Security on the Move – Written by Jon Fielding, Managing Director, Apricorn EMEA
It is impossible to ignore the importance of mobile working in any forward-looking business strategy. Businesses are keen to reap the rewards of this trend and believe that in addition to cost reductions, they can benefit from increased levels of staff retention and morale, pass on environmental benefits and access a wider talent pool than ever before.
That said – ‘all that glitters is not gold’, and the increase in mobile working could spell trouble for our nation’s IT infrastructure?
Security and mobility go hand in hand
Apricorn recently conducted further research into the growing threats posed by mobile and remote workers, and the results were troublesome to say the least. The surveyed IT decision makers noted that eighty nine percent of surveyed organisations have experienced a data breach, and human error is still the prevailing cause.
With remote working becoming common practice in the workplace, organisations need to be prepared to secure their intellectual property as the corporate network moves beyond the confines of the office walls. However, almost half of organisations’ (47%) remote workers have knowingly put corporate data at risk of a breach, and over a third (34%) of respondents stated that their organisation’s mobile/remote workers don’t care about security – a staggering sixteen percent increase compared with findings from the previous year.
Almost two thirds (63%) of respondents noting that human error was the main cause of a data breach within their organisation – be it mobile workers, unintentional error, or employees with malicious intent. With data breaches now an almost daily occurrence, and more and more data on the go, are businesses implementing security best practices to protect their biggest asset?
Tackling the Problem
Software and hardware security controls, as long as they are kept up to date, can provide a good level of security. Human beings, however, are nowhere near as reliable. As numerous data breaches have shown, human fallibility is the number one risk to a business’s data security.
Laptops, smartphones and USB storage devices have rapidly increased in capability, but the risks are equally mounting. Devices taken and used beyond the network perimeter are more prone to loss and theft, and the users are often unaware or ignorant of the security threat to the information they house, making these devices highly vulnerable to attack.
However, it is neither practical nor expedient, to ban the use of such devices with a remote workforce. If a user needs to add/remove data, how else are they going to be able to do so? If they’re using their own devices to work from – this problem is exacerbated further.
Organisations need to tackle the problem head on. Firstly, by implementing and enforcing an organisation-wide approach to all forms of removable media, mobile devices (including those provided by the employee or contractor themselves), and the way they are handled within flexible working practices.
Policies and processes can then be updated or created, as appropriate, to address any gaps identified. These ought to be simple to grasp and to follow, and clearly set out. Policies should cover the types of mobile devices, removable hard drives and USB storage devices allowed by the business, and how they must be used. Tools should include a mandated mobile storage device featuring strong encryption. Their use can be enforced through policies such as locking down USB ports so they can accept only corporately approved, FIPS certified, hardware encrypted devices.
Educating employees in the value of the data they work with will help to build a culture of accountability. Employees are an organisations’ biggest asset, but they can also be the biggest liability. When it comes to the mobile workforce and data security, employees should be trained on the secure use of their mobile and removable devices and the necessity to follow the corporate security policy at all times.
Organisations must monitor how data is processed, stored, retrieved and deleted in order to remedy any shortcomings and ultimately avoid a costly data breach. Remote working is now common practice in the 21st century and businesses should be adopting a security strategy that keeps pace.