Flexible working: what does it mean for information security?
Last month, the Government announced that flexible working schemes would now be open to all employees, not just those with families. That means more staff than ever now have the potential to work outside the office. And as summer is now well underway, this is often a time of year when employees are allowed to work from home in order to look after their families or take advantage of the good weather. It’s great to see businesses move to improve employee satisfaction and productivity by helping staff achieve favourable work-life balances, but what does this mean for information security?
In Shred-it’s annual Security Tracker research published in July this year, we found that 37% of SMEs do not have a policy in place for employees working off site or at home. That means that employees who are working on-the-go or at home do not have guidelines advising them on how to deal with confidential information in locations outside of the workplace. This poses a great risk to information security and could be putting businesses at risk of a data security breach.
If your company is one of those without a flexible working policy then now is the time to think about implementing one. A robust information security policy that takes into account the rise of flexible working will help your business to protect the sensitive information of your clients and employees, while also safeguarding your assets against the legal, financial and reputational damage of a breach.
However, it is not enough to simply enact a flexible working policy; if your employees do not understand what the policy entails then it will be more difficult for them to abide by it. From encouraging staff to return confidential documents to the office for safe and secure disposal to outlining best practice with respect to handling corporate devices such as laptops and mobiles, it is important that your flexible working policy is clear and well-understood through comprehensive training.
Shred-it has put together some guidelines to help your business tackle the issue of data vulnerability through off-site work activity. These guidelines help organisations to reflect upon their current data protection procedures and to ensure that all confidential information stays that way.
Top tips for information security in the mobile workforce:
- Assume all business documents are confidential – and should be removed from the office only if necessary.
- Bring all confidential documents back to the office to be securely disposed of and shredded by a reputable data destruction provider.
- Implement a clean-desk policy at home: lock away confidential documents and work devices when not in use.
- Avoid printing confidential information from laptops or other computers.
- Install encryption technology on all storage devices.
- Be sure your security settings as well as passwords and firewalls protect devices with internet connections.
- When working in a public area, be conscientious about protecting devices and information. Take particular care if you are working in communal public spaces over this period such as coffee shops or the park – don’t leave anything behind or in public bins.
Do you have a flexible working policy in your workplace. Tell us on Twitter @Shredit_Uk. For more information, check out our newsletter on risks posed by mobile working and what you can do to avoid them.