Eric Johnson is the Chief Information Officer of SurveyMonkey.
There’s a new wave of data coming at organizations—and this time, it’s a tsunami. The global COVID-19 health crisis is contributing to a growing need to gather sensitive data from customers and employees, especially where health and safety are concerned.
As confidential data collection becomes increasingly important for many businesses, so does the need to protect and secure it. Read on to learn 3 reasons why organizations should pay close attention to data collection during the COVID-19 crisis and what can be done to protect it.
Reason 1: Newly-minted WFH employees
The recent surge of remote workers increases the potential for data security risk, prompting a rethink of information security protocols. The probability of data leaks, or worse, data breaches, grows as many newly-minted remote workers are inexperienced when it comes to security protocols. For instance, from an employee knowledge perspective, they may not be aware of certain security protocols or, may not be educated on best practices to avoid a social hack.
In addition, home computing resources pose a security risk if not protected by corporate security standards/solutions. These scenarios, coupled with an escalation of remote access, are likely to overwhelm IT staff.
To help mitigate these risks and protect sensitive data that’s being collected, it’s important for organizations to take appropriate precautions to protect that data. Start with a robust security training program on how to identify/report phishing and understanding data handling policies. Invest in solutions that help to ensure data is both accessible and secure.
68% of IT professionals feel the risk of collecting unsecured,
sensitive information has increased due to the current pandemic
Source: 2020 SurveyMonkey Audience Study for IT professionals
Reason 2: Sensitive data collection is on the rise
Many organizations are adding surveys to their tech stacks to help address the challenges brought on by the COVID-19 crisis. With an increase of surveys—that might range from inquiries about travel plans to questions about possible contact with infected individuals—comes the inevitable flood of personal and health-related information.
A recent article in Cambridge's Data and Policy blog, maps out key topics related to COVID-19 where data and analysis are needed—highlighting a need for responsible data collaboration. From public health needs (e.g. identifying surge readiness and supply levels) to social needs (e.g. understanding public perceptions and behavior), there are many ways survey data can help decision-making in the time of COVID-19.
For example, Rhode Island Governor Gina Raimondo and the Rhode Island Department of Health are using SurveyMonkey with Salesforce to monitor people who have been exposed to coronavirus or tested positive, to understand how the disease is spreading and the effect it’s having on its citizens.
Respondents can opt-in to the study to help the state research the disease and plan for prevention. The goal is to learn more about how the virus is impacting the community and provide support for the areas that need it most.
See more ways organizations are using surveys to make a positive impact during the COVID-19 crisis here.
Reason 3: Unsanctioned technology in the enterprise is growing
Combined with the fact that as many as 59% of U.S. workers are working remotely, companies are facing an increased risk—where devices and applications used for work purposes are not supported or approved by the company for use.
A recent SurveyMonkey Audience study for IT professionals* found that 59% of respondents agree the risk of unsanctioned technology has increased due to the current pandemic. So, how can organizations protect their online data and stay ahead of threats?
The study shows that IT professionals are taking the following measures:
- 29% of respondents are installing new technologies to ensure visibility
and monitoring capabilities
- 21% say they are enforcing governance policies
- 14% are restricting access to sensitive data
- 36% are taking action through a combination of the above
87% of customers say that enabling SSO has decreased
the risk of sensitive data landing into the wrong hands
Source: 2019 TechValidate study of users of SurveyMonkey Single Sign-On (SSO)
A note on HIPAA compliance and PHI
In the U.S., the Health Insurance Portability and Accountability Act (HIPAA) requires covered entities and business associates to ensure the protection and confidential handling of individually identifiable health information (protected health information or PHI)—which can include things such as whether an individual has been tested for the coronavirus or is experiencing symptoms.
HIPAA is often associated with healthcare. Yet many organizations across insurance, retail, schools, and other industries may also collect PHI, especially during a global health crisis. Because PHI is protected under HIPAA, organizations that are subject to HIPAA compliance and collect it may be held liable if they do not keep that information confidential and secure.
Learn more about how SurveyMonkey can help with HIPAA compliance here.
How SurveyMonkey Enterprise can help
SurveyMonkey Enterprise has many features that help protect sensitive data to ensure it remains secure and compliant. Here are a few:
- Account activity logs show the history of anyone who has accessed the account as well as specific actions they’ve taken.
- Admin dashboard gives insight into users, accounts, and all survey data being collected. It also allows for user management by provisioning accounts and assigning roles and permissions.
- Automatic user logout reduces the likelihood that users will accidentally put information at risk by leaving confidential information on screen for any passerby.
- Centralized data and user management enables admins to reassign the data from people who are leaving an organization, either by choice or not.
- Data encryption (TLS) reduces the risk associated with people taking surveys, no matter the device, ensuring security from the browser back to the server where it's securely stored.
- Options to reduce the identifiable attributes of responses (e.g., IP addresses) helps protect your respondents’ privacy and put their minds at ease. Keeping responses anonymous where possible is a key part of HIPAA compliance.
- PHI share alerts let you know instantly when someone shares PHI, so you can take necessary actions if needed.
- SSO allows organizations to control who can access a SurveyMonkey account associated with their domain, and create authentication policies for increased security.
As organizations continue to navigate the challenges brought on by the COVID-19 crisis, IT professionals should consider the type of data that’s being collected and how it’s being managed.
Learn more about our enterprise-grade security and how you can safely collect feedback at scale here. Interested in talking to an expert? Get started.
*Methodology: This poll was conducted online on May 28, 2020 among a total sample of 263 adults age 18 and over living in the United States, employed full-time. The research was performed via SurveyMonkey Audience, an online panel where respondents take surveys in exchange for compensation.