Executive Summary

The healthcare and public health (HPH) sector is continuously implementing new digital transformation initiatives. The COVID-19 pandemic has only accelerated the sector’s need for digital tools and remote working solutions. However, the addition of these new tools has expanded their attack surface – and bad actors are exploiting this.

IBM reports that the healthcare industry is the most expensive sector in terms of data breach costs, amounting to $7.13M per month in 2020.

According to the February 2021 Healthcare Data Breach Report from the HIPAA Journal, there was a 40.63% increase in reported data breaches that month. The majority of these were hacking incidents.

Every such breach puts providers at risk of breaching regulations around patient data and patient confidentiality.

Securing digital applications is the only way for the industry to combat the growing threat of data breaches and hacking incidents.

With NextGen Compliance, healthcare institutions and hospitals can secure their patients’ data and information at scale. NextGen Compliance solutions offer comprehensive coverage of all cloud channels, mitigating risks. Moreover, it turns compliance into a new source of insights for patient communication and interaction. Compliance moves from being simply a cost center, to a new focus of revenue generation.

Executive Summary

The demands of digital transformation are putting compliance teams under major pressure. Indeed, the COVID-19 pandemic accelerated some companies’ adoption of digital communication apps to ensure critical operations — an effect which will persist for years to come. Enterprises need to leverage new communication applications to scale for global operations. But these apps introduce a volume and velocity of communication that far outpaces email. Suddenly, compliance teams must contend with hundreds of thousands of messages per week — in some cases, per day — usually without any budgetary boost to help them.

Modern Compliance tools allow companies to scale compliance supervision and enforcement alongside digital transformation. Through automation, these tools offer comprehensive coverage over sampling, which translates to better risk reduction. In turn, Modern Compliance converts compliance itself from a cost of doing business into a new source of insightful data and business insights. Deploying modern compliance solutions has reduced manual review resources for our customers by 70–90%.

In response to evolving regulatory landscapes, recent SEC crackdowns have highlighted the critical need for stringent compliance in digital communications, with significant fines levied for record-keeping failures. These developments underscore the urgency for enterprises to not only adopt but also to ensure comprehensive digital communication archiving and real-time monitoring to meet new disclosure requirements.

Graphic-Remote_Workforce_WFH (1)

What is Modern Compliance for Digital Communications?

Modern Compliance is the evolution of compliance practices to adapt to new technologies and the resulting business necessity of digital transformation. This adaptation is achieved through the scalable automation of policy supervision and compliance review.

Over the past few years, the way we work has changed:

  • Marketing departments perform the majority of their work on social media platforms; these platforms are now central to building brand and connecting with customers.

  • Sales teams need to leverage WhatsApp and WeChat to be effective in many international markets and engage customers on their own terms.

  • Collaboration tools (such as Slack and Microsoft Teams) are integral to internal communications, and often include vital cross-team business communication.

  • HR departments make constant use of LinkedIn and Zoom, relying on these tools to drive crucial hiring decisions.

In light of the SEC’s intensified focus on compliance, particularly regarding cybersecurity incident disclosures, Modern Compliance solutions must now provide not just oversight but also ensure rapid adaptability to these regulatory changes. This includes the capability for organizations to disclose significant cybersecurity incidents within the mandated four-business-day window, emphasizing the importance of real-time monitoring and reporting. For instance, a financial services firm recently adjusted its compliance strategy to include real-time monitoring of digital communications, significantly reducing the risk of non-compliance with the SEC’s stringent guidelines.

spacing-1
"As an organization, how you did business, what you stood for, your brand pillars – even your service standards, your marketing standards – everything now has to be reset for a new customer, and for a new world. You have to connect with them at their level. You have to take all this digital conversation that we’re having and be more relevant and be more empathetic to the customer, and say: we’re changing because of you."

Brian Solis
Global Innovation Evangelist at Salesforce

PODCAST_S02_E13_BrianSolis_v04

The pressures from the onset of the COVID-19 pandemic rapidly accelerated the adoption and operational centrality of these SaaS and mobile chat applications. Modern Compliance is the capability to meet the challenges of this reality.

Traditionally, for teams reducing risk and ensuring compliance, caution equals safety. The approach is: Don’t introduce too many new tools, too fast; limit the scale of their use once they are onboarded. But with the new generation of digital tools, this isn’t an option. Executive leaders increasingly want everyone to have access to every tool, right away. Within contemporary digital transformation paradigms, there is no room for slowness because competitors who embrace these tools earlier will have competitive advantages.

As a result, compliance teams are swamped. The volume and velocity of digital interactions occurring within cloud apps is overwhelming.

Today, many compliance teams still rely on sampling and manual review. Teams may only analyze 10% of a dataset manually, and extrapolate their findings to the 90% they couldn’t review. This is an ad-hoc and imperfect approach that leaves companies extremely exposed to risk. It’s also costly, time-consuming, and impossible to scale as an organization adopts more apps.

If Modern Compliance solutions can achieve 100% coverage to reduce risk, why would an organization tolerate more risk?

