Ten years ago the dawn of a new decade brought with it a trickle of employees requiring the ability to access information while away from the office. Today the focus is how best to exploit the trend for flexible working practices and utilise an increasingly mobile workforce, securely, writes Andy Cordial, managing director at Origin Storage.
The severe weather conditions at the start of 2010 forced many employees to work from home. Most accessed the corporate infrastructure using mobile devices such as netbooks and Blackberries.
According to a report in The Times, business groups warned that the January snowfall could cost the economy nearly £2bn, but that would be the tip of the iceberg if the sensitive data was leaked during the big freeze.
In January, the Information Commissioner's Office (ICO) revealed it was to be granted new powers, which have been approved by the secretary of state for justice and laid before parliament. From the start of the new tax year (6 April), the ICO can order organisations to pay £500,000 as a penalty for serious breaches of the Data Protection Act.
With mobile devices considered manna from heaven to workers seeking flexibility, they have become a plague for the information security professionals trying to secure them. USB memory sticks are easily available, often without any security features, which users can use to carry and transfer massive amounts of data. Worms and other malware are being discovered that target iPhones - one example is a worm that targets iPhones to steal banking data and enlists the device in a botnet, although at the moment this is thought to be limited to the Dutch online bank ING. However, the major cause of data breaches is theft of mobile devices, especially laptops, with tens of thousands stolen every year, often containing sensitive data that require public disclosure as a data breach.
It is in the organisation's favour to embrace an employee's enthusiasm to spend their own time completing tasks at home - especially when snowed in, or even unwell. The hard bit is to do so securely.
Someone who wants to transfer data from the safe confines of the corporate environment will do so, with or without your blessing - they have got a tool in their pocket and they are willing to use it. Organisations need to recognise this fact and counteract it.
The first step is to educate the workforce on the risks this practice exposes the organisation to and then facilitate the process to allow them to do so securely.
Just as there are a multitude of devices designed to carry data, so is there assorted technology to secure it. The challenge is to pick one that provides the right level of protection for your data, balanced with ease of use for your employees - if it is inadequate, then why waste your money? Too complicated and it will be circumnavigated. By providing the workforce with a tool to carry data in the first instance, the employee has no reason to use their own inadequately protected device, thus allowing the organisation choice of how the data is secured.
The ICO recommends that portable and mobile devices used to store and transmit personal information should be protected using approved encryption methods which are designed to guard against the compromise of information. The belief in this technology is so strong that, where data breaches occur and encryption has not been used to protect the data, it publicly states enforcement action will be pursued.
This was first published in February 2010