In this day and age when information sharing has led to security concerns, data pile-up and other management problems, it is wise for organizations to have good strategies for information sharing in place.
The recent scandal over data leak in Ashley Madison and the ever-rising incidences of HIPAA breach by hospitals and medical institutions has made it even more vital for organizations to have powerful information sharing and management strategies.
In this article, we have defined step-by-step rules for sharing information within and outside organization, plus some bonus tips on sharing information during crisis or times of legal actions.
Within the Organization
For every big and small task in an organization, employees communicate with each other and collaboration takes place. Essentially this is what we mean by information sharing within an organization. The type of information shared can be anything from highly sensitive to mundane depending on the type of task and management echelon involved.
A decade (or two) back, all sensitive papers like contracts and classified documents were safely tucked away in lockers, while mundane, everyday papers were floating about on everyone’s desk. Multiple copies were made of documents, making it difficult to track how many copies were actually existing and could lead one to trouble.
However, in the digital age, you know exactly how, where, when and in which state is a document in. This seamless and transparent concept of information sharing was cherished until the time data leaks and hacking issues came into the picture.
This made it mandatory for organizations to have an information sharing strategy in place. Here are some pointers you could use when forming a strategy.
- Define multi-level groups to set access level for information and documents
- Determine risks with BYOD, work-from-home and on-road staff
- Establish secure naming, profiling and encryption policies
- Always remember to have at least 3 level deep filing structure
- Instruct staff about email policies; keep all relevant emails and delete emails that have no business value
- All outgoing documents should be sent from company email only
- Establish retention schedules for emails and all documents to ensure you don’t face data explosion issues
- Determine record retention rules for your industry before setting retention schedules; have a key member of staff assume responsibility of this task
- Always do random checks to ensure you are well prepared for e-discovery
- If your organization is using CRM software like Zoho or SalesForce, it makes sense to integrate them with all other third-party software for accounting, HR, project management, etc.
If however, you haven’t invested in good HR, communication and project management software and are using antiquated methods like paper circulars, whiteboard, and series of email exchange, you need to clean up your act now. If your work processes include transmission of sensitive data through HR, customer services, accounting systems, you may require project management and planning tools.
There are many collaboration tools available well suited to this purpose—from Alfresco, an open source, enterprise software suited to large enterprises, to Wrike, a cloud-based collaboration and task management tool that is suited to mid-level and small businesses that want a quick, scalable and easy-to-use solution.
External & Associate Dealings
Some of the common people you deal with outside an organization are vendors, associates, offshore consultants, clients, customers and stakeholders. All these people are vital to smooth running of your business. One of the simplest methods to share documents with people outside your organization is to email or upload to ftp and external websites if the files are heavy. It is also one of the most dangerous methods of sharing information outside the organization.
Carlos Peleaz of cyber security firm, Coalfire Systems Inc. said that the security risks of using cloud storage and sharing platforms (Dropbox, OneDrive, etc.) should be communicated early on to employees. Since most employees use same passwords or company password for all programs, the risk increases manifold. Here we suggest companies invest in good enterprise level on-premise software instead of choosing free vendors where they can’t audit or monitor what is being shared.
When Hurricane Sandy left downtown Manhattan financial district without power even days after it was gone, most companies realized the value of information strategy. The need of the hour was coordination and decision making. It was important to share data and information across offices in various regions without raising false alarm.
Organizations had to act quickly without wasting resources and investor confidence was to be rebuilt quickly. The information shared had to be timely and credible to minimize social and economical impact. With power outage, the options were far and few between. This is why, alternative information channels were to be sourced. This is perhaps the biggest lesson learned during natural disasters—always have an alternative reliable information channel for disasters.
Related Article: How to Create a Comprehensive Emergency Plan for Your Business
One of the most important parts of information strategy during legal suits is to ensure no one, practically no one can touch any records and a legal hold is put on all the information.
If a court of law finds you in violation of this rule, it could lead to huge fine and sentence. This can lead to a slump in communication and collaboration, hamper routine tasks and make it difficult to run business as usual. This is why an information strategy should be formed to decide which documents are to be put on hold and which can be freely shared to resume business as usual. This is of vital importance and hence an information sharing and management strategy during legal suits should be suitably formed.
Every organization has a unique culture and sub-culture that dictates information sharing. However, during times of crisis, this culture is tested and tried. The importance of information management is not restricted to size or type of business and it is important for every organization to form a policy on information sharing and management.
Moreover, organizations must conduct regular crisis management exercises to ensure proper communication channel and secure information sharing methods are used. Regular checks must be made to see if your new members are up-to-date with this crisis management plan. Look for information leaks and loopholes and rectify them at the earliest. Remember anything lacking in measures taken for information sharing and management reflects lacking in your organizational structure and capability.