When Data is on the Move: Remote Working and its Risks
Remote working brings real business benefits to any organisation. It can improve employee satisfaction and boost workforce productivity, which ultimately will have a positive impact on the bottom line. However, IT departments are struggling to constrain the use of employee-owned mobile and removable devices for work activity. Organisations are at risk of losing control of corporate data and setting themselves up for a fall, in the shape of hefty fines and reputational damage as a result of a data breach and non-compliance. Jon Fielding, Managing Director, EMEA Apricorn discusses how to broaden boundaries and considers people versus policies.
The ability to be online at all times and work on the move is not only something that many employees expect, it is also vital in improving operational efficiency in many businesses. Portable devices such as laptops, notepads, smartphones and USB storage devices have rapidly increased in capability, but this means the associated risks are also growing. Devices that employees take with them and use beyond the corporate network perimeter are much more prone to loss and theft. In addition, users are often oblivious to the security threat to the data they carry, making a data breach even more likely.
Addressing the risks of remote working should be a clear priority for any organisation. Data losses are now an almost daily occurrence with companies large and small making news headlines. One wake-up call was the JP Morgan breach in 2014, which saw 83 million customer records compromised after hackers gained access through the computer of an employee working from home. However, a recent survey conducted by Vanson Bourne on behalf of Apricorn found that some companies still aren’t doing enough. While nearly half of surveyed organisations agreed that employees are their biggest security risk, and more than a third said BYOD and mobile working were among the biggest risks to their organisation in 2017, one in ten companies with over 3,000 employees still did not have a security strategy that covers remote working and BYOD.
The research also found that nearly a third of surveyed organisations had already experienced a data loss or breach as a direct result of mobile working and as many as 44 per cent expected that employees would lose data and expose their organisation to a data breach. To make things worse, many organisations are unsure how to manage information security risks in accordance with regulation and compliance requirements. The European General Data Protection Regulation (GDPR) is due to come into force in May 2018, but the Vanson Bourne survey revealed that as many as 24 per cent of the surveyed companies were not aware of the regulation or its implications. Even among those who were aware, 17 per cent had no plans for compliance.
People versus policies So, what should businesses do to minimise the risks of mobile working? Firstly, it is important to keep abreast of changing compliance mandates to ensure the security of the user, the device and the data it houses, and to maintain adequate security standards across the business. Secondly, mobile security policies should be consistent across all mobile devices, including portable storage devices, smartphones, and laptops. These policies must also cover removable media such as USB sticks, and crucially, the organisation must have a reliable way of enforcing the relevant security strategies. IT departments will have to implement security policies appropriate for the type of device and the information it contains, but without needlessly constraining personal productivity. Frustratingly, employees often see security policies as a barrier to productivity, and they will likely try to find a way around them. Ensuring staff are educated in the secure use of their mobile devices helps employees understand the reasons behind the security policy. This empowers them to help mitigate the risks associated with remote working and ultimately, to minimise the likelihood of a data breach.
"As a result of their proactivity, great ideas and tenacious approach, Origin Comms has been able to make a real difference in a short amount of time. "
UK Marketing Manager
"The Origin team are a core part of our extended group. We trust them implicitly to help drive our PR efforts."
SVP Global Marketing
NTT Com Security
"The only PR agency with whom I have worked, where the client struggles to keep up with the opportunities Origin finds for them."
VP Sales EMEA and APAC
"Origin Comms has worked with NTT Com Security for many years now. We always appreciate their accessibility, professionalism and flexibility."
NTT Com Security