There is a growing realisation among employers that ‘productive work’ and ‘access to corporate systems’ does not equate to ‘physical presence in the office’ and there is a better way of working that addresses some of the issues of achieving a work/life balance.
The world is opening up, as the ‘workplace’ is redefined from being a common static location, which everyone travels to every day, to the ‘place where staff can work productively without making un-necessary journeys’.
The spread of Broadband, Wifi, etc. means that employees can now access the same information in a remote location as they could historically at an office desk.
Reports can be written, email dealt with, databases updated and consulted, etc. even while the employee sits at home, in their car, or even in a park or hotel in a foreign country and often more productively as they are without the distractions of an open plan office.
However, there is a ‘price’ to pay for all this flexibility and not just in monthly payments to ISPs or buying new portables for everyone. That price is vigilance and security.
Lack of either will lead to someone saying something along the lines of: “Everything was fine until _____.”
The first issue of flexible working starts as soon as staff leave the office to visit a client, or go home carrying any device that can store valuable or sensitive information including notebook computers, PDAs, Smartphones, USB tokens and CDs. It follows the basic rule of life that ‘anything being carried will, sometime during its life, be:
- Temporarily misplaced
- Left behind
So we must ensure that users take certain mandatory actions including:
- backing up their data on a regular basis.
- implementing on-board security features and installing additional password access to corporate data & communication programmes (pre-supplied security on hardware can be got around, so additional measures are required).
- encrypting the data.
- Network security should also include a VPN (corp firewall), Personal firewall, Antivirus/anti-spyware.
Transparency can be achieved by only allowing ‘certified’ equipment to be used to access the corporate system(s). Certification is achieved by the IT section ensuring that both password and encryption software are installed and running and cannot be by-passed by the user.
They can also install sub-routines that ensure data is backed-up automatically to a remote location at set intervals.
This makes the processes both mandatory and transparent, as the user does not have to decide what should, or should not be encrypted, or backed-up and is therefore adhered to as in the security policy.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.