Protect, Don’t Block – By Jon Fielding, Managing Director, EMEA Apricorn
Mobile working in the UK is on the verge of a ‘tipping point’ at which it will be more common to work away from the office, and desk-based working will be the exception rather than the rule, according to a report from the Work Foundation at Lancaster University. The report predicts that more than seventy percent of employees will be working remotely by 2020.
In line with this, all (100%) of the IT decision makers surveyed as part of research conducted by Apricorn in 2018 said their organisation had employees who work remotely at least some of the time. An increase in the numbers working remotely means more data moving beyond the confines of the corporate network, and organisations need to ensure that any data, be it at rest or on the move, remains secure.
The security implications of remote and flexible working are an ongoing challenge, and the burgeoning enterprise landscape already stretches across mobile phones and tablets. With more employees working on the go, organisations are tasked with the monumental challenge of providing secure access to corporate networks from hundreds of different endpoints.
So how do organisations tackle the challenge? Last year, IBM announced that it would be blocking all USB devices across every employee site globally. It cited two issues as reasons behind the decision: one, it was worried about loss, and secondly, it was worried about misuse. In both cases the main concern was the damage that could be caused to the reputation and finances of the company. This is rather a blunt tool to solve the problem, however, and businesses should instead look to protect these devices rather than blocking their use altogether.
In a further survey by Apricorn this year, nearly 1 in 10 respondents (7%) tell employees they are not allowed to use removable media, but do not have the technology in place to physically block them. This in stark comparison to last year’s findings in which nearly a third of organisations (29%) took the radical approach of physically blocking all removable media. This demonstrates that businesses have recognised that a unilateral ban is not the solution. It ignores the problem altogether and presents a barrier to effective working.
There will always be an element of risk associated with mobile working. With the combination of work devices and work-enabled personal devices, the risk of corporate data falling into the wrong hands is high. Employees losing memory sticks or leaving laptops on trains are all high probabilities, and, inevitably, these devices will contain data not meant for prying eyes. If data isn’t encrypted, its integrity can easily and quickly be compromised. If you encrypt the data in hardware on the device, however, then the data is inaccessible to anybody other than the person who is authorised to access it.
So, rather than blocking mobile devices, organisations should incorporate and enforce information security policies and procedures that cover all types of removable media, mobile devices and flexible working, setting out clearly how they must be used. This could involve mandating the use of corporately approved hardware encrypted USB sticks, for example, and providing them only to employees that have a valid business case for using a device of this type. IT can also lock down ports on their corporate machines, so they can only accept the approved device.
This is a much more pragmatic approach to effectively managing the risks and avoids business practice being restricted by denying people the ability to take the data across a USB port.
Technology has evolved to allow employees to access their work anywhere, anytime, and organisations need to ensure that their policies and employees evolve at the same pace by providing staff with the technologies and secure processes to work both remotely and securely.