June 20, 2016
Does your information security plan account for all the security challenges of the remote workplace?
The number of people working remotely has increased swiftly - a trend that looks set to continue. One survey by Virgin Media Business predicted that by 2022 nearly 60% of office-based employees will regularly work from home. While employees will have work flexibility and organisations will have lower overheads, one of the biggest challenges will be information security, according to Shred-it’s 2016 State of the Industry Report.
The report, which draws information security data from the 2016 Information Security Tracker research by Ipsos, warns that many organisations are not prepared. For example, only 41% of C-suites and 32% of small businesses (SMEs) have an information security policy that addresses off-site and flexible work environments.
Tools: Mobile technology is at the heart of the remote workplace. Instead of having a land-line and a desktop in an office, employees in the remote workplace use laptops, USBs and smart phones (their own devices or those provided through the company). An organisation’s ability to effectively manage BYOD security risks and other risks is critical. Employees require training on how to manage and protect mobile tools. For example, never leave devices in vehicles, hotels, restaurants, etc. Proper procedures outside the office must be incorporated into an organisation’s overall approach to information security.
Location: Employees in the remote workplace do their jobs from home, their car, and from public spaces such as coffee shops, planes, and taxis. Organisations must implement strict policies requiring employees to protect confidential information in paper or digital form in any location. Spotlight visual hacking risks from prying eyes, and provide privacy screens for laptops and other mobile devices.
Information handling: Limit confidential information that is physically removed from the office. If possible, use cloud storage to access information from a remote workplace. Otherwise, use encryption for files and electronic devices such as phones and hard drives. Make it policy that all confidential information (for example, boarding passes, printed materials, etc.) is securely destroyed. Whether in paper or digital form, it should be brought to the workplace for proper disposal and destruction.
Connectivity: Employees need to be connected. Implement a policy to never use public Wi-Fi for sensitive work information – connect only to trusted networks. Provide guidelines about social media security too. Sharing information on Facebook and other sites can increase the risk of confidential information getting into the wrong hands.
Hardware management: According to the State of the Industry Report, there should be protocols that govern how redundant electronic hardware is handled. Rather than stockpile old equipment, securely destroy it. The report’s information security stats showed that only 32% of large businesses use a professional destruction service to dispose of obsolete electronic devices; 62% dispose of hard drives, USBs and other electronic devices every two to three months or more.
Security awareness training is one of the most important safeguards for any organisation – to inform employees about best practices whether work is done in a remote workplace or not.