Back in June, Ministers announced plans to extend flexible working in the UK, a positive for productivity maybe but also bringing the issue of information security to the fore once more.
All employees in the UK are now eligible to request flexible working hours. This legislation enables employees to work weekends, evenings, or potentially set up their office from home.
The security implications of remote and flexible working are an on-going challenge; the burgeoning enterprise landscape already stretches across mobiles and tablets. With more employees working from home, or away from the office, organisations are tasked with the monumental challenge of providing secure access to corporate networks.
Whilst technology is already sufficient enough to make remote working a viable option, minimising the amount of sensitive data leaving the company, and reducing the risk of a significant breach, is imperative.
Security and data protection measures can often be overlooked in certain types of flexible arrangements, but securing the mobile workforce is instrumental in the expansion of remote working. A breach of security policy may have far-reaching implications. It is not simply the internal ramifications that need to be addressed, but wider data protection issues.
As the ICO has the right to issue fines of up to £500,000 for serious breaches of the Data Protection Act, ensuring you have a robust and comprehensive security policy in place is crucial.
Securing the mobile office – education, encryption and management
A new generation of mobile workers requires secure, portable workspace environments, and secure mobile device control systems.
It is important that staff are educated on the responsibilities of handling mobile devices and the data security risks that go with them. This will ensure that they can work remotely without risk of a data breach.
However, the future of flexible working is in how we can enable employees to work away from the office with minimal equipment, but with adequately secured data. Carrying a bulky laptop with thousands of unencrypted files, for example, is a disaster waiting to happen.
Whilst user names and passwords are important, if data isn't encrypted, its integrity can easily and quickly be compromised. Businesses also need to be able to manage and track the data when it leaves the organisation.
Encryption and management go hand in hand. Management improves the user experience by automating authentication for lost passwords. Having processes and technologies in place will allow devices to be tracked whenever they are plugged into an Internet-connected PC, and even enable remote kill commands, so that a lost device can be completely disabled from afar.
This means knowing who has accessed the data, from what location and what devices that information resides on. This can be difficult across a fragmented IT estate but it is absolutely essential.
Companies need to be confident that if a device is considered to be compromised they can remotely lock it down, wipe it or initiate a self-destruct sequence to remove the data in order to protect themselves and their stakeholders.
With so many incidents and high profile breaches making the headlines, employees need to take heed of the security-related mistakes of the past. Remote, flexible working is an evolving process, aided by an already mobile workforce benefitting from BYOD.
IT departments need to be sure that their security technology is seamless to the user; so that the security policies put in place will not impact on productivity and hinder employees in their remote working. Businesses should provide mobile workers with the tools they need to remain productive, while ensuring that corporate data is secure.
Technology has evolved to enable employees to access their work anywhere, anytime, via any piece of hardware. Now organisations must ensure they can do the same by provisioning staff with the technologies and secure processes to work flexibly and securely.
By Nick Banks, VP EMEA and APAC Imation Ironkey Solutions