By Dr. Guy Bunker @guybunker
As of today, the new Flexible Working Regulations and Part 9 of the Children and Families Act 2014 will come into force, extending the right to request flexible working to all employees after 26 week’s service, rather than only those with children under the age of 17 (or 18 if the child is disabled). But according to research by Citrix, only half (55%) of SMB decision makers are aware of the new legislation and almost half (46%) of SMBs have no flexible working policy in place. But further to that, do these same organizations, and indeed any organization, have detailed policies in place to deal with the potential change in working practices? Agility within the workforce is great, but when it comes to the organization’s critical information this increased agility often results in increased risk. Employee error is now the greatest security risk for organizations, so the question that needs to be asked is, is your company prepared for more cyber risks?
It is imperative to have information security policies in place that account for devices being used outside of your company’s network. Whether this means supplying devices specifically for flexible working, or stipulating that all personal devices used for flexible working must have the company’s standard security software installed, preparation and communication is key. Furthermore it is important to have the right technology solutions in place to enforce the policy and ultimately protect the organization’s critical information.
Even without this new legislation, it is highly likely that employees are already sending corporate documents to personal devices or transferring files from a USB to another device, so the risk already exists today. The new legislation just makes it more difficult to ignore. (Furthermore, the new EU legislation on data protection and privacy, will mean there are very real penalties to not actively mitigating the risk... it’s a bit of a double whammy!)
The blurring of work and life boundaries that exist on devices, both with the changes to the law on flexible working and the general rise of BYOD, means that it’s far too easy to send information to the wrong person via email – and then be penalised for it. Clearswift’s own research on ‘The Enemy Within’, showed that 83% of organizations had experienced some form of data security incident in the last year with over a third (33%) of security threats attributed to employees; through misuse of USB or storage devices to save company data, inadvertent human error (e.g. sending an email to the wrong recipient) and employees sending work-related emails via personal email accounts or devices (BYOD)*.
New solutions exist to protect the organization and its critical information even with an agile workforce. While traditional Data Loss Prevention solutions can block communication, the next generation which includes Adaptive Redaction improves collaboration. It automatically removes sensitive data from within email or files when they are transferred across the organizational boundary rather than just blocking it, providing the organization with assurance that the critical information is kept safe, while enabling workers agility in their working practices.
New working practices are good for all of us, by installing technologies that prevent the risks of human error, as well as malicious intent, and communicating clear guidelines on company policy, organizations can make the most of the changes.
* Conducted by Loudhouse Research during 2013, with IT decision makers in companies of various sizes in the UK.