Hybrid working poses tech risks

Using personal devices for work presents major regulatory and compliance risks

|

Bev Shah, CEO and co-founder, City Hive

Asking colleagues to turn on their mics, working from the study, sofa or bed, and only venturing into the office when necessary, have all become part of our new normal. For many firms, hybrid working policy is now being considered as part of their long-term business strategy. 

However, this new normal, while beneficial in many ways, does not come without its own risks and challenges. While for some of us this initially centred around the panic of having housemates, pets, or children breezily interrupt our client meetings, the reality is far more sobering. As the lines between our personal and working lives have somewhat blurred, our evolving use of technology means there are some major regulatory and compliance implications that must be addressed.

This topic unsurprisingly came to the forefront at the recent Chartered Institute for Securities & Investment annual integrity debate. With hybrid working now a seemingly permanent feature for us, guests were asked to consider a fictional, yet highly believable scenario with an individual sharing sensitive and confidential information via WhatsApp at the request of a client, and due to time constraints. When informed by the data protection team that all information must be recordable and audible, could the sharing of information be deemed a breach, and is further action warranted. At the event, there was a consensus that the incident did need to be reported as a potential data breech.

See also: – I tested my integrity in the workplace

However, the overarching issue that was raised was the need for firms to be better prepared with a deeper understanding and proper protocols in place to address our new way of working. This can be a difficult when those who have grown up with technology are not the decision makers.

Blurred lines

We are undoubtedly witnessing the spread of social media, a power that vastly increased over the course of the pandemic. The lockdown inspired #workfromhome went viral, leading to 50,000 daily posts on Instagram alone, and several data leaks as people unwittingly shared sensitive information such as passwords written on post-it notes along with snaps of their new workspaces.  

Meanwhile, WhatsApp usage reportedly climbed by 40%, with the platform increasingly being used for work communications. While the speed and convenience of the app are unquestionable, the fact that the platform is unmonitored presents a major regulatory and compliance risk when it becomes our main avenue for sharing sensitive work conversations.

As social media has transformed into our primary means of communications with friends and colleagues, unrecorded conversations are increasingly being made from personal devices. While the challenge of correctly monitoring communications on these the platforms and devices is clear, the risk is too great for this to be accepted as an excuse by the Financial Conduct Authority, which can demand we hand over our personal phones if we have shared even one piece of client communication on it as you may in breech of SYSC 9.1 and SYSC 10.a.

Solutions

But where there is a tech problem you can always find more tech to solve it. Innovative programmes such as DeepView, which helps split personal and work conversations, so that only those related to work are monitored and recorded.

Programmes like this can help corporates to identify potential data leaks, including notably any sensitive information that has been captured via an unnoticed computer screen, forgotten post-it or open notebook.

While hybrid working is still being tentatively embraced by firms, we are on a significant, yet important learning curve. In the same way that many of our trips into the outside world now involve carefully placing on our masks, consistently sanitising our hands, and adhering to social distancing requirements, our approach to working must also evolve by embracing innovation and managing risks.