When Leo Tolstoy began his novel, Anna Karenina with the line, “All happy families are alike,” he wasn’t kidding...and he wasn’t just talking about families. The so-called “Anna Karenina” principle, which holds that successful organizations and endeavors have in common certain essential qualities (whereas failure occurs in myriad ways), has been said to apply not only to families but to all organized structures --from microbiomes¹ to the stock market². It applies equally to company culture as well. So what do all successful businesses have in common?

Hint: it’s a trick question

You wouldn’t be wrong to say that all successful businesses have happy customers. However, happy customers are only possible with happy employees. Happy employees drive growth, empower innovation, and engender creativity in the workplace.³ And what do all employees want? Well, a good 99% of them want to be able to work remotely at least some of the time, according to Buffer’s State of Remote Work Report. Luckily, Buffer also found that 91% of business owners support remote work, which, of course, means that 91% of businesses must be successful, right?

Yeah, no. So, what’s with the disconnect? According to Mark Fairchild, Smart Office president, the disconnect happens between supporting remote work and actually having the infrastructure to make remote work...work. In a recent article for Chief Executive, Mark offers three key best practices for supporting remote work:

Keep the lines of communication open

Did you know that only 40% of American workers think email is an effective form of communication? The overuse of email as the primary communication tool among employees has resulted in more than half of all professionals experiencing increased stress levels and nearly half missing project deadlines. “If your company hasn’t updated its means of internal daily communication, this is your next step,” writes Mark, who recommends using:

• Internal chat tools, which can help employees track down their mobile colleagues more quickly
• Video-conferencing platforms, which make face-time possible even remotely
• Document-sharing platforms to permit easy (but secure) access to data

Here is how Exela empowers global, mobile teams with secure, high-speed communications, including text messaging, video chat, web conferencing, file sharing, and mass notification capabilities.

Take training digital

“Once your company has the digital workflows in place to allow for remote work, you need to think about how you can effectively train new employees from virtually anywhere in the world,” Mark advises. “For onboarding and employee certification and retraining, digitized training tools offer significant value.” Such tools are in use within Exela (I used them in onboarding and continue to do so for periodic training). We make them available to our customers as well. Our Learning and Development solutions offer the ability to plan, publish, and deliver self-paced online courses for employees to keep them up to date on the latest information and certifications.

Manage your space

Although increasing your remote workforce reduces the need for fixed desk assignments, that doesn’t let you off the hook with regard to maintaining a positive, engaging physical space. In fact, a full 83% of employess surveyed by Buffer expressed a preference for working in the office at least some of the time. “Managing real estate with a varying occupancy rate can be challenging,” Mark notes. One of those challenges is in predicting facility usage needs. Outfitting facilities with sensors powered by the Internet of Things offers a viable solution, providing real-time occupancy details as well as long-term analytical reports to help effectively manage office space.

“As physical location becomes less relevant to business operations, digital communication and collaboration solutions will continue to grow more vital,” Mark concludes. “Companies that embrace this trend will have many new opportunities to save money, attract the best talent and increase productivity overall — now and into the future.”

1. https://science.oregonstate.edu/IMPACT/2017/08/anna-karenina-principle-unhappy-microbiomes
2. https://realmoney.thestreet.com/investing/stocks/the-stock-market-and-the-anna-karenina-principle-15075703
3. https://www.tlnt.com/the-next-great-employee-benefit-a-better-office/

“Competitive advantage relies on keeping information (and processes) secure,” notes Mario Carneiro, Exela’s Manager of Data and Technical Security, so the first rule of data security is keep your data secure. That’s also the second rule of data security. That means doing whatever it takes to maintain the integrity of your systems and the data housed within.

Here’s why security is the transformation you should be talking about.

In addition, however, data security is governed by a complex web of laws, rules, regulations, and policies (for this purpose, we’ll refer to them collectively and individually as “rules”). The purpose of such rules is to prevent abuse of information to which an enterprise has access, Carneiro explains. Which rules apply depends upon the nature of the data being protected, the applicable industry, the unique characteristics of the company in question and even different departments within the company, and who and what has jurisdiction over the relevant company.

Many of the rules derive from statute (most of the acronyms you might be familiar with when it comes to rules refer to statutes), but some derive from common law (such as case law regarding privacy). Some of the rules (for example, rules arising under common law, the Data Privacy Act of 1974, and to some extent, HIPAA (The Health Insurance Portability and Accountability Act of 1996) pre-date the current data breach boom that began around 2005.

The following rules apply primarily to enterprises governed by the laws of the U.S. and the European Union. For enterprises governed by the laws of their nations still more rules will apply.

