Could a positive note be struck out of the RMT strike for business practice?

Opinion by Dan Raywood

For those of you located in the capital you will undoubtedly be impacted by the RMT strike action that has caused chaos in London.

For those of you located in the capital you will undoubtedly be impacted by the RMT strike action that has caused chaos in London.


I am not about to get into political debate about the rights and wrongs of the strike, but much like when Britain was hit by snowstorms earlier this year, the inability to get to the office does bring about the conversations on remote access and the security implications.


Steve Watts, co-founder of IT security specialist SecurEnvoy, said: “When tube strikes send the capital into chaos, people need a way to keep working securely, and businesses need to know exactly who is accessing the company network - we've seen enough examples of lost data recently to understand why it matters.


“Being able to keep trading during a crisis is essential for survival in a harsh business climate. Industrial action is unavoidable, but the response to such an emergency must be controlled, with users gaining secure access to their information until the panic is over."


With remote access comes the questions about security, and how secure the applications being used are when they are not controlled by the office IT infrastructure. Aside from arguments about people having efficient anti-virus on their PCs and the use of USB sticks to carry information out of the office, the major debate at this time is about access.


James Blake, chief product strategist at Mimecast, claimed that the financial impact of the strike should act as a wake-up call to UK companies to put in place an effective business continuity strategy.


Blake said: “Yes, access for the remote workforce has been improving in recent years due to several new offerings including cloud computing, however, often staff do not have access to reliable remote facilities. There are also several security threats that must be considered when providing remote access to workers.”


Blake pointed out the use of Outlook Web Access, the use of which requires IT departments to ‘punch a hole in the firewall' as it frequently introduces vulnerabilities due to its reliability on Internet Information Services.


“Companies can experience several issues to do with Outlook Web Access stripping valid attachments off of emails. Additionally, users cannot access historical archived email and generally cannot search as quickly as needed if several users are logging on remotely at once,” said Blake


He further claimed that users who utilise Virtual Private Networks to access their email servers can find themselves unable to connect from remote locations due to the inability of networking equipment to pass through the connection. 


This will result in users finding themselves unable to use WiFi connections to retrieve email and instead having to rely on expensive 3G connections that can easily consume an entire month's data allowance just receiving one or two large attachments.


Another analyst claimed that the need for secure remote access leads to a solution in the cloud. Jonathan Wilkinson, messaging security EMEA & APAC at Websense, claimed that as many businesses become increasingly mobile overall, and employees access company confidential information remotely, via the cloud or other hosted Web 2.0 services, it is vital that IT directors recognise the importance of enabling their workforce to embrace Web 2.0 technologies.


Wilkinson said: “The challenge is to recognise that whilst there is certainly responsibility on the part of the end user to ensure that they are sharing and communicating company data responsibly, responsibility also lies with IT directors to ensure that users are sufficiently educated on best practices surrounding the safe use of Web 2.0 and that effective protection is provided to mitigate the risk of data stealing malware whilst outside of the network.”


What there is no doubt about is that this is a timely reminder to be aware of remote access issues, and if it is not a priority at the moment it may be worth considering making it one in case of future incidents such as this.


However the impact of the RMT strike does not end just with issues around remote access. Owen Cole, technical director of U&I at F5 Networks, claimed that the sporting events impacted over the 48 hours – including the ICC Twenty20 cricket and the 2010 World Cup qualifiers – could be a window of opportunity for malicious attacks.


Cole said: “We have seen in previous years malicious attacks centred around big sporting events, with users targeted through URLs offering 'free live streaming' and 'live update scores'; the Beijing Olympics were a great example of these dangers.


“The prevalence of malware-hosting sites, for the purposes of forming bot networks, data theft or whatever else, means organisations need to ensure IT best practice is still being followed even when its workers are outside the corporate network. The message needs to get out that safe surfing, secure corporate network connectivity and other best practice guidelines need to be adhered to at home as well as at the office.”


As Cole says, this is a problem impacting home and office workers, particularly with Wimbledon just around the corner. In an ideal world things would run smoothly – transport, web access, attacks – but as we have seen, this is not the case, and come Friday there may be some realisations made on business practice.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events