For example, a Global 100 pharmaceutical company and SafeGuard Cyber user needed to safely leverage WhatsApp’s messaging capabilities for 400+ of their field personnel. Safeguard Cyber now secures an average of 118,000 messages per month on their WhatsApp accounts, which would not be possible through traditional review sampling. As the company puts it:

"COVID-19 really expedited some of our conversations around modern channels and accelerating digital transformation."

Head of Product, Global100 Pharmaceutical Company

Messaging_Light
Modern Compliance solutions leverage the power of automation and machine learning to effectively process the volume and velocity of the digital communications generated by modern cloud applications. With Modern Compliance for Digital Communications:
  • Overall risk reduction is stronger. No more random sampling; everything is subjected to policy supervision in real time, with automated quarantine where available.

  • Growth teams can improve customer experience. Companies can reach customers on their preferred apps, rather than only company-approved ones. Companies don’t have to force customers into communications mechanisms that are artificial and arbitrary.

  • All-new and unified analytics for business insights are generated. Businesses get access to millions of conversations that were previously lost. As a result, they can react to customer and sales team feedback to pivot messaging more quickly.

  • Compliance can evolve from a burdensome cost of doing business, to a source of insightful data that can empower businesses through cost-savings and better risk mitigation.

  • Compliance teams are no longer the department who have to constantly pump the brakes within an organization. They can be enablers, backing change and bold new initiatives.

spacing-1

How Does Modern Compliance for Digital Communications Work?
The success of Modern Compliance rests on three pillars of success:

Building on these foundational pillars, the next step involves embracing a comprehensive security strategy. In today’s interconnected digital ecosystem, a multi-channel, contextual security approach is paramount. This strategy ensures comprehensive understanding and preemptive action against potential threats across all digital communication platforms. By leveraging Contextual AI, Modern Compliance solutions can offer deeper insights into communications, detect sophisticated threats, and ensure consistent application of security and compliance policies.

 
Collaboration_DarkPeople
 

Modern Compliance is a form of digital transformation, and it too requires collaboration. Regulatory and legal, information security, data protection – all these departments will have their own requirements, in terms of technology, policy, and outcomes. These different teams need to be aligned in order for Modern Compliance to be fully realized. All the stakeholders need to be brought together.

Upon instigating this shift in compliance mindset, advocates of Modern Compliance should seek out the people they know will be enthusiastic, and will “get it.” It’s often useful to start with one or two eager people, and move up from there. The right thinkers in the right divisions need to be engaged, and everyone should be looped in, from top to bottom. All dialogue should be fully transparent about both aspirations and reservations.

 

Remediation_DarkProcess

 

The first step is to establish what level of risk an organization is willing to tolerate. In some ways, this has already been done for email and more traditional channels. We call this step, building the “Minimum Viable Governance” (MVG), borrowing from product development paradigms. Just as organizations developed solid frameworks for understanding risks and goals with email security, they need to establish a foundation for securing the new generation of third-party cloud apps.

Establishing an MVG means answering the following questions:

  • Who are the group of employees who need certain digital tools to do their job?

  • Who are the people at risk of compliance violations?

  • How do the users of these platforms communicate?

  • What are their goals?

  • What information needs to be protected?

Answering these questions helps establish the standardized framework and policy definitions that constitute your MVG. This is the hard work, the investment into the Modern Compliance goal.

However, once established, the MVG can quickly be applied across other apps, and operate globally. There might be regional variations, but there will no longer be any need to convene a whole committee for every new channel or region.

Once you have a framework established, it is straightforward, with scalable technology, to apply these policies and considerations to content transmitted over any app in any geo. The MVG sets you up to take Modern Compliance company-wide, using an approach that scales and doesn’t have a limited shelf life. As an organization scales, there will never be any need to re-invent processes; you can simply add more applications.

 

Technology_Dark-2Technology
 

Modern Compliance solutions set teams up to deal with both current and future digital applications. It does so via its two core features: automation and scalability.

Companies with single or cross-channel compliance requirements on their use of collaboration and conferencing apps can benefit from compliance technology. However, such technology can only be considered compliant if it effectively addresses key risk areas:

  1. Policy-based events. Being able to apply compliance policies and industry regulations to all communications.

  2. Time-sensitive risk events. These events need to be captured in real-time, like adverse reaction reporting (mandated by the FDA), or internal and/or external fraud (for finserv companies).

  3. Profile supervision. Making sure that anything coming in and out of apps is safe, secure, and compliant.

  4. Identification and removal of unauthorized accounts. Finding and taking down fake, fraudulent, rogue, or simply old accounts.

"The biggest conundrom for organizations, especially in highly regulated industries, is actually not really the technology. That's usually something that they’re able to pull in. The challenge is about getting everybody on the same page, and then having everybody be part of that equation. But if you can do that, it’s a game-changer. That’s where there is the excitement and the passion, and that focus opens up a lot of opportunity for everybody."

