Posted on

Cybersecurity Tips for Avoiding Fines

Cybersecurity Errors Can Be Inadvertent and Still Generate Serious Fines

The human element remains a significant component of the risk in assessing cybersecurity standards and policies for your business. You can invest in the hardware and software to protect your networks, data and systems – however – it is equally as critical to invest in the training and procedures review.

A number of areas require consideration to ascertain your risk. The core areas are:

Use of personal mobile phones and tablets for business purposes
Use of personal email addresses (non-company domain – i.e. Gmail, Yahoo, et al)
Use of non-company cloud services, such as Dropbox, if they are not business sanctioned

This is where most inadvertent violations can occur in the name of convenience or efficiency. However, regulators and the rules do not leave space for this gray area. As we can see in a recent finding and fine by the Securities and Exchange Commission, a firm was using a virtual fax service where the email address for fax delivery was not a company domain email account. This resulted in six figure fines against this firm.

The firm in question may not have intentionally sought to use a non-company email address with the fax service, however, incoming faxes containing client confidential information were stored outside of the certified data storage for the firm. Thus not only was it not archived, but stood in violation of cybersecurity policies and procedures.

Bring Your Own Device (BYOD)

There is nothing inherently wrong with choosing a BYOD policy for your business. Yet it cannot be selected with an informal approach. Allowing employees to use personal devices requires you to think through your overall policies and procedures, but especially those relating to cybersecurity.

How will you secure business data allowed to be accessed and possibly stored on the personal device?
Can you archive and supervise the business activity on that personal device?
Can you insure, to the extent it is possible, that employees will only use authorized apps and methods to communicate and store business data

Email and Cloud Storage

Defending against inadvertent or purposeful use of non-company email and storage services can be a bit more challenging. Your published electronic communications policies, provided to each employee, can define what services to utilize as well as what platforms and techniques are off limits.

However, a core step you can take is by utilizing the reporting available in your archiving platform. If you expect to see fax traffic and communications from some or all personnel via company email, your archiving platform will present audit reports on volume of these communications in aggregate as well as by each employee.

You can take the steps, with your archiving vendor, to setup reports looking for faxes and related files/data that you expect to see in the archives.

When in doubt, take the time to assess how you handle mobile devices, email as well as cloud storage services to insure your company has a grasp on where you will need to defend yourselves with technology as well as policy.

Posted on

Can a Tweet Attract a Lawsuit?

It has been clear since 2010 that social media use in business is both a critical communications tool – and one that needs governed as email is. Otherwise you may answer the question, “Can a tweet attract a lawsuit?” as yes.

The opportunities to reach across the demographics of the markets you serve and to your customers are extraordinary with social media. This is why insuring your social marketing initiatives are shored up with a proper supervisory framework and records retention is essential. What triggered the latest concern over the legal impact of tweets? Kanye West.

Can a Tweet Attract a Lawsuit? How to Avoid it

Before you grin and think “we are not in the entertainment business”, what he did was issue a tweet that is interpreted as legally binding with the use of a single word! You can read the article here at Corporate Counsel. Mr. West tweeted about his forthcoming album release earlier this year that it would “never” be on iTunes or Spotify, but only on Tidal (an artist-owned streaming service). The wrinkle? His album was in fact released on both iTunes and Spotify a couple months later after several million folks registered their name, email and credit card on Tidal’s service. There is now a class action suit gaining momentum.

Likewise, before you dismiss his tweet as that of a celebrity – Mr. West is absolutely also a business person who has a very lucrative brand with the same liability issues as any company as it relates to public communications.

Three Steps to Governing Your Social Media Initiatives

There are three central components to think about when considering the impact of a tweet.

This issue can be largely avoided through having a clear policy and training in place for how social media will be used and by whom Technology makes it possible to supervise, archive and review social media communications – both pre-publication and post-publication. This same archiving with policy and reporting means you’d find a tweet like this in near real time and could address concerns rather than missing it or ignoring it. Like any electronic communication, social media requires governance in business, some of it mandatory due to laws and regulations. Equally as valuable is making certain you govern it even when rules do not apply – to defend for possible litigation.

If you would like to learn more about how to solve the social media challenge in your business, don’t hesitate to contact us today.

Posted on

Reducing eDiscovery Costs with Archiving

eDiscovery and Archiving

Often overlooked when implementing archiving solutions for messaging is the value in reducing the overhead of eDiscovery. This often occurs as archiving is primarily driven by the need to satisfy specific compliance activity for regulatory purposes. However, an archiving solution is much more. Even in light of improving conditions on some legal front, specific to consumer class action pre-trial discovery (see the Wall Street Journal article here), overall the need to be able to produce data for discovery can be overwhelming. This is both from a resource perspective along with the need for assembling the data results into proper format for courts.

