IT leaders discovered flaws in their governance risk management when employees shifted to a remote work model. They should have equipped the staff with better collaboration software and an online database for easy accessibility. The workers would have been more agile in a rapidly changing office environment. In this article at Transforming Data with Intelligence, Mike Safar provides useful insights into governance risk management.
Connecting Shadow IT and Virtual Teams
When your employees start using services and performing activities beyond the control of your IT department, shadow IT evolves. For instance, storing official data in a personal hard drive or sharing confidential information through unofficial applications. According to a Ponemon Institute study, a data breach can cost USD 3.92 million. If it is a costly affair, why do organizations resort to shadow IT? Let’s find out the reasons here:
- Business units unknowingly customize and use local practices and devices that work in their favor but are obscure to official IT protocols. Automate the information control approaches that help them go with the organizational standards and reduce your governance risks.
- Employees tend to resist new controls and tools because they are used to the old systems and processes.
- Remote workers might shun using VPNs because they make the system run slow. To be productive, they might be storing office data on personal devices. Since home networks do not provide enterprise-level security, they become the victims of cyber-attacks.
For instance, a New York City Fire Department staff member moved over 10,000 patients’ data to a personal drive, which he eventually lost. The incident violates federal law and consumer confidence. Such activities cause loss of brand reputation and sales and attract fines and business failures. What are the steps you can take to prevent shadow IT and improve governance risk management?
Governance Risk Management Tips
- Simplify the governance processes so that any user can conform to them without much guidance. For instance, automate the processes wherever possible and store metadata. Proprietory devices can use this data to fill out forms for registered users automatically.
- For effective governance risk management, deploy tools that complement the current working model. For instance, enable employees to sync folders that they can access on any system without downloading.
- Always be alert. Train staff to understand governance risks and reduce behaviors that make them fall prey to cybersecurity incidents. Set up monitoring and alert processes that notify unauthorized activities.
To view the original article in full, visit the following link: https://tdwi.org/articles/2020/07/02/biz-all-guard-against-governance-risks-shadow-it-remote-work.aspx