Mobile devices have transformed not just how we live, but how we work. Worldwide, more than 6.7 billion people have their own smartphone, and many of us remain glued to these devices all day long.
In the workplace, around 91% of smartphone owners always keep their device within reach, and around 66% of Americans admit to using their phones multiple times a day in the office. While smartphones can be excellent for keeping team members connected and informed, mobile connectivity comes with various challenges to overcome.
In some industries, the threat is particularly significant, with 68% of healthcare companies saying their data breaches were a result of stolen mobile devices. What’s more, as mobility continues to increase in the workplace, regulatory bodies like SEC are imposing stricter regulations for managing and protecting business data.
Between September 2022 and August 2023, the Securities and Exchange Commission implemented 30 enforcement actions, and ordered more than $1.5 billion in combined penalties for “longstanding failures” to effectively protect electronic communications.
In 2023 alone, U.S. regulators issued over $731 million in penalties to financial services firms for failure to capture and monitor “off-channel communications.” These are any form of business-related communication sent or received via a communications tool or channel that has not been approved for business use. Mobile communications, including text messages and communication through consumer applications like WhatsApp – are the primary off-channel culprit.
“We’ve seen the steady uptick of fines and reputational damage over the last few years, the message from the regulators couldn’t be clearer,” says Blane Warrene, VP of Product Management, Smarsh.
Staying Compliant in the Age of Mobile Communications
Mobility in the workplace continues to increase as companies further embed hybrid and remote working policies and adopt their preferred mobile compliance strategies. Whether that is by rolling out Bring Your Own Device (BYOD) policies to minimize hardware investments and improve productivity, or by handing our Corporate-Owned devices to help control communication sprawl. Either way, to ensure employees can leverage their preferred communication and collaboration channels, companies need a comprehensive strategy for compliance.
Many organizations still don’t have a documented mobile policy, or they attempt to prohibit the use of mobile devices. Unfortunately, preventing the use of mobile devices in workplaces doesn’t solve the problem. Instead, it simply increases the risk of shadow IT and employee disengagement.
“Fortunately, customers can achieve comprehensive communications compliance when they consolidate and leverage the full benefits of the Smarsh platform,” says Warrene.
Step 1: Implement The Right Governance Program
A strong corporate governance program is often the key to compliance in many industries. Yet, while many companies implement governance initiatives, they often overlook the importance of accounting for mobile workers and devices. An effective governance strategy must include buy-in from all relevant stakeholders, from legal teams to IT, HR, sales, and beyond.
With input from all critical team members, companies can explore the best course of action for building compliance into corporate communications. Together, you can address risk and technology gaps you might be facing and answer questions like:
- How will you handle e-discovery for legal investigations?
- What are your compliance and regulatory obligations?
- Can you collect mobile communications data with existing technology?
- Are you capturing all interactive and contextual data?
- How will you store the data you collect securely?
- Have you considered the applications applied to employee devices in a BYOD program?
Step 2: Build a Mobility-First Strategy
As mentioned above, banning the use of personal mobile devices in the office might seem like the easiest way to minimize risk. However, the reality is that mobile devices are here to stay. They are essential to our productivity, whether business leaders like it or not.
Approaching compliance and communications from a mobility-first perspective is the best way to ensure you proactively address and mitigate threats. Implement a mobility-focused task force within your governance program that’s committed to assessing your mobile environment, compliance gaps, and delivering technology to team members.
Collect insights from your employees about how they use mobile devices for their work and connect usage trends to specific risks. Most importantly, ensure all of your employees are informed about the risks they need to avoid, how they can use devices effectively, and what methods you’re using to minimize risk in the workplace.
Step 3: Examine Data Collection and Preservation Initiatives
While compliance standards can vary from industry to industry, most regulations require companies to collect and securely store various data effectively. This includes the communications data generated through mobile devices.
In the past, organizations struggled to collect and preserve mobile content. A lack of dedicated tools forced organizations to leverage archaic methods (such as screen scraping) or expensive services. To overcome these issues, companies need to re-assess the landscape.
Find out what methods are available to help you collect data from mobile devices. Think about how you can simplify the storage process with a comprehensive solution that can capture data from all communications components in one place.
Step 4: Update Inspection Protocols
Many companies have taken a reactive approach to inspecting and analyzing employee communications. However, it is possible to take a proactive approach. By examining real-world compliance issues and data risks, you can begin implementing modern strategies for communication supervision at the “front end.”
Your mobility task force can examine the native capabilities of each communication source, looking for risks via API access and data storage requirements (like collecting metadata). You can also implement AI surveillance tools to assist with automatically managing vast amounts of data.
These tools can assist with capturing insights from communications in real-time and monitoring for security issues. Additionally, when updating your inspection protocols, make sure you have a strong process for offboarding employees in your team.
Step 5: Commit to Regular Training
Ultimately, human error is still the most common cause of security issues. Around 88% of all data breaches are caused simply by a mistake. Training your employees on mobile usage and data protection policies is critical to creating a low-risk environment.
Ensure your training strategy provides clear insights into prohibited and acceptable uses of mobile communication tools (by job role and department). Share why employees must follow best practices and defend your business from potential breaches.
You can also automate policy enforcement with technology that helps you track compliance with mobile policy standards, minimizing the risk of long-term challenges.
Overcoming Mobile Compliance Issues
Staying compliant with industry regulations in an evolving world of mobile communications can be complex. Fortunately, tools and resources are available to help today’s transforming organizations. Comprehensive solutions, such as the Smarsh Capture Mobile Suite, can address a range of compliance needs, covering everything from corporate-owned to personal devices.
The right all-in-one solution will ensure you can capture communications from mobile devices in their native format, with access to contextual insights. As regulations evolve, the right strategy and technology will help you stay one step ahead of the compliance landscape.