Browse archive

Latest news

Yahoo ID recycling could lead to trouble

Cookie Clearinghouse to enable user choice for online tracking

Pirate Bay co-founder sentenced for hacking Swedish companies

Ultra-fast online backup from GFI Software

Tool for IT challenges and legal requests

CloudSigma introduces transparent private patching to public cloud

Microsoft to pay up to 150k for vulnerabilities

(IN)SECURE Magazine issue 38 released

Collected data helped foil 50 terrorist plots, says NSA chief

65+ websites compromised to deliver malvertising

Customized spam uses cell phone users’ data against them

Oracle releases critical security updates for Java

Hacking charge stations for electric cars

Flexible, Safe And Secure?

by Martin Allen - MD of Pointsec - Monday, 15 August 2005.

The recent publication of the authoritative Acas and DTI sponsored workplace employment relations survey (WERS) 2004, highlighted the fact that the number of workplaces offering staff the opportunity to work flexibly has almost doubled in the last six years and the trend is being boosted by government legislation.

There is a growing realisation among employers that ‘productive work’ and ‘access to corporate systems’ does not equate to ‘physical presence in the office’ and there is a better way of working that addresses some of the issues of achieving a work/life balance.

The world is opening up, as the ‘workplace’ is redefined from being a common static location, which everyone travels to every day, to the ‘place where staff can work productively without making un-necessary journeys’.

The spread of Broadband, Wifi, etc. means that employees can now access the same information in a remote location as they could historically at an office desk.

Reports can be written, email dealt with, databases updated and consulted, etc. even while the employee sits at home, in their car, or even in a park or hotel in a foreign country and often more productively as they are without the distractions of an open plan office.

However, there is a ‘price’ to pay for all this flexibility and not just in monthly payments to ISPs or buying new portables for everyone. That price is vigilance and security.

Lack of either will lead to someone saying something along the lines of: “Everything was fine until _____.”

The first issue of flexible working starts as soon as staff leave the office to visit a client, or go home carrying any device that can store valuable or sensitive information including notebook computers, PDAs, Smartphones, USB tokens and CDs. It follows the basic rule of life that ‘anything being carried will, sometime during its life, be:

Dropped
Temporarily misplaced
Left behind
Stolen

A risk analysis will quickly identify that it is preventing unauthorised people using the portable ICT equipment to gain access to corporate networks and the actual data itself that are the critical things we have to protect, not the actual equipment, which get cheaper to replace every week. This should be written into the “Security Policy” so that everyone is aware of what information and equipment is allowed in the teleworking environment.