The workplace is no longer housed within physical walls, and the corporate network has transcended and expanded beyond the corporate perimeter in order to provide access to company data for those employees working remotely.
Whilst the workplace has undergone fundamental changes over the past decade, one major change announced earlier this year was that all employees in the UK are now eligible to request flexible working hours. This legislation enables employees to work weekends, evenings, or potentially set up their office from home.
Recently launched research into mobile working shows that companies are still struggling to equip employees with the flexibility to take work away from the office, without jeopardising data security. As many as 41% say they either don’t have the right tools to work remotely, or feel that these could be improved.
The security implications of remote and flexible working are an on-going challenge. With more employees working from home, or away from the office, organisations are tasked with the monumental challenge of providing secure access to corporate networks.
Making the appropriate data available to a select number of people, whilst securing digital assets to avoid a data breach; remaining compliant and adhering to regulations; and managing and supporting a disparate workforce without compromising on efficiency; are all challenges that need to be addressed.
Here are IronKey by Imation’s 5 steps to securing the mobile/remote workforce:
1. Policies
Whilst technology is already sufficient enough to make remote working a viable option, minimising the amount of sensitive data leaving the company, and reducing the risk of a significant breach, is imperative.
IT departments need to be sure that their security technology is seamless to the user; and put security policies in place that will not impact on productivity and hinder employees in their remote working. Fewer than six out of ten respondents in our survey said their organisation had a remote working policy. Of those that do have a policy, over a quarter admitted they had broken the policy in order to work remotely.
Creating, implementing and enforcing the correct security policies and procedures is crucial; deciding who has access to what, how, and where? Consider the roles of each employee and what information is required for them to perform their jobs properly and limit access accordingly. These are all things that should be considered when configuring policies.
2. Management
Protecting sensitive information and intellectual property should be a priority for all organisations. Disabling outdated user accounts when employees exit an organisation, implementing policies with privileged account passwords, updating them regularly and limiting access to corporate systems, are all crucial to keeping data secure.
Businesses need to be able to manage and track the data when it leaves the organisation. Management improves the user experience by automating authentication for lost passwords, and having processes and technologies in place will allow devices to be tracked whenever they are plugged into an Internet-connected PC.
3. Education
It is important that staff are educated on the responsibilities of handling mobile devices and the data security risks that go with them. This will ensure that they can work remotely without risk of a data breach.
From the moment employees join the organisation, ensure that they are given ongoing, comprehensive training about working procedures whilst away from the office. Employees must be made aware of security policies and procedures, and adhere to these to avoid breaching security and failing to comply with not only corporate legislation, but government and compliance mandates that are put in place to protect data and the organisations that house it.
4. Encryption
Whilst user names and passwords are important, if data isn’t encrypted, its integrity can easily and quickly be compromised. Information security managers can mitigate external security threats by encrypting and thereby protecting the confidentiality of data, and authenticating endpoints to verify identities.
IT departments need to provide fully encrypted and password protected devices that can be used outside the office. Whether data is in transit, or at rest, encryption is vital to safeguarding confidential company information.
Passwords alone are inherently insecure, and should not be solely relied upon. Multi-factor authentication such as voice, retina or biometrics alongside existing password controls will tick a box in a long list of vulnerabilities to secure.
5. Incident response
With so many incidents and high profile breaches making the headlines, employees need to take heed. Companies need to be confident that if a device is considered to be compromised they can remotely lock it down, wipe it, or initiate a self-destruct sequence to remove the data in order to protect themselves and their stakeholders.
Remote working is a burgeoning business model, and organisations should be prepared to protect their networks and intellectual property in the best possible way – security is fundamental in this process.