Ishan Girdhar is Tom Fox’s guest in this week’s show. He is the CEO and founder of Privva, a cloud-based platform that streamlines data security to enable law firms to easily implement their own risk assessment. Tom and Ishan explore risk management in the new hybrid work era and what compliance professionals need to be thinking about in the coming years in that regard.  

The New Normal

The new hybrid work environment is here to stay. More companies are going back to the office but with fewer employees on site. This means that company leaders and compliance officers need to find a way to manage risk around virtual collaboration and communication technologies in a remote work environment. They will need to make sure that all employees are connected in a secure way. "When you have people working from home and working remotely, access to sensitive information grew exponentially… Many people have devices like Alexa or Google Home; those are devices that are recording every conversation that's happening in your home," Ishan cautions. Implementing policies that ensure employees aren't working in the vicinity of these devices and making sure that companies lock-on set intervals, will go a long way in mitigating the risk that is posed from working in this environment.

Keep Communications Focus

Employees have to act as stewards and maintain and adhere to company policies surrounding risk and compliance. Tom asks Ishan how he keeps a communications focus in his organization, in a way that doesn't lead to compliance fatigue. Compliance officers need to ensure that they're actively capturing communication across their organizations, and that they have the tools to do so. "Make sure that your tech stack has the right capabilities to capture information and communication across your network," Ishan remarks. Communicating the right ways to work with your clients and employees is also something that companies need to be thinking about. Use the right tools and the right steps to make sure your actions are in line with your internal corporate policies; the compliance departments can have access to that information if it's required. 

Creating Effective Cybersecurity

"Every product that technology brings to make your lives easier, better, faster, and cheaper for your clients comes with cybersecurity risk," Ishan tells Tom. In order to mitigate cybersecurity risk, consistent training of your employees is necessary. Cybersecurity needs to be built into the culture of your organization and is a way for you to do your jobs in a timely and efficient way. Compliance professionals should be on top of what's happening in the market with regard to new threats and risks. Have detailed policy monitoring and reporting requirements, and ensure you're adapting your policies to the new norm. 

Third-Party Risk

Tom posits that third-party risk is beyond company to company, and that it's actually the entire scope of your communication. Third-party risk is your suppliers, your partners, and your customers. Companies need to think about where their data is hidden, and where it's going. "How is it leaving your environment? Where is it going? What's the sensitivity of that data?" These are the questions Ishan implores leaders to think about. The biggest challenge with third-party risk management is that you have a say, but you don't have full authority in enforcing change.

What's Next

Buying technology that will be sustainable going forward is one of the best ways to respond to cybersecurity risks in the coming future. Privacy is also a big challenge that companies are going to face. "Build out your budget and make sure that you have the right investments in place as you continue to grow and continue to go into the future leading up to 2025," Ishan advises Tom and the audience. 

Resources

Ishan Girdhar | LinkedIn | Twitter

Privva