Remote working puts business data at risk, study shows

One third of remote-working staff admit losing unsecured mobile devices and putting data at risk, a study shows

Remote working is putting business data at risk, with a third of office workers admitting they have lost unsecured and unencrypted mobile devices in a public place, a study has shown.

One in four employees admitted breaking security policies to work remotely, according to a survey of 1,000 office workers in the UK and Germany commissioned by information security firm Imation.

The survey revealed employees are taking confidential information away from the office without the knowledge of their employer.

Nearly two in five respondents said either they, or someone they know, have lost or had stolen a device in a public place.

Three-quarters of these devices – such as laptops, mobile phones and USB sticks – contained work-related data, including confidential emails (37%), confidential files (34%) and customer data (21%).

Around one in ten lost financial data or access details such as login and password information, exposing even more confidential information to the risk of breach.

Up to three-quarters of respondents said they had taken digital files with them outside work, yet many do not use encryption, password protection or remote wiping to protect the data from unauthorised access.

Read more about remote working

Lack of knowledge or concern

Nearly half of respondents said data is never encrypted when taken out of the office. Three in ten respondents admitted they do not protect their data with passwords, and nearly one in ten workers who take digital files outside of the office do not secure them at all.

Only one in sixteen said they were concerned about losing confidential business data when they take work home.

“Companies may not be aware of the amount of data that’s leaving offices unsecured,” said Nick Banks, vice-president for the EMEA and APAC regions for Imation’s IronKey division.

“Half of respondents said nobody would notice, at least some of the time, if they were to take data away from the office and lose it. It is obvious that poor security and a lack of understanding of what happens to corporate data is putting organisations at risk of a data breach,” he said.

Banks said that – even though eight in ten of the employees interviewed read or write work emails on the move, and around seven in ten work on electronic documents outside their office – businesses fail to provide tools for secure remote working, or put the right security policies in place.

Fewer than six in ten respondents said their organisation had a remote working policy. Of those that did have a policy, over a quarter admitted they had broken the policy to work remotely, either knowingly or unwittingly.

Taking responsibility for data security

Of those who do secure the data they take out the office, just over half said their employer or a third-party supplier provides the remote working security measures. One in five respondents reported that they alone were responsible for providing security measures.

“These figures emphasise the urgent need for businesses to ensure their employees have the necessary tools to work flexibly and securely, without further hindering productivity," said Banks.

"The reality is that people are working in cafes, on planes, in their GPs' waiting rooms and even while they take their children to the park.

“Organisations are tasked with a monumental challenge of providing secure access to corporate networks and data.”

Just 41% of respondents said they either do not have the right tools to work remotely, or that their tools could be improved. Less than a third said they have policies that detail who should be notified when sensitive data is lost.

Read more on Privacy and data protection