Report: Statistics on Collaboration and Archiving in a Work-From-Home World
The COVID-19 pandemic caught the world off-guard in many ways, not least of which has been the way that tens of millions of employees and contractors were suddenly and unexpectedly forced to transition from working in an office to working from their homes — in some cases with just a few hours’ notice.
Underscoring the magnitude of the change, the April 2020 Osterman Research survey of 400+ IT decision-makers and influencers found that while 18% of the US workforce was working from home prior to the crisis, that figure jumped to 80%, almost overnight. Moreover, fewer than one in five organizations consider that they were “very well prepared” for this sudden change in terms of having the technology, processes and training in place to enable employees to work remotely.
Conferencing, Collaboration and Email Use Are Up
The sudden work-from-home phenomenon has resulted in a dramatic increase in the use of new and existing applications, especially the use of video conferencing tools to replace meetings that normally would have taken place in the office or at a customer site. For example:
- Zoom has seen its daily, active user count increase from 10 million to more than 200 million in the space of just three months.
- Microsoft has reported a major increase in the use of Teams — from 32 million to 44 million users in a week’s time — especially in areas first hit with the virus in various European locations.
Add to that the 64% of organizations that anticipate their email communications will increase because of their employees now working from home, and the 44% that report their employees will be sending more files and documents when working from home than if they were in the office.
IT and Security Teams Are Playing Catch-Up
The suddenness of the stay-at-home, shelter-in-place and similar types of orders in most jurisdictions meant that IT and security teams had to respond with almost no notice in order to adjust to the new paradigm. They had to provide their users with a variety of technologies to enable them to continue working in as uninterrupted and secure way as possible.
Our research found that 70% of organizations have already provided remote access capabilities for all employees working from home, 57% have implemented additional security measures like two-factor authentication, and 44% have implemented various security protections on employee-owned devices.
While these numbers are impressive and demonstrate just how quickly IT and security teams in many organizations have pivoted to the new reality of work-from-home, they also underscore the fact that millions of employees currently working from home have not yet been provisioned with the security and other capabilities they will need to protect corporate data as well as when they were working in a more centralized and controlled office environment.
We also found that more than one-half of organizations are permitting employees to use their own devices — desktop computers, laptops and mobile devices — to access corporate network and data resources, but not all of these platforms have been provisioned with the appropriate security or data protection capabilities that are the norm in the typical office environment.
Growing Information Security Concerns
The new work-from-home paradigm has decision-makers and influencers concerned — and rightly so:
- 46% are concerned or extremely concerned that hackers will try to take advantage of employees who are less protected than they were previously, increasing the threat of cyber attacks, data breaches and other problems.
- 36% are this concerned about employees opening emails that contain links to ransomware, phishing or other threats.
- 27% are this concerned about the risk of data loss because communications are happening outside of normal email and face-to-face communications conversations, often with tools that have not been approved by IT or security and that many employees may be using for the first time.
Data Backup and Archiving Electronic Communications Not Consistent
Alarmingly, the survey also found that backup and archiving processes and practices are not being properly maintained: we found that while 72% of organizations are backing up all of their data as they were before the work-from-home phenomenon began, 26% are backing up only some of their data and 2% are not backing up their data at all.
Even worse, only 59% of organizations are archiving all of their data as they were previously, while 31% are archiving only a subset of it, and 10% have abandoned archiving altogether during the crisis.
Not surprisingly, the fact that not as many organizations are backing up their data — and even fewer are archiving it — means that compliance is suffering. The survey found that prior to the COVID-19 crisis, only 64% of IT decision-makers and influencers agreed or strongly agreed that their organizations were doing an “excellent” job at maintaining compliance with their various privacy and other obligations. That figure clearly should be much higher under normal circumstances given the growing focus on data protection from regulations like the GDPR, HIPAA or the California Consumer Privacy Act, among many others.
However, the survey found that today, only 56% of decision-makers and influencers agree or strongly agree that their organizations are doing an excellent job at maintaining compliance. The work-from-home paradigm — and the suddenness with which it was forced on organizations — is clearly having a negative impact on compliance.
New Communication Tools and Resulting Risks Must Be Addressed
What we discovered in this survey are serious problems that will have ramifications long after the COVID-19 crisis has passed. For example:
- The lack of end-to-end encryption in virtually all videoconferencing tools means that a greater proportion of sensitive discussions — like those that previously would have been shared face-to-face in the highly secure confines of a conference room — are now on the internet and are subject to interception by unauthorized parties.
- Employees are using communication and collaboration tools that are new — and, in many cases unknown — to corporate IT and security teams, creating potential avenues for data breaches and an inability to comply with corporate, legal and regulatory obligations to retain the content generated by these applications.
- The use of untested and unapproved tools means that data breaches will be more likely, leading to fines and all of the other damaging consequences that accompany these breaches.
- The fact that less content is being properly archived will become increasingly problematic over time. For example, if organizations are not archiving the business content that employees are generating in new and existing tools (ex: archiving instant messages), the missing information will result in these organizations having greater difficulty in doing proper early case assessments, responding to e-discovery or subject access requests, or satisfying regulators during an audit.
IT and security teams have done yeoman’s work in responding to the unprecedented challenge of moving millions to an at-home environment with very little time to do so. However, there continue to be some significant security and compliance holes that must be addressed as quickly as possible.
Access the full Osterman Research report here: "Was Your Company Ready for COVID-19 and Is It Prepared for Future Emergencies?"
Join Smarsh and guest presenter Michael Osterman for a live webinar to discuss the report on Tuesday, May 19 at 10:00am PDT. Register here.
A cloud-native, context-aware, extensible archive for global enterprises with complex security, data privacy and regulatory requirements. Learn More
Share this post!
Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.