The ARMA Information Governance Principles are very relevant to today’s world of mobile communications. There are 8 of them all together, and in this blog series we will discuss 7 of them in great detail. We will not touch on the principle of Accountability, as having an accountable executive is necessary to the success of any endeavor, not just mobility and mobile messaging. I would like to start this installment with the Principle of Protection.
The Principle of Protection: “An information governance program shall be constructed to ensure a reasonable level of protection for records and information that are private, confidential, privileged, secret, classified, or essential to business continuity or that otherwise require protection.”
In terms of information protection, one of the least secure ways to communicate is via text and chat. Most of those applications provided by the manufacturer are not secure or encrypted. Even the iMessage, which is encrypted, has been hacked. Further, users tend to leave devices around, tend to share devices and tend to co-mingle business and personal information on the various devices. As a result, there is a high risk of confidential information exposure.
So, what is to be done to accommodate what has become an accepted method of communication while still maintaining protection of the information? Here are six useful rules to incorporate into your business practices when introducing BYOD, COPE and mobile messaging into your organization.
- Do NOT use unsecure chat and text for business purposes.
- Do NOT think that a “Do Not Use” policy is enough or even possible when considering information protection. Enable your users with secure and compliant
- Deploy the alternatives organizationally, with policies, and clearly articulate and enforce such policies through software settings and monitoring.
- Where necessary for corporate records or other compliance reasons, retain a copy of the messages in a secure and access controlled repository such as an email archive, a records management application or other official system of record.
- Control content on devices whenever possible. Try not to allow your secure content to be out of your control once it is sent. The ability to delete or expire content sent outside an organization is critical for information protection of sensitive data.
- The information that ends up in the corporate archive or in another system of record must be secured according to its designation. That step must be carried out.
In short, go ahead, allow texting for your business needs, however do it wisely. Ensure that you utilize secure and compliant messaging technology and you will not regret it. To find out more about how secure messaging can help you enforce information protection at your organization and further benefit your mobile workforce contact us.