The National Institute of Standards and Technology

A number of rules are based on, and comply with, the guidelines and standards issued by the National Institute of Standards and Technology (NIST), a non-regulatory agency that is part of the United States Department of Commerce, whose mission is advancing security standards in the interest of promoting U.S. innovation and competition. These include:

• FISMA - the U.S. Federal Information Security Management Act, which requires implementation of information security controls, including periodic risk assessments and security awareness training, in each case using a risk-based approach. FISMA applies to all federal government agencies, state agencies that administer federal programs, and private companies that support federal programs, sell services to the federal government, or receive federal grant money.
• HIPAA, which imposes national standards for electronic health care transactions to guard the security and privacy of personal health information.
• FedRAMP, which is a government-wide program that provides a standardized approach to cloud security.
• HITRUST CSF – the HITRUST Common Security Framework, which is a set of standards put forth by a non-regulatory agency that nevertheless is intended to meet the requirements of multiple regulations and standards: which is a prescriptive set of controls that meet the requirements of multiple security rules, all pertaining to healthcare organizations and their business associates. HITRUST CSF is not only based on NIST, but compliance with it should ensure compliance with:
  • HIPAA (described above)
  • PCI DSS (Payment Card Industry Data Security Standard), which is a set of requirements for enhancing security of payment customer account data and is applicable to retailers, credit card companies, anyone handling credit card data.
  • ISO/IEC 27000-series (also known as the ‘ISMS Family of Standards’ or ‘ISO27K’ for short) comprises information security standards published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) and provides best practice recommendations on the management of data security risks through data security controls.

Other rules

• GLBA - the Gramm-Leach-Bliley Act of 1999 (also known as the Financial Modernization Act of 1999), which aims to protect consumers’ personal financial information held by financial institutions, and is applicable to financial institutions and companies providing financial products and services to consumers.
• VA 6500 – information security standards in connection with information stored in or accessible by the Veterans Administration. Security standards in connection with the Veterans Administration.
• IRS 1075 - encryption requirements for Federal Tax Information.
• EFTA – The Electronic Fund Transfer Act, dating back to 1978, protects consumers engaging in electronic fund transfers from errors and fraud and applies to financial institutions that hold consumer accounts or provide electronic fund transfer services, as well as to merchants and other payees.
• FACTA - The Fair and Accurate Credit Transaction Act, enacted in 2003, amends the Fair Credit Reporting Act to help consumers avoid identity theft. It applies to financial institutions, credit bureaus, credit reporting agencies, any business using a consumer report, and any business that collects payments.
• GDPR – The General Data Protection Regulation consists of data security rules applicable to the U.K. and the E.U., and it dovetails with the Privacy Shield Framework with regard to transferring GDPR- governed data to the U.S.
• Directive (E.U.) 2016/1148 of the European Parliament and of the Council of 6 July 2016, concerning measures for a “high common level of security of network and information systems across the Union.”
• Privacy and Electronic Communications Directive 2002/58/EC on Privacy and Electronic Communications (also known as the ePrivacy Directive, or ePD), which is an E.U. directive on EU data protection and privacy, which is currently in the process of being updated and aligned with the GDPR.
• FERPA – The Family Educational Rights and Privacy Act protects the privacy of student education records and applies to all schools that receive funds under an applicable program of the U.S. Department of Education.

How to know which rule(s) apply to your enterprise

It’s not always obvious which rules might apply to your particular enterprise, and it gets even more complicated when you’re a global provider of services across multiple industries like Exela is. Accordingly, it’s always advisable to either have a compliance expert on staff or to have one with whom you consult regularly, not just on compliance but on record-keeping with regard to such compliance. As alluded to in here, that’s something you should be thinking about as part of your data security best practices. In addition, please be aware that Exela offers solutions to help keep you in compliance.

In the weeks ahead, we’ll be diving in to explore how system and data security dovetail with data privacy and all the laws and regulations with which your digital transformation provider should be compliant. We’ll also explore those security matters you’ll want to consider when choosing your digital transformation partner. If you missed the earlier posts in this series on cyber security, you can catch up here on:

• Why security is the transformation you should be talking about
• What we’re really talking about when we’re talking about security
• 21 Staggering Security Statistics Every Business Should Consider
• How the Bad Guys Get In: Cyber Attack Vectors
• How to Keep The Bad Guys Out: Cyber Security Best Practices

Gotta read it all now? You can download the entire series as a flipping-book here.

A Leap Into The Breach: Leveraging
Cybersecurity to Master Your Domain

In the future, be sure to subscribe to Exela’s quarterly thought leadership publication, PluggedIN for up-to-the-minute news and views on topics that matter to you.