By Kerry Cole
Just as the concept of the office has expanded, so must employee awareness about how to secure enterprise information. In a 2014 study of over 1,000 IT and business professionals:
69 percent access business files from smartphones; 66 percent frequently work from home; And 52 percent use public file sharing services.
- 69 percent access business files from smartphones;
- 66 percent frequently work from home;
- And 52 percent use public file sharing services.
To keep your network and information secure, given these new workstyles, you can’t rely solely on BYOD policies or stronger enterprise security technology. Things like dual-factor authentication and mobile device management (MDM) systems are certainly important, but truly the most important security measure is a well-informed and aware end user.
Precisely because iWorkers want to work anywhere, anytime, it is critical to address how the locations, technologies and styles they prefer can present risks to enterprise information. With the different ways of accessing corporate networks, employees are increasingly your first line of defense against cyber thieves and data breaches.
When Working “Out and About”
To increase productivity, provide superior customer service and grow revenue, today’s workers require greater and timely access to business and customer information. There is an increasing amount of work done “out and about.” Whether that means working at home, from a hotel or airport, or in transit, it generally involves public — or at least non-corporate — networks and servers.
A good example is using “free Internet” for business while traveling. Unfortunately, free Wi-Fi hotspots are also hotbeds of criminal and malicious activity, such as eavesdropping on your web browsing and email communications. Unless you’re careful, anyone connected to the same hotspot as you can “listen in” and steal usernames, passwords, emails or other sensitive corporate information.
Employees should know that one of the best ways to secure communications on free WiFi is to make sure they’re using SSL. SSL communications are indicated by “https” at the beginning of the URL. If SSL is not available, it’s best not to log in to corporate accounts at all, let alone send sensitive corporate information across free networks. (This holds true for personal accounts and communications too, as a matter of fact.)
There are also risks in the use of “public computers,” like those found at Internet cafés, libraries and shared workspaces. These computers should always be considered unsecure — not only don’t you know who’s responsible for maintenance, but you also don’t know who has been on the system and what they may have loaded. Employees can feel free to use public computers to browse or look something up, but like with free Wi-Fi networks, it’s best not to log in to corporate sites or enter any personal information.
When Working from Home
When employees work from home, whether with a laptop or smartphone, it’s important for them to remember they’re just as responsible for sensitive corporate data as if they were in the office. The theft of intellectual property (IP), trade secrets, customer or donor information, personally identifiable information (PII) and other sensitive data can still cost the company millions — and employees their jobs.
The simplest and safest thing is not taking sensitive corporate information home with you at all. But realistically, working from home, well, involves work, which can reasonably involve important company data. So employees need to be careful what they do with it — especially when it comes to how they share files.
Many organizations do not support the use of public file-sharing applications like Dropbox, Box.net, YouSendIt, OwnCloud, Minbox, JungleDisk, etc. For many companies, this applies not only to work-from-home scenarios but also to working in the office. Of course, this is a corporate policy decision. But for more secure communications, alternatives such as VPNs or secure shared drives should be used if possible.
If employees use home systems for work, then they need to be sure they’re aware of what their kids and spouses and guests are also doing on the system. For example, applications from storefronts and music or video downloads all have the potential to infect a system with malware. Friends and family may unknowingly or accidentally expose a system to malware — and the employee wouldn’t know until it’s too late. (To avoid unknowingly downloading malware, it’s a good idea to educate employees on recognizing a phishing email.)
Mostly – Be Aware
From a security perspective, working in a public environment while on the road can be especially dangerous. Travel can make us tired and distracted, and traveling employees have to make sure they don’t succumb to carelessness or negligence. They must be sure not to leave laptops or smartphones sitting around at a conference or other public space, assuming they’re safe. If a device goes missing, it should be reported right away. Even if the sensitive data on the devices is encrypted, the organization must take steps to determine the potential for a breach. Traveling employees should always lock their computers and smartphones, and require a password for access.
It is more important than ever that employees understand the significance of information security, and the part they can play in reducing the risks to sensitive enterprise data. Given the changing workstyles and the technology to work anywhere and anytime, iWorkers need to be more mindful of their environment when accessing sensitive data and how they use public resources.