Security Dangers of Remote Working

1. Working outside the office is a growing trend

As home working grows in popularity, organisations that fail to adequately plan for those employees who wish to work outside of the traditional office environment are putting themselves at greater risk of a security breach taking place.

Such breaches can be the result of technical or human error, with the causes ranging from an insecure internet connection, a lost or stolen USB device or the failure to shred paper documents containing sensitive data. Despite the rise in home working many employees who work remotely may not have considered how policies and procedures related to the treatment of confidential information should be applied outside of the confines of the office.

“While flexible working offers employees many benefits allowing employees to work from home or while travelling poses a greater threat to security than most companies realise,” says Robert Guice, Vice President of Shred-it EMEA. “Unfortunately, without proper encryption, firewalls and document destruction policies in place, employees working outside of the office could be leaving their organisation at greater risk of a security breach.”

2. Potential dangers of working off-site

While some businesses provide staff with secure, company-owned laptops, many employees, particularly those working remotely on an ad hoc basis, will be working from their own home computer. This poses a significant risk, as home computers are unlikely to have the firewalls, data encryption or virus scanners that are typically installed on company-owned computers.

However, even company-owned devices installed with defensive technology designed to safeguard confidential data are not always 100 per cent secure. Companies can often disregard guidelines on how these tools should be used appropriately and effectively. According to a study by Ponemon Institute LLC, 65 per cent of business managers write their encryption password down or share it with other individuals and 50 per cent of business managers have disengaged their laptop’s encryption solution.

At the same time research undertaken by the organisers of the recent National Identity Fraud Prevention Week found that just 56 per cent of businesses have put in place a clear policy on how to handle documents with sensitive information. Without a strict information storage policy, companies are putting themselves, their clients’ and their employees at risk.

3. Which Businesses Are At Risk?

Regardless of size, any company which allows employees to take confidential information outside of the office is potentially at risk of a security breach. If your business allows employees to work from home or while travelling, or if staff are able to access social networking sites from a work device, or store company information on USB keys, then your company information is at risk.

While the focus may be on electronic documents the risk associated with paper documents should not be overlooked. Paper containing confidential information can be misplaced, stolen or improperly destroyed, leaving company and client information exposed, increasing the potential risk of a security breach.

So what are the key areas of concern that lead to security breaches?

• Most large corporations allow employees to work away from the office, which means confidential documents, in both hard and electronic format are taken away from the security of the office.
• Employees working from home will be creating documents containing sensitive information (budgets, spreadsheets, client data, etc). Even if they delete these documents once complete, the document will remain on the computer hard drive memory.
• While electronic copies can fall into the wrong hands, the biggest risk of a security breach is still posed by hard copy paper documents. By their very nature, home-based businesses and small start-ups do not have the capacity that large businesses have to ensure the security of their internet, electronic documents and paper documents.

4. Recommendations from Shred-it:

There are a number of ways an organisation can secure its confidential data when employees are working off site:

1. Prepare guidelines – either in-house or via a third party - on secure information destruction for employees working offsite.
2. Implement a shred-all policy for employees to ensure that all documents or other private information is securely destroyed to prevent the risk of a security breach.
3. Train your employees in best practices in secure information management and destruction. Ensure all employees clearly understand what constitutes confidential information and the consequences to the business if a data breach were to take place.
4. Limit access to confidential data by handling this information on a ‘need to know’ basis and keep a record of which individuals have access to confidential information.
5. Enlist the services of a third-party shredding company to visit employees that work offsite and pick up paper documents that are no longer needed. A third party shredding service will guarantee that documents are locked in secure consoles until shredded and then properly recycled.
6. Ensure that all files, laptops and internet connections are password-protected with a secure password and activated security settings and firewalls.
7. If employees must use a USB key, ensure that employees have downloaded encryption technology onto the USB, which combined with a user password will ensure that data stored on the device is safeguarded should it be lost or stolen.
8. Ensure employees overwrite their data to make sure that it is completely deleted from their computer. Provide and run a hard-drive wiping software which will ensure that hard drives are totally clean.
9. Ensure background checks are undertaken for all employees with access to sensitive data.
10. Encourage employees who regularly work from home to consider putting in place a lockable mailbox.

5. Get smart about working away from the office

Offering your staff the option of working remotely is seen as a real benefit by many employees looking to better manage their work/life balance. However, ensuring that any employee working off site is able to apply the same rigorous information security procedures as those working on site is a challenge.

While technology and encryption are part of the answer, data loss and identity theft is too often caused by human error, rather than through the failure of a technical device. By creating policies that follow the document destruction life-cycle, ensuring that confidential data is safely and securely stored from the moment it is created, to the time it is no longer needed and destroyed, every organisation can better protect its own confidential information and that of its clients.