As you can from a survey this year by Carlton Fields (see report here) a majority of corporate counsel continue to see at least one class action a year. Those costs run into the billions annually. Tackling eDiscovery costs with your archiving solution comes in two parts, one being the capabilities of the technology and second, the configuration and use of the search and reporting tools available that extend beyond just compliance procedural review.

The Technology of Archiving

This consideration occurs at your due diligence of selecting a solution. It is driven by your messaging need and policy on electronic communications. For example, if your company utilizes email, social media, public web sites and text messaging in your communications day to day – you will need a platform capable of accommodating those message mediums. All of these message types can be considered in discovery requests for electronic records along with the files/documents you may also be producing.

From a complexity perspective, tackling the capture and archiving of these data are ranked below.

Moderate Complexity – Major Discovery Value

The capture of email and web sites has some proven history in business and is straightforward step you can take in securing your archiving for compliance and eDiscovery. It also has major discovery value, as email and web sites are most commonly cited in records requests.

Email is considered the most straightforward, as you can connect your company mail server(s) to an archiving solution to insure constant capture of all email communications, along with attachments and other meta data.
Web sites, likewise, can be directly linked to an archiving solution to capture the web pages and related items (images, files, et al) for archiving.

Higher Complexity – Major Discovery Risk

A more modern communications challenge has been to identify and capture social media posts and text messages for archiving. This content can come from a multitude of devices and sources and requires access to many data connections. Identifying an archiver who can assist you in capturing this data not only streamlines your message archiving needs – but also reduces serious discovery risk.

If you would like to explore how Message Watcher can assist you – contact us for a demonstration and more information.

Posted on

Modern Messaging Series – Social Media Archiving

What has been classified as a commodity, message archiving, should be viewed as a key component of your overall business and technology strategy. This is not just wishful thinking on our part, or salesmanship. Messaging has forever changed in the past decade as traditional communications via email has transcended to numerous channels – social media, instant messaging and blogging.

What began as very manageable communications methods in the 1990s via email and the web (and to some extent, instant messaging in the old form) has been disrupted and put many business managers and owners at great unease as to how to properly govern them. The challenge is they’re now essential business tools versus luxury – and this is also the opportunity.

In our modern messaging series, we explore three elements in brief segments:

  1. Business Continuity
  2. Social Media Archiving
  3. Productivity and Efficiency
Posted on

Modern Messaging Series – Business Continuity Through Archiving

What has been classified as a commodity, message archiving, should be viewed as a key component of your overall business and technology strategy. This is not just wishful thinking on our part, or salesmanship. Messaging has forever changed in the past decade as traditional communications via email has transcended to numerous channels – social media, instant messaging and blogging.

What began as very manageable communications methods in the 1990s via email and the web (and to some extent, instant messaging in the old form) has been disrupted and put many business managers and owners at great unease as to how to properly govern them. The challenge is they’re now essential business tools versus luxury – and this is also the opportunity.

In our modern messaging series, we explore three elements in brief segments:

Business Continuity
Social Media
Productivity and Efficiency

Posted on

Modern Messaging Policy and Compliance – Webinar Replay

Our May 22, 2014 webinar discussing Messaging Compliance with industry expert Blane Warrene is now live for replay below.

Our agenda included:

What makes up a modern messaging compliance program?
Defining the needs of policy, archiving, governance and reporting
Best practices in implementing the procedures, technology and audit preparation
If you have questions – don’t hesitate to contact us.

Posted on

5 Steps to incorporate Social Media into Your Messaging Policy

Designing the Modern Messaging Policy

How we view and define messaging has been altered forever with the emergence and mainstreaming of social media during the past five years. Unlike early technologies for digital messaging, including email and websites, the new model of messaging, factoring in the wide array of social networks, is multi-faceted and requires the overhaul of the policies, procedures and technology for their management.

Editor’s Note: To download a fuller version of this article as a guide to modern messaging policy, click here.

The New Messaging Policy

Designing a modern policy includes rethinking five key areas. A policy should incorporate your governance and rules, but also serve as a model through which your messaging strategy can be executed efficiently and effectively.

