Dr Guy Bunker, SVP Products & Marketing, Clearswift UK
The age of mobile working continues to gather pace. More people than ever before are working from home or on the move, rather than in the traditional office environment. This isn’t surprising. Businesses are becoming increasingly digital and as such, can provide staff with increased opportunities to work outside the office.
It isn’t just businesses that are leading the mobile working revolution - increased flexibility is also being pushed by employees. A recent study from BT found that 76 per cent of office workers include flexible working in their top three priorities of a benefits package from the ideal employer. This increased demand for mobile working capabilities means that organizations are having to evolve in order to recruit and keep their workforce happy.
However, as the demand for mobile working increases, so too does the threat to a business’s critical information. This was highlighted in a recent report, which revealed that 29 percent of organizations have experienced either a data loss or breach as a direct result of mobile working. The increased risk of attacks and concern about having critical information compromised or stolen means that firms need to ensure that while they are providing employees with mobile working capabilities, they are conscious about doing it in a way that isn’t going to put the organization at risk.
So, how can businesses make sure that their systems and devices are secure in the flexible working age?
Businesses need to ensure they have a policy in place when it comes to mobile working that is clearly understood by staff. To do this, they will need to do more than simply write down a set of rules for employees to follow. Organizations should offer training and awareness programmes alongside this to help workers understand what to look out for and what to do in the event of a problem. Some problems can be solved with a quick call to the IT department, however, if a business’s systems are hit with a ransomware attack, for example, similar to the recent WannaCry attack that affected organizations around the world, then staff need to make sure they understand what to do to limit the damage as much as possible.
Once staff are aware of how to remain secure, the next step for businesses is to ensure they have the right security technology in place to create a safe environment to work remotely. To do this, organizations need to address the following:
- Ensure that all mobile devices have secure passwords. There are still a large number of companies who allow employees to use their own device or provide company devices that don’t have password protection. This means that anyone could easily access the devices and, therefore, critical information. Passwords are vital.
- Mobile devices, such as tablets and phones, which have access to critical information should have a remote wipe or kill application installed. This means that if the device is lost or stolen, the information can be remotely destroyed quickly before it’s accessed.
- Make sure that the mobile working environment is as secure as the office. To do this, businesses and staff should ensure that endpoint security solutions, such as anti-virus software, are kept up to date, as well as any patches to the online servers and applications. Updated software is far more secure than out of date software.
- Use a virtual private network (VPN) to protect internet traffic and ensure that it has appropriate policies applied. This can be done automatically, so all web traffic is routed through corporate security gateways, which will carry out anti-virus checks to ensure that the sites being accessed by staff are safe and secure.
- Make sure that mobile workers’ machines are properly backed up and that the backed-up content is secure. That way, if information is lost by someone working remotely, this data can be recovered from another location.
- Deploy a data loss prevention (DLP) solution. However, this should not just be in use on the gateways, but also on the endpoint. Through using security gateways as well as DLP, businesses can ensure that critical information isn’t being sent inadvertently or maliciously by staff.
- Carefully consider and learn about cloud based applications and collaboration tools before implementing them to ensure their use does not contravene information security policies. For example, when working remotely, it is very simple for staff to share something through cloud tools such as Dropbox. However, while this may be simple, it can leave the transferred information insecure and may not comply with the firm’s security policy, which will create a nightmare for the CIO.
By educating staff, implementing clear policy, and ensuring security systems are up to date, businesses need not fear the impacts of the mobile working revolution. Instead, they can embrace the changing work landscape to thrive and succeed, all in a safe environment.
- Clearswift SECURITY+: augmenting existing security infrastructure to combat today's information borne threats
- A Quick Guide to Data Loss Prevention (DLP) - video
- Information Governance, Compliance and the EU GDPR
- Contact Clearswift