In this article series, we relive some of the most insightful Smarsh Advance 2022 conversations about the evolving compliance, communications, and technology landscape impacting regulated industries and government agencies.
Messaging around the world is evolving. Regulated industries and government agencies are no exception. In many cases:
-
- Allow employees to work from anywhere
-
- Organized mass broadcast of SMS and text messaging
Today, SMS communication is paramount to scalability goals within the government. All state and local agencies that manage and archive that data for public records must capture and store electronic communications and make those records available upon request. Failure to create timely records or misplaced records can result in costly fines, reputational damage, and legal liability.
Smarsh Advance focused on government agencies and digital communications, highlighting the impact of messaging and the need for transparency at the state and local levels.
Leverage text messaging for government agencies
With many civil servants now working from anywhere, mobility is key to communicating with other employees, partners and voters. Government agencies are aware of the needs of their remote workers and are enabling them to use an ever-growing list of the latest technologies. In addition, we take steps to capture and retain communication data, such as text messages and voice messages, for public records.
Our advanced session, Leveraging Text Messaging for Government, explained why enabling employees to communicate effectively is only one piece of the puzzle. Government agencies must think beyond the user interface.
Laws vary from state to state. From a legal perspective, government agencies must evaluate communications technologies from both the user and administrator perspectives. Employees need easy-to-use digital communications, and management teams need efficient ways to capture, store, and create these records as needed.
Watch the full session here.
Provision of agency-issued terminals
A BYOD (Bring Your Own Device) policy may sound good, but it can introduce security and data risks. Government-issued devices allow for better oversight and control of work-related communications and archiving. Rather than installing software on personal devices, some cities prefer to provide their own devices, archive communications on those devices, and segregate work-related data for public record keeping.
“The best advice I give employees is if you don’t want something on the front lines of a newspaper, don’t put it in a text message.”
In addition to these devices, employees should be trained and educated in the processing and storage of communications, especially the public record aspect. While there is a lot of common sense that employees must use, there is also a level of training required to understand and follow procedures on how employees communicate with colleagues and the public.
“It’s really no different than email,” says Wallace. “The way we reach out via email and send notifications is the same as texting him on mobile.”
Lock down work-related communications
When distributing devices, government agencies can use Access Point Names (APNs) to limit the range of digital communications. APNs protect communication traffic or put it in a mandated container. This means that the user can only send messages to the set group and communication with people outside that group is blocked. This containerization is a commonly used solution to narrow communication and limit associated risks.
“People are caught in snowstorms and need information about snowplow deployments. This kind of thing is important and the community wants to know where people are and how things work. So putting them all together in one easy solution is what we focus on.”
“I think one of the things that are really frustrating for IT admins and board members at the moment is that a lot of people are asking about mice and chargers,” says Bezzant. “These are the very rudimentary things that people are looking for. It gets even more complicated when you have a mobile deployment and you want a security environment. We look at policy, action.”
When public communications matter
Having a direct means of communication with the public is beneficial to state and local governments. Advanced sessions will discuss how public communication is not only efficient when it matters, but also how to build trust between governments and their constituents. However, this direct line also creates new risks associated with government agencies from a technology, records, and government perspective.
Watch the full session here.
Data storage problem
There are challenges in enabling and regulating digital communications in any industry. One of the biggest challenges is data storage. Large amounts of unstructured data such as audio, video, and text are difficult to track because they exist in large quantities and require large amounts of management, metadata, and storage space. This can be especially difficult at the local level where funds may not be readily available.
The best example of this is a video. It’s not just storage space issues, as video files often have more complicated privacy issues, such as:
-
- When a specific video can be published
-
- If there are minors in your video
-
- Whether retention or publication of the video could affect ongoing litigation
Information risk sizing
The proliferation and rapid adoption of collaboration tools like Slack and Microsoft Teams have blurred the line between personal and professional communication. To further complicate the situation, some public sector agencies do not separate personal and business devices, instead adopting the aforementioned BYOD policy.
Many of the consequences that state and local governments have to face are the same consequences that have hit big companies in regulated industries. Therefore, his BYOD and employees using unsanctioned communication channels expose the agency to greater risk. The policy is important, but it’s not enough. The ban has only gone so far, and it’s up to government agencies to monitor usage and enforce those policies.
Cybersecurity and record keeping
When it comes to cybersecurity, some agencies focus on hardening the attack surface. The attack surface is basically staff, laptops, mobile devices, third-party software, and the different ways malicious people can access your system. But Don Maclean, TD Synnex chief of public sector cyber security technologist, suggests that focusing on the attack surface may not be the best option.
“This is a whack-a-mole situation,” McLean says. “If you patch one hole today, someone will find another way tomorrow and make another hole.”
Instead, McLean sees a strong push for Zero Trust security, recognizing that users can become a security risk and lead to insider threats, especially in the federal government. However, adopting his attack-surface-focused approach to Zero Trust can leave your IT department feeling like a hamster behind the wheel. “It’s like the flip side of the offensive coin,” McLean says. “A protection surface is simply an enumeration of everything (mainly data) that you want to protect in your system.” By identifying certain data, you can decide what to protect.
smash
The Smarsh platform is scalable for organizations of all sizes, giving you compliance built on trust. This allows you to strategically look forward when new communication channels are adopted and realize more insight and value from the data in your archives. Customers can enhance their compliance and eDiscovery initiatives and benefit from productive use of email, social media, mobile/text messaging, instant messaging and collaboration, web, and voice channels.
Smarsh serves a global client base that spans the top banks in North America and Europe, along with leading brokerage firms, insurance companies and registered investment managers. Smarsh also enables state and local government agencies to meet public records and eDiscovery requirements. For more information, please visit www.smarsh.com.
