By Jon Fielding, Managing Director, EMEA Apricorn
The ability to be always on, although perhaps not desirable, is vital in improving business operational efficiency. Remote working brings real business benefit to any organisation, improving employee satisfaction and increasing workforce productivity, which ultimately, will have a positive impact on the corporate bottom line.
Unfortunately, IT departments are struggling to constrain the use of employee-owned mobile and removable devices for work activity. Organisations are at risk of losing control of corporate data and setting themselves up for a fall, in the shape of hefty fines and reputational damage as a result of a data breach and non-compliance.
Devices such as laptops, smartphones and USB storage devices have rapidly increased in capability, but the risks are equally mounting. Devices taken and used beyond the network perimeter are more prone to loss and theft, and the users are often unaware, or ignorant ofthe security threat to the information they house, making them highly vulnerable to attack.
As data breaches are now an almost daily occurrence with both large enterprises and SMEs making headlines for compromises to intellectual property,the security of remote workers should be a high priority for any organisation. According to recent research from Apricorn,48 per cent of surveyed companies said employees are their biggest security risk, and one in ten companies with over 3,000 employees do not have a security strategy that covers remote working and BYOD.
It would be expected that the JP Morgan breach in 2014, which saw 83 million customer records compromised after hackers gained access through the computer of an employee working from home, would have set alarm bells ringing, particularly in an industry such as the financial services sector where the potential sky-high rewards make them an obvious target for valuable data.
However, no industry is immune to the risks of a data breach, and when asked about the greatest security risk to their organisation in 2017, more than a third of surveyed organisations said BYOD and mobile working were among the biggest liabilities. The research, conducted by Vanson Bourne, found that 29 per cent of surveyed organisations have already experienced a data loss, or breach, as a direct result of mobile working and as many as 44 per cent expect that employees will lose data and expose their organisation to the risk of a data breach.
People Vs Policy
Organisations are struggling to manage information security risks in light of regulation and compliance issues. Apricorn’s survey revealed that 24 per cent of the surveyed companies were not aware of the impending European General Data Protection Regulation (GDPR), due to come into force in 2018, or its implications. Worryingly, 17 per cent of those who were aware had no plan for compliance. Organisations will benefit by maintaining security standards and keeping abreast of changing compliance mandates to ensure the security of the user, device and the data that it houses.
Mobile security policies should be consistent across all mobile devices, including USB storage, smartphones, and laptops.As one in ten companies, regardless of size, admitted to not having a strategy that covers removable media such as USB sticks, and 23 per cent of organisations admitted that they have no way of enforcing relevant security strategies they have in place, it is clear organisations have a long way to go. IT departments must implement security policies appropriate for the type of device and the information it contains without needlessly constraining personal productivity.
Frustratingly, employees often see security policies as a barrier to productivity. Ensuring they are educated in the secure use of their devices can help employees understand the reasons behind the security policy and enable them help mitigate the risks associated with remote working and avoid the repercussions of a data breach.