Security is a hot button issue for businesses of all sizes and across every industry. IT administrators are attempting to plug leaks, update systems, and plan ahead for new threats – hackers, viruses, and even the NSA make the short list of priorities. Unfortunately, this often leads IT to overlook possible threats posed by internal forces, especially those caused by accidental incidents, particularly related to securing and sharing data outside the business’ network.
The number of remote workers in the U.S. increased by more than 80 percent from 2005 to 2012, and it’s predicted that the number of telecommuters will increase to 3.9 million by 2016, a 21 percent jump from the current level, according to Global Workplace Analytics. A second study by Globalscape found that more than 60 percent of employees knowingly take home confidential data, storing it on insecure devices and accounts – 75 percent believing IT approves of their behavior.
The increase in organizations encouraging or offering telecommuting programs demonstrates a strong, immediate need for secure remote access and file-sharing strategies for the enterprise. Here are five ways businesses can implement and support a secure remote work force, as identified by James Bindseil, president and CEO of GlobalSCAPE, Inc.
Click for five ways businesses can implement and support a secure remote work force, as identified by James Bindseil, president and CEO of GlobalSCAPE, Inc.
Empower employees with the right tools
When left to their own devices, employees are likely to choose more familiar, less secure options (like USB drives and personal email) for managing confidential data and files. The situation gets worse when employees access sensitive files on the road or at home. For the sake of security, it is critical to provide employee-friendly technology that promotes productivity – including mobile applications that integrate with enterprise systems that can provide proper auditing, logging and security controls transparently in the background without changing the habits of the user. For employees just looking to access files, organizations can deploy mobile access tools that allow users to view information stored on the protected corporate network – without having to copy and save the information to their mobile device. Employees will do whatever they need to remain productive, and if organizations fail to provide tools that fit into the daily routines of their staff, employees will find an unsecure workaround for accessing and sharing the files they need.
Establish policies and educate
The fact that nearly three-quarters of employees believe that IT approves of their mishandling of data is unacceptable. Businesses need to invest time in developing and implementing clear policies concerning information security and file sharing – including BYOD and CYOD policies or those that ban inherently insecure devices altogether. At a high-level, develop a policy that covers all areas of data sharing, then drill down into specific areas IT foresees security being a concern. For example, one company may be concerned with the amount of company data stored on personal devices. Another organization may be concerned with employees using personal email accounts to transfer large files. In both cases, it’s up to IT to uncover the risky practice, and provide an alternative that enables the users to conduct their business with little to no interruption in their work flow. Additionally, once a policy is in place, employees should be thoroughly educated around the risks and consequences of operating outside of compliance. It’s safe to assume that most employees don’t understand what is and isn’t considered compliant, or that sharing confidential files through Gmail or Yahoo or storing sensitive data on their smartphones is risky business.
Emphasize that regulation requirements are applicable to all matters concerning company data regardless of what is accessed onsite or at a location outside the network. It is also important to understand that the education needs to be short, clear and related to the end users’ actual business activities so they are compelled to participate in enactment and enforcement of the policies.
Prohibit insecure file sharing and mobile access methods
As an extension of the overarching security policy, IT needs to take a firm stance and block the common insecure methods that employees use to store, share, and manage company files when working remotely. Consumer applications, including Gmail and Dropbox, often fall outside of regulation requirements, and put data at risk of being stolen or accessed. The same is true when employees copy data onto their mobile devices. However, simply blocking risky practices does not go far enough. IT teams need to provide secure alternatives for mobile access and file sharing.
Provide network visibility
Employees need the flexibility to work remotely, but that shouldn’t limit IT’s ability to govern. A major consideration in choosing a secure technology is the level of visibility IT has into what is being accessed and by whom, as well as the power to limit access to certain files. A deep level of visibility is especially critical as it relates to completing regular audits, and knowing what employees are accessing while outside the network.
Developing and maintaining a secure remote work force is an ongoing process. As new tools and policies are introduced to the work force, IT should step back to assess the technologies in place for remote workers. Although the execution of this process falls directly onto IT decision makers, employees must be encouraged to weigh in on what works, what doesn’t and where IT can make improvements. When users have been included in the process of choosing solutions, they will actually feel the ownership mentality that is critical to success.