Work Wise Week: Securing the flexible worker

gallery

The benefits of flexible working are clear. Employees can see more of their family when they work from home and road warriors will have access to the same information whether they are at the office, on the road, at the airport or at a client's offices. But having confidential information at the touch of a button can also bring its own challenges.

An organisation's data is its lifeblood. If that data falls into the wrong hands it can damage a brand's reputation in an instant, even when it has taken years to build up in the first place. So, what exactly are the security risks posed by flexible working and what can companies do to mitigate risks and increase productivity of employees out of the office?

"Most small businesses believe that providing employees with the technology necessary to work remotely is expensive, a security threat, a logistical nightmare and basically out of their league," says Simon Presswell, MD EMEA of Citrix Online.

Ruth Bowen, who is the head of EMEA compliance team at IT security company Symantec says that there are several risks that organisations need to take in to account.

The first of these is the user's physical location and the risks associated with a laptop or other device outside the confines of the organisation's physical premises but in most cases unlimited access to resources.

"This risk can easily be mitigated through the deployment and enforcement of screen savers which are password protected. User education can also help to ensure that they lock their device when they leave it unattended," she says.

Another risk to take into to consideration is data while it's at rest, when we say at rest we mean data that has been copied from the enterprise onto either the remote device or onto some form of removable storage.

"It is imperative that the organisation knows both what data has been accessed and if it's stored securely in the event of a theft or accidental loss," says Bowen. "The way enterprises can understand what has been accessed by a particular user is through strong audit logs at the file server, application server or database server layer."

The data held on the device should be ideally encrypted using industry standard and accepted encryption technologies - this may be through 'virtual volume' type encryption or through the more secure full disk encryption. These are many products available on the market today that can satisfy this requirement.

Recent news of laptop theft only underlines the importance of encrypting data when it is outside of the protective domain of the corporate network.

"Nationwide has already suffered a hefty fine from the FSA for losing customer details. Yet you'd be surprised by the number of employees who continue to carry sensitive information on their laptop or PDA without it being encrypted," says Damian Coyle, General Manager EMEA of encryption company GuardianEdge.

"California already has a data breach notification law which requires businesses to let their customers know if there is a data breach. While we do not have a law in the UK, the EU is already looking into such legislation."

Years ago, the landscape was simpler. People went to work in offices and the network they accessed was closed off from the outside world. Data was backed up onto tape and securely shipped offsite. The main worry for most organisations was what would happen to data if the headquarters burnt down. Disaster recovery plans meant a second site where tapes could be loaded up onto new computers and workers could start working again with the minimum of hassle.

Email to a friend

Print this page