Flexible, Safe And Secure?

by Martin Allen - MD of Pointsec - Monday, 15 August 2005.
Bookmark and Share

The recent publication of the authoritative Acas and DTI sponsored workplace employment relations survey (WERS) 2004, highlighted the fact that the number of workplaces offering staff the opportunity to work flexibly has almost doubled in the last six years and the trend is being boosted by government legislation.

There is a growing realisation among employers that ‘productive work’ and ‘access to corporate systems’ does not equate to ‘physical presence in the office’ and there is a better way of working that addresses some of the issues of achieving a work/life balance.

The world is opening up, as the ‘workplace’ is redefined from being a common static location, which everyone travels to every day, to the ‘place where staff can work productively without making un-necessary journeys’.

The spread of Broadband, Wifi, etc. means that employees can now access the same information in a remote location as they could historically at an office desk.


Reports can be written, email dealt with, databases updated and consulted, etc. even while the employee sits at home, in their car, or even in a park or hotel in a foreign country and often more productively as they are without the distractions of an open plan office.

However, there is a ‘price’ to pay for all this flexibility and not just in monthly payments to ISPs or buying new portables for everyone. That price is vigilance and security.

Lack of either will lead to someone saying something along the lines of: “Everything was fine until _____.”

The first issue of flexible working starts as soon as staff leave the office to visit a client, or go home carrying any device that can store valuable or sensitive information including notebook computers, PDAs, Smartphones, USB tokens and CDs. It follows the basic rule of life that ‘anything being carried will, sometime during its life, be:

  • Dropped
  • Temporarily misplaced
  • Left behind
  • Stolen
A risk analysis will quickly identify that it is preventing unauthorised people using the portable ICT equipment to gain access to corporate networks and the actual data itself that are the critical things we have to protect, not the actual equipment, which get cheaper to replace every week. This should be written into the “Security Policy” so that everyone is aware of what information and equipment is allowed in the teleworking environment.

 1  |  2  |   Next page >>