1 – Who

Take the time to re-assess the team that builds and manages your messaging policy. In many cases this now spans compliance, legal, marketing (and sales) and operations. It includes corporate stakeholders who know every employee is exposed to email, and are aiding in the emerging groups of employees who are approved for use of social messaging. Representatives from those departments or divisions should contribute. This team will explore:

Core regulatory requirements around messaging retention and surveillance obligations
Corporate ethics and governance that expands or matches those regulatory specifications
How email campaigns (for marketing and other purposes) are coordinated and fit into overall compliance workflow. Also identifying how these campaigns can be linked to corporate social network accounts.
New, approved platforms for expanded social messaging (Facebook, LinkedIn et al) and how they fit into your messaging spectrum (archiving, surveillance and other reporting)
This review and resulting content forms the framework of your messaging policies and procedures. By finishing the remaining four w’s you will have comprehensive policy that can then drive your overall digital strategy.

2 – What

Here the team needs to define what your organization is trying to achieve within the parameters of a new messaging policy. We’re not trying to redefine how email for everyday use. However, we are drawing a new picture so everyone in your organization realizes the scope of modern messaging. Depending upon your needs, this section can be broader, thematic in scope (which can be more defined and detailed in your new digital strategy).

For example, by outlining the pillars of messaging for your organization:

At [company name], we define messaging as many components, including business email, email marketing, social media content and blogging.
Our responsibilities as ambassadors of the brand for [company name] are to remember the brand guidelines in our messaging. For example, using uniform titles, appropriate contact information (including social accounts, web sites, phone numbers, etc.) and insuring this is consistent across all of those messaging mediums.
Our goals is to insure we maintain the highest standards in communicating regardless of the medium we use (email, tweet, status update) – so following the guidelines in the [company name] messaging policy will help you support and preserve those goals.
3 – When

The team has now defined a clearer framework by being formed as the stakeholders for messaging and having outlined some broad scope for the new policy. Shifting a bit more into details, declaring when you will communicate also helps everyone involved understand how messaging is changing at your organization.

By laying out some guidelines, which of course can’t be as rigid in the digital world, will again serve as lanes on the road for employees. These include:

Email is the same as it always was – and continues in the everyday workflows within our organization.
We use mass email communications (email marketing) in many segments of our business, and often integrate those to our web sites and organizational social networks. These activities will also fall under the guise of this messaging policy.
The use of social networks has been in demand for some time across our organization. At the time of the release of this policy – we are defining what platforms and which groups within our organization will be approved to use social networks, including how to request access. This may include attesting to this messaging policy as well as  completing a social networks awareness survey and educational requirements.
Unauthorized use of email, social networks or other online tools not identified in this messaging policy may result in organizational disciplinary actions.
4 – Where

One of the challenges (and frequently a complaint from opponents to the use of social media) of approving social networks for use in digital communications is their propensity to change without notice. This makes defining “Where” so important to your overall messaging policy and strategy.

“Where” is where you confirm:

The public networks your organization approves as places for public, group and private messaging may occur as messaging.
The technology tool(s) you will use to meet the compliance requirements of your organization.
5 – Why

By choosing to leverage social media in your organization, parameters are going to be central to helping your employees, influencers and partners understand your objectives. Remember, everyone included and approved to participate in your new messaging policy becomes a brand representative, able to further your goals.  Consider these choices:

Are we launching a pure brand initiative, or also adding capabilities for customer service, education and/or training or even individuals within our brand to become visible (i.e. CEO or COO launches Twitter account)
Who do we intend to reach out to and connect with? Are we looking to communicate with customers or prospective customers or both? Some other audience important to our organization?
Are we measuring for certain outcomes? Social return on investment (ROI) like number of followers, engagement or are we looking to connect social messaging to organizational analytics like sales numbers or leads in our CRM system?
How will we review and fine-tune these parameters ongoing? Quarterly, annually? Who will participate?
To download an expanded version of this guide to the modern messaging policy click here.

Posted on

The Transformation of Message Compliance

The last five years have had a substantial impact companies seeking to supervise electronic communications of any kind. Traditionally, since the 1990s, this was a relatively manageable burden that entailed handling email and web sites. Those are largely controllable channels with little disruption or complexity.

Social media has transformed that, liberating millions of participants to grab control of online conversations and engagement on any device, both personal and professional. That has also created a complex challenge for companies to insure they can continue to protect brand integrity while also properly addressing compliance and governance requirements day to day.

Join Message Watcher and guest Blane Warrene, a digital communications expert, as we explore this transformation and what it means to manage communications in the digital age. We’ll cover:

Archiving technology
Supervision and reporting automation
Policy and Procedures best practices
and more.
Register now for the webinar on May 22, 2014 at 1pm EDT.