Simon Cole, CEO at Automated Intelligence, a cloud-based data compliance and governance solutions provider to the financial services sector, warns FS firms must address the data issues flagged and created by the Covid-19 pandemic
When the pandemic started, organisations within the financial services sector were faced with three key questions. How do we do homeworking? How do we go remote? How do we manage this?
In trying to answer these questions, the business continuity measures taken by FS firms were not up to scratch. Mistakes that could have been avoided were made. To start off with, users had to be given the necessary equipment to make remote working happen and they had to have access to the infrastructure needed, such as broadband. Users also had to have access to the information and data needed to do their job. And this is where they started to run into trouble. While software applications like Zoom and Microsoft Teams made it possible to stay connected, the systems in place were not adequate to facilitate secure data management practices en masse.
These are the downsides that need to be addressed.
Where’s the governance?
Historically, firms operating in the financial sector have been slow to adopt cloud technology, preferring to store sensitive data on premise, in order to mitigate perceived risk. As such, through the lockdown, much of the data people need access to is not in the cloud, but is stored in applications or file servers.
Adding to the issue, the VPNs of many organisations don’t have the capacity to allow large numbers of users online. This lack of VPN availability has forced FS firms to allow users access to GDPR sensitive data multiple times, with little or no method of tracking in place.
In order to acquire the information they need to do their jobs while out of the office, employees have been copying, downloading and sharing files that now exist outside of the corporate firewall, without any governance or security considerations. Such data is now, for all intents and purposes, in the wild, making it harder to bring back under control. Teams working remotely don’t have the corporate governance and security protocols that they would have when working in the office.
So, being forced to work remotely, at short notice, has impacted compliance and governance in a very negative manner. The way data is being handled greatly increases the chance of a data breach occurring. It also flies in the face of FCA regulation, and in particular GDPR where personal data is being used. While the FCA might be a little more lax in light of the current challenges right now, this will change when data breaches start to occur and customers start asking questions. Poor choices now will not be a reasonable excuse to avoid future fines.
If this crisis has shown us one important thing, it’s that the slowness of financial services firms in adopting cloud technology, which made it significantly harder for them to access and use data, has hurt business continuity, security and privacy.
Better Data Practices
So, how can organisations take control of their data? For many this means deploying it to the cloud in a rapid manner, whilst retaining security and governance practices. It is possible for organisations to make data accessible if the technology is deployed correctly, allowing all the necessary controls to remain in place. Having the short-term decisions correctly in place and making them under an umbrella of good governance and accountability, ensures that you don’t suffer knee jerk reactions and risk losing control of data.
By keeping on top of your data as much as possible, you significantly reduce the opportunity for chaos to happen. That starts with making it available on a safe and secure platform. At a time like this, it is imperative that organisations have a good understanding of their data. Information asset registers should be kept up to date to track where their information is, where it’s being used and the purpose for which it’s being used.
For our clients, we are now using AI to help them assess and understand their data, flag any risks their data is posing to their organisation, and help them mitigate that risk. By implementing the right systems this can all be automated, and there is nothing stopping organisations from doing this with next to zero impact on their userbase.
Remote working is becoming the norm: It has been proven to work and organisations will start reflecting on how much office space and connectivity they really need. As such, organisations are being forced to act now and adapt their data governance and compliance practices to suit the ‘new normal’. Waiting until the pandemic passes is not an option.
