By Dr. Guy Bunker.
After the summer break, businesses need to remind staff of security policies.
Businesses nationwide are getting back to normal this week as employees return from summer holidays and the kids are back to school. Although a lot of people have returned back to the office, in today’s 24/7 connected world most people were still checking email and in work mode while on holiday. A recent survey of 1200 managers by the Institute of Leadership & Management revealed that over half (54%) felt compelled to work while on annual leave, with nearly three quarters (71%) reading and responding to emails and nearly a third (31%) taking phone calls. (Hey, let’s face it… I do this as well, but do try and keep it to a minimum!)
Although this may sound like a dream for the employer, this blurring of work and personal life can be potentially damaging when it comes to IT security and information risk. After the summer break it’s a great opportunity to remind all employees of the policies and procedures in place to protect the organisation’s critical information. We all experience holiday blues – but soon get back into the swing of things after a few days, but sometimes bring the less-regimented practices that became common on holiday back to the workplace. One simple example is email and messaging, when you send personal stuff to the wrong person it can be a little embarrassing… but hey, it was after a glass of vino. When back at work, a double check on the recipients is in order – remove those ‘personal’ contacts from the quick complete email address lists, so that company information doesn’t accidently end up with your friends, and cause a data leak nightmare for the CEO.
With an evidently large proportion of employees accessing work emails from abroad, it’s clear that policies on BYOD data security need to be enforced, especially before and after the summer holiday period. An astonishing 47% of UK adults now use their personal smartphone, laptop or tablet for work purposes and 90% of those polled for the VAIO Digital Business 2013 report have accessed company data from a personal device. Those who don’t work from home may nonetheless be saving company data to their personal devices; 66 admit to doing this, according to the VAIO poll.
Clearswift’s own research Enemy Within, showed that 83% of organisations had experienced some form of data security incident in the last year with over a third (33%) of security threats attributed to employees; through misuse of USB or storage devices to save company data, inadvertent human error (e.g. sending an email to the wrong recipient) and employees sending work-related emails via personal email accounts or devices (BYOD).
The blurring of work / life on holiday particularly with the emergence of BYOD means that there needs to be regular reminders to all employees as to why information needs to be protected and the consequences of not doing so correctly. A quick policy reminder can avoid all sorts of problems including the costly and reputational damage to the company that a data leak can create.