In an age where technology has transformed the workplace and employees can work from anywhere at any time from different devices, businesses are facing new challenges to their cybersecurity. People working away from the office may use a combination of business assigned equipment along with their own personal laptops, PCs, tablets or mobiles which might not be protected adequately or are shared with other family members, increasing the risk of data becoming exposed to information-gathering malware. According to a recent survey by HPE, 31 per cent of people have lost corporate data via mobile device misuse, emphasising the need for companies to ensure that there are strong policies in place to allow employees to work flexibly safely.
Communication and education
It is vital when creating a cybersecurity policy for flexible working that businesses understand what is required, the desired outcomes and the obstacles that may be faced for both employee and employer. Staff need to be educated on policies for using business and personal devices remotely, informed of which applications and websites are permitted for business use and situations where access to company networks or data is prohibited. Workers also need to be educated about who to contact in their company in the event of an issue or data breach.
Understand your data and who needs to handle it
Businesses need to categorise data and limit access based on the role the employee is playing in the organisation. Personal and sensitive data must only be used in-line with the consents agreed. Policies must prohibit the communication of company documents/data using employees’ personal emails and prohibit the storage of that data on any personal cloud storage sites. The IT team may enable Server level Encryption to provide a further layer of data protection.
Check your Wi-Fi
Open and free Wi-Fi is available at most hotels, coffee shops and some restaurants, and so is commonly used by flexible workers for getting work done on the go. Many people may have auto-attached set-up on their devices, for convenience. However, once attached to a free unknown Wi-Fi connection, account login details could be compromised. Public Wi-Fi connections often do not require authentication and are therefore vulnerable to ‘evil twin’ Wi-Fi attacks, where hackers set up a fake network to mirror the real one, and can steal account names, passwords, and intercept files, causing damage to company reputations or compromising a business’ network. Flexible workers should set devices to ask for user permission to connect and rely only on trusted Wi-Fi networks or connect via a 4G connection on their own mobile device.
Play it safe
The basic security measures of device login/authentication at startup and after devices are idle must be in place, along with remote wipe capability to enable the IT team to cleanse ‘lost’ devices. Additionally, ensuring automatic software and antivirus updates are in place and local firewalls configured to safeguard against malware and viruses provides a solid base for employees to work from.
Secure private cloud technology that enables collaboration between colleagues to continue working even while away from the office is an easy way to ensure data and the business network are segregated. Businesses should enable multi-factor authentication for these applications in order to safeguard against the compromising of login credentials. This can occur because some applications now support multiple devices and allow workers to be logged-in across multiple devices concurrently. If login credentials are compromised, someone could be accessing accounts alongside the worker.
By implementing clear policies and educating workers on simple ways to employ cybersecurity best practice, businesses will ensure employees can reap the benefits of working flexibly and foster a more productive and satisfied workforce.
Chris Martin, CTO at PowWowNow
Be the first to comment