell the concept of security when it comes to the safeguarding of sensitive client data. However, keeping all of this client information safe has to be carried out in a manner that is compliant with all of the various applicable laws and regulations. And all of this should still be possible whilst allowing your employees to access internal systems and applications from any location (via any network) without security being jeopardised. And let’s not forget about good old human nature. Some reports have suggested that those who WFH are less likely to follow safe data practices and that some even feel that they can get away with riskier behaviour when working remotely. When you consider that regulators are saying that remote working impacts risk, and requires additional controls and mitigations, then you can see how important it is for firms to put security front and centre.
Of course, technology has already provided some answers in order to help protect firms and to help meet compliance standards. There is (facial recognition) software that can log how long employees are engaging with their screens. This closely simulates the strict regulatory requirements that traders are subjected to under normal work conditions. It can provide answers in case there are any unexplained, long spells of absence. There are valid concerns amidst the high numbers of those in the finance sector now WFH, with respect to how firms are able to monitor any potential leak of inside information? A worthy security solution allows firms to apply policy even when their workforce is working on their own home networks. And it should also include the ability to provide reputation-based domain filtering. This allows firms to limit access to high-risk content that employees would normally (in an office) be protected from – for example, sites known to host malware. Also,consider using role-based access controls to grant selective access to every aspect of the management console. If somebody at the firm doesn’t need access to particular information, then keep them out – this lessens the risk of costly mistakes and reduces the size of the surface for hackers to leverage.
From a visibility point of view, firms need to know what applications are being used and where their data is going. They also need to be able to see who is sending this data and the precise nature of its content. Understanding all of this allows companies to enforce policies that prevent access to unsanctioned services, for example Google Drive or any other cloud storage service not on the approved list. To be fully compliant requires heightened levels of visibility for firms. If you don’t have a complete trail of who was connected, where they were connected, where their data was coming from and going to, and on what device then you will struggle to stay compliant.
Embracing the future
And what about the future? Recent events have illustrated how quickly things can change for any of us. Many argue that we will never return to a ‘normal’ working life. If WFH and remote working continues to flourish then how can you future proof your network for remote access? Plenty of remote workforces are already using a Virtual Private Network (VPN). And with security and IT teams looking for fresh approaches for boosting security and gaining visibility into external networks, there is a tendency to move towards a zero trust architecture.
The concept of zero trust is ideal for any organisation that strives to observe strict compliance regulations; even more so if that organisation has employees that need to access the network remotely. These days thankfully, it is possible to enjoy the best of both worlds. That is to say, both a mobile VPN (when needed), together with a zero trust network access platform that prevents lateral movement through a corporate network. Staying on top of device, network and application status in this way, ensures that users remain totally compliant without the need for intervention.
With WFH and remote working staying on the agenda for the foreseeable future, firms need to maintain their high standards when it comes to compliance.A largely home-based and remote workforce will certainly throw up challenges for any organisation. They must be able to connect their workforce securely without sacrificing user experience. They must preserve vigorous levels of compliance and keep regulators satisfied. Technology will undoubtedly provide an array of tools, but choose wisely.