Tightly knit information security and knowledge management together

Cyber criminals have thrived during this pandemic. In the first quarter of 2020, DDoS attacks rose by 278 percent compared to the corresponding quarter in the previous year. UK business alone are estimated to have lost over £6.2 million to cyber scams through social engineering. Globally, taking advantage of people’s vulnerabilities and the overnight pivot to 'working from home', fraudsters tricked people into clicking on links to download malware and collect confidential corporate information. Threats of ransomware increased as well.  

It’s no surprise then that to combat this situation, many enterprises, and especially professional services firms, who have long been targeted by cyber criminals, view adopting need-to-know security measures as a priority. It presents a sound way to restrict access to corporate data to those who need it or are authorized to view the information in today’s 'work from anywhere' business environment.

These actions are instrumental for GDPR compliance too. A report from law firm DLA Piper shows that GDPR-related fines have increased by almost 40 percent. Clearly the regulator means business, regardless of the security challenges that the pandemic poses to enterprises.

Additionally, customers are demanding that enterprises pay more attention to how their data is collected, stored, and secured. GDPR non-compliance and a lack of transparency of data privacy processes could potentially erode consumer trust in enterprises. Clients of professional services firms are demanding the same. Routinely firms’ business contracts with clients include strict clauses that prevent some practice teams from accessing certain types of documents and data pertaining to their organizations. For example, a tax and legal services firm may be representing the top two fast food chains in different practice areas, validating the need for need-to-know security policies.  

Rigid need-to-know security may be counter-productive

However, need-to-know security, if applied rigidly, can curtail information sharing and intuitive collaboration, which in a dispersed workforce situation can seriously impact employee productivity, business efficiency and even enterprises' profitability. The impact is likely to be felt even more in the professional services sector, as often large corporates employ multi-disciplinary firms because they potentially gain the benefits of experts across practice and sub-practice areas, under a single roof.

To illustrate, say, the tax and legal services advisory mentioned above offers corporate and cross-border personal tax as well as employment law advise to an enterprise.  To deliver timely advice in tune with a fast-changing business environment, professionals in the firm need to be able to spontaneously share expertise without breaching data privacy laws in the regions involved or the confidentiality of any of the clients across practice areas.

This said, if the need-to-know security measures of this tax and legal services advisory are unsupported by best practice knowledge management (KM), due to a lack of information sharing, it’s highly likely that the firm’s ability to deliver the quality of service its corporate customer demands will be marred.   

Need-to-know security and knowledge management present a solution

Combined security and KM allow enterprises to secure data, comply with data protection and privacy laws as well as assists with sensible knowledge sharing. Many corporates and large professional services firms are embarking on such an approach already.

There are some easy win, best practice recommendations to ensure the KM initiative grows successfully.

The reality is that KM is not always a priority for professionals in enterprises, given that their core focus is to address business problems, be they for their own organization or that of their customers and clients. This situation is even more pronounced in a remote working environment. Consider placing KM-related processes within professionals’ natural workspaces and business processes. By way of an example, in some professional services firms, the KM department sends weekly emails to key designated individuals (business unit heads, lawyers, tax advisors, compliance officers, etc.), asking them to identify documents pertaining to the matters they are currently working on that should be included in the KM system. The email is designed to allow them to add the documents into the KM system with a single click, directly from within the email. This makes the task of including 'knowledge' into the KM system routine and minimizes inadvertent inclusion of the wrong documents as the professionals are likely to remember what they can or cannot include in the firm’s KM system, based on the clauses agreed with the clients in the business contracts. 

One of the success criteria of a successful KM program is how up to date the repository is. So, think about the redaction process. Often, people send the final documents, per the knowledge management policies of their enterprise to the KM department, who then use a variety of technologies, such as AI, to redact and store the information, in compliance with GDPR and client requirements. As an alternative, ask the professionals to redact the documents before sharing with the KM department, but include the reference to the original document. This will ensure that important expertise is included in the KM system more quickly.  

Security and KM go hand-in-hand, but in the virtual business environment of the future, a thorough best practice approach to KM is going to be necessary for overall business operation. It will have a direct bearing on the quality of service delivery. Additionally, a KM program will be instrumental for internal operation too -- including for things like employee up-skilling, HR, business planning and more. Enterprises will do well to tightly knit security and knowledge management from the get-go. 

Image Credit: donscarpo / depositphotos.com

With over 25 years of experience in the technology sector, as Managing Director of Lexsoft, Carlos García-Egocheaga is responsible for driving the strategic direction and expansion of the overall business globally. He oversees all aspects of Lexsoft including the P&L, HR, legal and business development.