- Security TWENTY
- Women in Security
Most organisations in the UK recognise problems with mobile and remote working, according to a survey of IT decision makers for a data security product company. And nearly one in five (18pc) suggest their mobile workers don’t care about security.
All (100pc) surveyed noted that they had employees who work remotely at least some of the time, with an average of over a third (37pc) of staff members who do so. With an increase in the numbers working remotely, this means more data moving beyond the confines of the corporate network, and organisations need to ensure that any data, be it at rest, or on the move, remains secure, says Apricorn, the Californian manufacturer of software-free, 256-bit AES XTS hardware-encrypted USB drives.
While many are taking steps, such as security policies for mobile working and bring-your-own-device (BYOD), to ensure their data is protected, just under half of respondents (44pc) still agree that their organisation expects their mobile workers to expose them to the risk of a breach. Roughly a third (32pc) say that their organisation has already experienced a data loss or breach as a direct result of mobile working and, to add to this, three in ten, 30 percent of respondents from organisations where the General Data Protection Regulation (GDPR) applies are concerned that mobile working is an area that will most likely cause them to be non-compliant.
More than half, 53 percent cited that one of their top three biggest problems with remote working is due to the complexity and management of the technology that employees need and use. Over half (54pc) say that while their organisation’s mobile workers are willing to comply with requests relating to security measures, employees lack the necessary skills or technologies required to keep data safe. Nearly a third (29pc) take the radical approach of physically blocking all removable media, and a further 22pc ask employees not to use removable media although they have no technology to enforce this.
Jon Fielding, Managing Director, EMEA, Apricorn said: “The number of organisations blocking removable media has increased compared with responses to the same question in 2017, when 18pc said they were physically blocking all removable devices. A unilateral ban is not the solution and ignores the problem altogether whilst presenting a barrier to effective working. Instead, businesses should identify corporately approved, hardware encrypted devices that are only provided to staff with a justified business case. The approved devices should then be whitelisted on the IT infrastructure, blocking access to all non-approved media.”
Despite security policies, mobile working can still leave organisations open to the risk of a data breach, the IT product firm suggests. Half (50pc) of respondents admitted one of the three biggest problems with mobile working is that they cannot be certain their data is adequately secured. Only around half enforce and are completely confident in their encrypted data in transit (52pc), in the cloud (52pc) and at rest (51pc).
Fielding added: “Whilst the new GDPR legislation requires the pseudonymisation and encryption of personal data, encryption is not a new concept, and keeping data secure has always been imperative to any organisation handling sensitive information. Organisations are simply not following security best practices. They need to implement and enforce policies and provide employee training to ensure compliance with data protection regulations. Failing to put processes in place is putting confidential data at risk and with the GDPR legislation in place, organisations face the prospect of being fined even before a breach has occurred.”