The UK’s army of remote workers is growing. You may have embraced the notion of working from home – but have you overlooked the data security implications of this fast-evolving way of operating? Here’s what should be on your radar…
The figures: do employees take security seriously?
Office for National Statistics research indicates that almost 14% of us now work remotely on a regular basis. Hassle-free access, real-time collaboration tools, instant messaging, lag-free video conferencing: advances in all of these areas (not to mention the onward march of the smartphone) help to explain why the proportion of firms with at least some of their employees working from home has increased from around 20% to just under 60% over less than a decade.
The indications are that remote working is a big hit with employees, with CIPD research suggesting that it can help boost engagement, productivity and staff retention rates within organisations. Your staff may jump at the chance to take up remote working where it’s available – but are they as quick to stick to the rules so far as related security measures are concerned? Perhaps not. In one recent study, a quarter of employees admitted breaching security policies to work remotely, with a strong suggestion that human error and neglect on the part of employees is putting business data at risk.
You may have policies on paper, but are they being adhered to by your people on the ground? Here are some common danger zones…
Lost and stolen devices
The laptop left on the train, the mobile deftly removed from a back pocket or handbag… None of us are immune to this type of event and while physical devices can be replaced easily, the real risk lies in the possibility of business-sensitive data getting into the wrong hands.
If you’ve got a ‘bring-your-own’ policy in place whereby employees may use their own devices to access company data, draw up minimum requirements to prevent business use of substandard devices. Look carefully at tools that compartmentalise business from personal data and that enable your IT department to remote wipe business data in the event that a device goes astray.
Failure to keep up with patch cycles
The reality is that if someone is intent on stealing your business data, the way of going about it will probably not be via a stolen device but by a malware arriving via the web or email. The threat is real: malware attacks doubled in number last year, with UK systems experiencing more attacks than any other European country.
The chances of infection can be cut drastically by ensuring that you keep on top of basic IT hygiene by installing updates and security patches as and when they are released. For a small team all based in-house, this is easy to manage; you or your IT guy can go from desk to desk making sure that it’s done. For remote workers, you could rely on good faith – but it’s far less risky to use a combination of automatic update activation from the software providers, along with a patch-management tool to manage the distribution of updates to remote devices.
Weak password protection
All of your data business data accessible on remote devices is ‘password protected’, but just how far does this go in keeping it out of the wrong hands? Much depends on whether you have a robust password protection policy in place. For instance, one Global Security Report revealed that the most common password in use among global businesses is ‘Password1’. On paper, it might have more than six characters, a combination of upper and lower case and a numerical digit thrown in, but its predictability also makes it a potential early Christmas present to an attacker using a brute-force password cracking tool.
Across the board, ensure that your in-house and provider-supplied recommendations concerning length, complexity and predictability of passwords are being followed – and be especially careful to ensure remote workers are in on the memo.
Meeting the challenge: does ‘The Cloud’ hold the answers?
For businesses relying increasingly on remote workers, cloud-based applications can look extremely attractive, not least because responsibility for most data-security elements is shifted away from internal IT departments and into the hands of the service providers who are often much better equipped for the job.
But just because it’s in the cloud, it doesn’t mean that your data is under impenetrable lockdown and remote workers still need to be aware of their personal responsibilities – especially when it comes to safeguarding personal devices.
Are you covered against the possibility of a business-critical data leak? Speak to professional indemnity insurance experts such as Bluefin Professions for an insurance solution tailored to the specific risks faced by your business.