Sun, sea and shadow IT

Chris Mayers provides warnings and advice for firms to help them stay safe as more workers log on when on holiday.

Chris Mayers, chief security architect at Citrix
Chris Mayers, chief security architect at Citrix

A recent study by the Institute of Leadership and Management revealed that three in five employees (61 percent) work while on annual leave – up from 54 percent in 2013. The poll found that more than half of workers now feel obligated to work on holiday – with 64 percent reading and sending emails during their time off, 28 percent taking business phone calls and even eight percent going into the office.

While working on annual leave may seem like a way to save time and reduce the stresses of catching up on the return to work, it is not recommended to maintain a productive and happy work / life balance in the long-term.

That said, those responsible for IT within their firms must be aware of the growing number of people that will still continue to log on while on leave – and the implications this can have on the security of their firm's data. So how can IT safeguard data during this period?

Protect from experimentation

Employees that typically use a laptop at work may choose to use their tablet or smartphone while away for convenience. They are then susceptible to downloading consumer apps to store and access work information on these devices.

When using these ‘shortcut' apps for work purposes, employees can leave their organisations at risk – many of these apps are not as robustly vetted and scrutinised in terms of their security for enterprise activity.

Warn employees from ‘shadow IT support'

There is a growing subculture of shadow IT emerging, in which employees are increasingly following the example of their colleagues – rather than corporate policy – in order to take shortcuts to complete work.

This becomes even more prevalent when workers are about to go on leave – and may take more drastic measures to ‘get the job done' before they go. 

Further, for those unable to complete tasks before they have left for their holiday, they are more likely to call upon their trusted ‘shadow IT support colleagues' than the IT department to help them get access while away – whether it's secure or not.  

Both of these practices potentially leave firms at risk of vulnerabilities, with more staff growing confident of using non-enterprise ready apps and potentially jeopardising important business-critical data.

Passport – check, local currency – check, phone and tablet patched…?

With growing numbers of people accessing corporate data through their own devices, IT must be aware that employees may purchase handsets that are only supported with OS updates for a limited time, or even older devices that manufacturers decide to stop supporting – both of which can result in critical security flaws emerging that are beyond the control of the organisation.

Alongside this, people may switch off automatic updates and patches, due to the amount of bandwidth they take up, or wishing to avoid the possible high data roaming costs abroad. This has the potential to be even more dangerous for enterprises, as employees may be accessing corporate data from devices with outdated and potentially vulnerable software.

IT departments must advise staff to ensure their phones and tablets are patched and up-to-date before they set off, reducing the chances of vulnerabilities when accessing corporate data when away.

Be mindful of holiday scams

With access to holiday services increasingly going online - such as the new digital DVLA vehicle rental procedure, launched following the phase out of old UK paper driving licenses  – it is all too easy for employees, especially when acting hastily, to end up on scam sites by mistake. And with the advanced nature of these organisations' attacks, it's not just a hefty bill that's at stake here.

With the wrong move, the user might end up with malware on their device and risk the company's data being exposed by hackers – which could be extremely costly.

Firms must therefore ensure that they advise all members of staff when going on leave – whether they plan to stay in the UK or not, to ensure their devices are fit for work.

Communication is key here. While it is not advisable that people work while on holiday, the IT department should prepare to enable secure access to corporate data wherever people are – and encourage employees to come forward and ask if they want to complete tasks on the go.

Today, there is a lot more at stake when working away than just completing a report on time, and IT must ensure these risks are effectively communicated across the company, along with practical advice to combat these dangers and ensure safe and secure working from anywhere.

Contributed by Chris Mayers, chief security architect at Citrix