Francie Rawlings, Former Global Lead at Pfizer
Emerging Market Business Technology

ExecutiveProtection_Light_RGB

To address these key risk areas, Modern Compliance technology needs to possess these six features:

Automate_DarkAutomation
 

This is a priority. Automation is what will produce a 70-90% reduction in manual review costs. Agentless deployment, SaaS-based delivery, extensive policy library and QuickStart (Pro services) all accelerate time-to-value, and Modern Compliance technologies provide that.

Review_DarkPolicy rules and libraries
 

The policies and the rules that you want to set up in the automation engine need to be customizable. Out-of-the-box policy libraries for standard regulations are great for quick set up, but review teams need customization to adapt to changing protocols or new events. They need to be able to act within multiple languages, and be able to leverage NLP to detect regular expressions, not just keywords, and other problematic formulations.

ML_DarkConfigurable machine learning
 

Machine learning (ML) gives teams the power to effectively confront the challenge of message volume. In a compliance environment, machine learning must be configurable. Blackbox AI will not hold up in an audit. Machine learning also helps gain efficiency as the risks that matter to any given organization are prioritized for review over the ones deemed less important.

Insider_Dark-1Full archiving and audit trails
 

Modern Compliance technology is flexible enough to react to changing regulation requirements. It automates a full lifecycle of governance and compliance with a high degree of precision for low false positives. Full audit trails for litigation defense accompany every interaction to provide organizations with the most robust archive of interactions, protocol violations, and other events along with risk mitigation actions. Teams should have the power to customize their policies, define their own retention rules, and consolidate governance and compliance for a broad set of digital communication apps across social, mobile chat and collaboration apps to a single cloud-scale platform.

API-Connectors_Dark-1Direct API integration
 

Your Modern Compliance platform needs to be able to access the data highways in and out of the cloud platforms you’re securing. This API needs to cover both Applications and Products. It needs to be bidirectional, so that vendors can stay connected to evolving channel APIs, as well as extract relevant data and deploy defensive actions such as message quarantine.

Authorization_Dark-1Account-level protection
 

This is what will offer account protection for personal accounts and protect against the increased risks that come with BYOD. Protection at the account level (rather than just the device level) protects your team even within unsanctioned and unprotected apps.

 

Global 100 Pharmaceutical Leader Automates WhatsApp Compliance
Learn how they were able to drive digital transformation while being compliant.
Read Success Story
Global-100-Pharm-SS_TN
"In security, to be really good at the defense, you have to understand the offense."

Dr. Eric Cole
CEO, Secure Anchor

PODCAST_S02_E22_Dr.EricCole_v04-1
Collaboration Security Solutions Brief

Featured Customer Story

Get the solutions brief to learn how to protect against third-party risk, social engineering, ransomware, and insider threats. 

Download Now

Moving from Data Capture to Data Enablement

In a Modern Compliance model, 100% of interactions across all applications are captured. With these interactions digitally archived, the automated data collection transforms the entire role of compliance.
It empowers compliance teams to move from being seen as a cost center to being seen as a value-add by the rest of the organization.

The vast and steady flow of new data transforms from an overwhelming review challenge into a business insights opportunity. Plus, with the capability to archive and maintain full audit trails, compliance and legal teams can ensure the company’s legal readiness and facilitate discovery against litigation.

Within a typical organization, multiple departments are chomping at the bit to use various third-party cloud apps as broadly as possible.

Screenshot_5-1
LEAD BUSINESS CHANGE WITH STRATEGIC PLANNING
 
Only 31% of organizations have a documented process for requesting a new app to be added to the approved list.
 

SafeGuardCyber Survey April, 2019

Executive

With a Modern Compliance approach, all of these apps can be enabled. Then, compliance teams can begin to treat the hundreds of thousands of interactions generated by each channel as an enormous well of untapped data – about customers, markets, processes, and whatever else.

Business Benefits
  • Reduce manual review resources by 70–90%.

  • Start digital transformation projects with the full confidence of compliance teams.

  • Improve customer experience by evolving from channel point solutions to a holistic governance strategy for today’s multi-channel needs.

  • Gain business insights by evolving from digital data capture to data enablement.

 

Final Words
As businesses strive to keep pace with evolving customer demands, they are under constant pressure to adopt a proactive stance to information security with continual improvement and security by design. To summarize, executives can position themselves to offer greater business value by:
 
  • Driving a corporate culture change in which security is everyone’s responsibility
  • Building relationships with every department to overcome organization silos
  • Moving away from the department of “no” to becoming innovation leaders
  • Leading business change with enterprise digital transformation strategic planning

To help make life easier for today’s connected executives, we developed SafeGuard Cyber to empower organizations to use social media, mobile chat, and digital channels securely, compliantly, and at the scale of global business. With coverage across 50+ channels, such as Facebook, LinkedIn, WhatsApp, Slack, and Office 365, our clients unlock new markets and reach new customers, all while securing customer interactions and company data. It’s no longer a matter of saying ‘no’ to new digital and cloud technologies. It’s about asking ‘how’ an enterprise can embrace new technologies without fear.

Sources

Secure Human Connections

Ready to see how SafeGuard Cyber can help your enterprise reduce risk in modern communication apps?