We live in a day and age where information is all around us, in ample and on a diverse range of topics. All we have to do to find it is to 'search' it. Generating this information or content, in the form of updates, photos, videos, infographics etc., are people - like you and me. People who work in organizations that are often governed by certain HR and IT policies; or maybe not. For the former, the pre-defined rules set the boundaries of what can be done and what cannot be done.  That’s easy. But it's the latter, then maybe not, that gets the HR worried when it comes to sharing company-specific information on their social networks. 

Restraining employees from talking about the company affairs has both pros and cons. Pros - the information sent out to the mass media is better controlled, leaving little or no room for bad publicity. On the other hand, the biggest con is that a potentially great branding and marketing opportunity is lost, as we all know too well that the real testimony to a company's success is its people. 

Areas like Social Media and Digital Marketing have altered the role of an HR (or CIO in organizations with a dedicated team/personnel for monitoring the information usage and spread) for good, as the HR of today needs a very holistic approach. Additionally, this approach has to be outside-in and not inside-out to achieve better results.

It's not just the social networks that present a threat to an organization's reputation, the learning/training as we know it too, has undergone a sea change. A great bulk of it now lies in the hands of employees, what with Mobile Learning and other evolving technologies. This increases the susceptibility of information leak too, with the Internet Of Things (IoT) further adding to unmanaged risks. As per statistics from cloud security vendor, SkyHigh, which has tracked the usage of data sharing across 22 million employees working within 500 organizations, where it sold its product in 2015, the average organization shares documents with 826 external domains, which includes business partners and personal email addresses such as Gmail, Yahoo Mail! and Hotmail. Of the shared files, 9.2 percent contain sensitive information.

Another 2015 study, the Ponemon Institute reported:

• Nearly 40 percent of large companies, including many in the Fortune 500, aren’t taking the right precautions to secure the mobile apps they build for customers
  
  
• Only 5.5 percent of the mobile app budget is currently being allocated to ensuring that mobile apps are secure against cyber-attacks before they are made available to users
  
  
• 50 percent of these organizations were found to devote zero budget whatsoever towards mobile app security
  
  
• 55 percent state their organization does not have a policy which defines the acceptable use of mobile apps in the workplace

The Divide

Where and how thin/thick is the line between 'okay to share' and 'not okay to share'? How much sharing is too much? What can be done about Information Security in general?

There is no real balance between sharing and security – one must supersede the other in alignment with the overall business model and goals. For an IT company or for that matter any company, Information Security is the unchanging underlying thread across the organization and cannot be compromised. All other policies around Information need to be designed with this fundamental understanding. With this in place, while designing rules/policies for information sharing, it's important to visualize the same in three layers – Core (only for employees and staff), Extended (Customers, Suppliers, Partners) and External (General Public – anyone not in Core and Extended layers). 

Once these layers are identified, it's easier to define rules for each and also rules for sharing information across the layers. However, the underlying driver is Information Security. Every employee and staff member needs to be thoroughly aware and sensitive towards his/her own role in securing the information.

The good or bad thing about business dynamics is that it keeps evolving. However, the Internet and now the mobile revolution has made this evolution much faster than can be kept pace with using traditional approaches and tools. Today we need a very agile, adaptable-to-change-on-a-short-notice kind of approach to handling the challenges that the changing technological landscape in general throws at us. 

Top 5 challenges 

In my view, following are the main challenges that the HR leaders face while handling the ever-changing tech world of the workplace and managing the workforce: 

1.    Mobile Everything: Everything is moving to mobile which also means that office work is moving to mobile. The complexities of a device in the hands of employees and one that is always ON are mind-boggling. Sooner than later, this has to be accepted as a way of work and instead be leveraged for an increase in productivity, employee motivation and real-time analytics.

2.    BYOD: Related to the point 1 is the BYOD (Bring Your Own Device) concept. This also brings with it the need and challenges of Enterprise Information Security and Data Handling. The focus needs to be high on BYOD – but in the context of strong MAM (Mobile Applications Management) and MDM (Mobile Devices Management) to ensure secure and hassle-free access to information on own devices.

3.    Agility: IT is no longer a sequential process. It has to become agile and very adaptive. A big challenge is to inculcate this as the underlying way to work.

4.    Social Footprint: Like any other organization, IT organizations also need to grapple with their social footprint. The challenge is to leverage the social media, but also ensuring that it is used in the context of information security and other business principles. Restricting social media for employees tend to rebound adversely and giving a free hand also may result in risky situations. The balance is critical and challenging.

5.    See the future: No, not the prophetic one, but the ability to sense how fast things are changing and be ready for further changes. Keeping an eye out for all that is happening worldwide is no small thing and is a huge challenge. One never knows from which part of the world will emerge the new disruptive technological force which changes things drastically, yet again. So, be ready and be alert.

The fact remains that today's organizations have a parallel digital entity, which is represented by the company itself and its employees too. This entity generates information in an unplanned, unexpected and mostly unpredictable manner. It's in everyone's interest to respect the information available and, most importantly, to use it responsibly.

In the light of these challenges (and several unseen ones), the three key to-dos for the HR would be:

1. Build a risk-aware workforce: Building a risk-aware workforce starts with developing a workplace culture that empowers people to do actions and perform their job with minimum to no risk to Information. This can be done by laying down the risks and educating all users by spreading the word. 

2. Invest in the right resources: While, sometimes, some robust security tools can help you keep a check on the information usage, other times, it's critical to hire qualified personnel who can protect your business from ongoing or potential security breaches.

3. Get (security) intelligence through data analytics: The enormous amounts of data that companies collect can be used to track threat vectors, identify potential attacks and monitor the effectiveness of countermeasures. 

The fact remains that today's organizations have a parallel digital entity, which is represented by the company itself and its employees too. This entity generates information in an unplanned, unexpected and mostly unpredictable manner. It's in everyone's interest to respect the information available and, most importantly, to use it responsibly.