Reading through Thomson Reuters’ annual Cost Of Compliance report makes troubling reading. Compliance officers are “experiencing regulatory fatigue and overload in the face of snowballing regulations.” Of the 600 compliance practitioners from financial services businesses who were surveyed, 70% expect regulators to increase their regulatory burden in the following twelve months. Given their beliefs, and the volume of regulatory change, the survey respondents are being hard-pushed to maintain compliance and data security. Worse, in their most recent corporate governance survey, Thompson Reuters found that over half the surveyed organizations knew of situations where board members had left sensitive documents in public places. Other key findings regarding risk to sensitive data:
Unsecured email: 60% of organizations never or only occasionally encrypt their board communications, and only a quarter indicated that they always do so.
Mobile devices: Private computing devices are now commonly used by most board members for board communications, but only a third of them are provided by the company itself. The remaining two thirds are BYOD devices. There has been an increase in the use of these devices for board communications. 10% of organizations reported they have had a board member whose device, containing board communications, has been lost or stolen.
A third of organizations continue to print and courier materials to board members: madness in an age when email encryption can distribute sensitive board material securely. Plus companies are not always sure that executives destroy all copies of board related materials. This is important because companies do not routinely include paper copies of documents or the electronic copies of such stored on BYOD devices in litigation holds, thus opening themselves up to legal penalties. The Cost Of Compliance report states:
Personal liability: 59 percent of respondents (53 percent in 2014) expect the personal liability of compliance officers to increase in 2015, with 15 percent expecting a significant increase.
A good approach to managing these risks and thereby reducing “regulatory fatigue” is to:
- Transmit all confidential information using encrypted email
- Require two-factor authentication for remote access to business networks
- Ensure personal devices are password protected with a complex password or thumb print
- Use BYOD security solutions that do not store sensitive data on the device for longer than the few moments required to view it.
For information about Zix’s industry-leading email and BYOD security solutions, please click here.