Kendi Nderitu       

In the wake of coronavirus crisis,  organisations are relying on their employees to stay connected and productive outside of the traditional digital borders of business.

Working remotely helps employees stay healthy, productive, and connected, and you can keep them productive without increasing risk or compromising compliance. 

In doing so, identifying and managing potential risks within the organisation is critical to safeguarding your data and intellectual property (IP), while supporting a positive company culture.

First, knowing where your data resides while employees are working remotely is a vital question, especially for your risk management-focused departments. 

There are several tools that help you remain in control and protect sensitive documents.

For example, data in Microsoft Teams is encrypted at rest and in transport, and uses secure real-time protocol for video, audio, and desktop sharing.

Whatever remote working platform you have selected to operate with, it is important to restrict access for guests and people outside of your organisation. You can also govern the apps to which each user has access.

Secondly, data loss prevention (DLP) addresses concerns around sensitive information in messages or documents.

Setting up DLP policies in your remote working apps can protect your data and take specific actions when sensitive information is shared.

Thirdly, you can also apply a sensitivity label to important documents and associate it with protection policies and actions like encryption, visual marking, and access controls and be assured that the protection will persist with the document throughout its lifecycle, as it is shared among users who are internal or external to your organisation.

You can start by allowing users to manually classify emails and documents by applying sensitivity labels based on their assessment of the content and their interpretation of the organisational guidelines.

Like with manual classification, you can now set up sensitivity labels to automatically apply to files and emails based upon organisational policies.

Those classifications also apply when those documents are shared.

Fourth, we also know that stressful events contribute to the likelihood of insider risks, such as leakages, IP theft, or data harassment.

It is therefore critical that organisations put in place tools to identify potential suspicious activity early.

For instance, Microsoft recently unveiled a solution called Communication Compliance, part of the new Insider Risk Management solution set in Microsoft 365 which leverages machine learning to quickly identify and take action on code of conduct policy violations in company communications channels.

Communication Compliance reasons over language used which may indicate issues related to threats (harm to oneself or others).

Detecting this type of language in a timely manner not only minimises the impact of internal risk, but also can go a long way in supporting employee mental health.

Fifth, and in order to comply with your organisation’s internal policies, industry regulations, or legal needs, all your company information should be properly governed.

That means ensuring that all required information is kept, while the data that is considered a liability and that you are no longer required to keep is deleted. 

For individuals, you need to realise that information is the currency of the internet.

Your privacy on the internet depends on your ability to control both the amount of information that you provide and who has access to that information.

While these are certainly unprecedented times, together, we can and will get through this. —The writer is country manager, Microsoft Kenya