By Kerry Cole
It is more important than ever that employees understand the significance of information security and the part they can play in reducing the risks to sensitive data.
The concept of “the office” has expanded. And employee awareness about how to secure company information must expand with it.
To keep your network and information secure, given these new workstyles, you can’t rely solely on BYOD policies or stronger company security technology. Things like dual-factor authentication and mobile device management (MDM) systems are certainly important, but truly the most important security measure is a well informed and aware end user.
Precisely because iWorkers want to work anywhere, anytime, it is critical to address how the locations, technologies and styles they prefer can present risks to information. With the different ways of accessing corporate networks, employees are increasingly your first line of defense against cyber thieves and data breaches.
When working “out and about”
To increase productivity, today’s workers require greater and more timely access to information. There is an increasing amount of work done “out and about.” Whether that means working at home, from a hotel or airport, or in transit, it generally involves public — or at least non-corporate — networks and servers.
A good example is using “free Internet” while traveling. Unfortunately, free Wi-Fi hotspots are also hotbeds of criminal and malicious activity, such as eavesdropping on your web browsing and email communications. Unless you’re careful, anyone connected to the same hotspot as you can listen in and steal usernames, passwords, emails or other sensitive corporate information.
Employees should know that one of the best ways to secure communications on free Wi-Fi is to make sure they’re using SSL. SSL communications are indicated by “https” at the beginning of the URL. If SSL is not available, it’s best not to login to corporate accounts at all, let alone send sensitive corporate information across free networks. (This holds true for personal accounts and communications too.)
There are also risks in the use of public computers, like those found at Internet cafés, libraries and shared workspaces. These computers should always be considered unsecure — not only don’t you know who’s responsible for maintenance, but you also don’t know who has been on the system and what they may have loaded. Employees can feel free to use public computers to browse or look something up, but like with free Wi-Fi networks, it’s best not to login to corporate sites or enter any personal information.
When working from home
When employees work from home, whether with a laptop or smartphone, it’s important for them to remember they’re just as responsible for sensitive corporate data as if they were in the office. The theft of intellectual property (IP), trade secrets, customer or donor information, personally identifiable information (PII) and other sensitive data can still cost the company millions — and employees their jobs.
The simplest and safest thing is not taking sensitive corporate information home with you at all. But realistically, working from home involves work which can typically involve important company data. So, employees need to be careful what they do with it — especially when it comes to how they share files.
Many organizations do not support the use of public file-sharing applications like Dropbox, Box.net, YouSendIt, OwnCloud, Minbox, JungleDisk, etc. For many companies, this applies not only to work-from-home scenarios but also to working in the office. Of course, this is a corporate policy decision. But for more secure communications, alternatives such as VPNs or secure shared drives should be used if possible.
If employees use home systems for work, they need to be sure they’re aware of what their kids, spouses and guests are also doing on the system. For example, applications from storefronts and music or video downloads all have the potential to infect a system with malware. Friends and family may unknowingly or accidentally expose a system to malware — and the employee wouldn’t know until it’s too late. (To avoid unknowingly downloading malware, it’s a good idea to educate employees on recognizing a phishing email.)
Mostly – be aware
From a security perspective, working in a public environment while on the road can be especially dangerous. Travel can make us tired and distracted and traveling employees must make sure they don’t succumb to carelessness or negligence. They must be sure not to leave laptops or smartphones sitting around at a conference or other public space, assuming they’re safe. If a device goes missing, it should be reported right away. Even if the sensitive data on the devices is encrypted, the organization must take steps to determine the potential for a breach. Traveling employees should always lock their computers and smartphones and require a password for access.
It is more important than ever that employees understand the significance of information security and the part they can play in reducing the risks to sensitive data. Given the changing workstyles and the technology to work anywhere and anytime, iWorkers need to be more mindful of their environment when accessing sensitive data and how they use public resources.
Keep your data safe, wherever it travels
It is critical to address how the locations, technologies and styles employees prefer can present risks to information.