Over the past 10 years, we have seen a change in employee’s day-to-day working habits across almost every industry. Changes to working practices and technology have seen businesses choosing to arm their staff with the tools needed to work from any location at any time.
This way of working has a multitude of benefits including greater flexibility, freedom and the ability to exchange information immediately. However, workplaces are now also faced with new risks and challenges for employers, especially in relation to data protection obligations.
The University of Glasgow released research showing that large amounts of sensitive information was easily extractable from a sample of mobile phones belonging to employees of a global fortune 500 company. With the right equipment and knowhow, hackers can gain access to a nearby mobile phone in less than 30 seconds and mirror the device or install malware.
The danger of work mobiles and laptops
Providing staff with laptops to use off premises or allowing them to access their work emails via their smartphone reinforces the idea that staff will be accessing business information outside of the office.
Employers need to ensure there are strict security measures in place before this is permitted; you don’t want to be left open to data breaches which could lead to substantial penalties from the Information Commissioner's office (ICO).
Take a look at these tips to ensure your security is protected even when employees are accessing sensitive information on their mobile phones or laptops.
Carry out an audit
Carry out an audit of current behaviours in and out of the workplace. Ask for your employees to confirm how they access data, and what security measures they currently have in place. You can use this audit to identify possible areas of concern and plan how you can work on changing them.
The type of questions you can ask include:
- Do devices used outside the office possess the same security capabilities as office-based desktops?
- If employees use corporate-issued mobile devices, are there controls and policies in place to prevent them from installing their own applications?
- If employees are allowed to install their own software or applications on corporate-issued devices, are there processes to check that they are legitimate and not malware?
Review your policies
Once you have completed an audit on the habits of your employees, you will then be able to recognise key weaknesses in security. The next move should be to work out how you can improve the security of your employee’s personal hand-held electronic devices.
This includes reviewing policies pertaining to IT security, data protection, retention of records, e-mail, acceptable use, and staff disciplinary procedures. Completing these procedures is worth it to ensure you have the all right guidelines in place, and can prove this to the ICO.
Create policies that address what happens next if breaches are detected by a employee using their mobile or a laptop. Make sure they are able to be implemented with the appropriate speed and effectiveness necessary.
Confirm that encryption is a requirement
If you don’t already have one, make sure you create an encryption policy that ensures your sensitive data is not easily accessible. Encryption provides an enhanced level of assurance that your data cannot be discovered by unauthorised parties in the event of theft, loss or interception.
Ensure that all work laptops and employees’ mobile phones have their data protected against hackers through encryption security.
Provide the right level of staff training
In a perfect world, all your staff would already be fully au fait with data protection and the use of encryption technology. In reality, you will have to provide training and help with the application of security measures.
Arrange security training that will advise your employees on the importance of data protection and the consequences of not sticking to procedures. Ensure staff awareness of your security requirements through training, notices, and regular reminders. All staff should be aware of privacy and security risks in their use of mobile devices and laptops.
Don’t make the headlines
Data security is never far from the headlines, and even small companies can be at risk to their sensitive data being accessed. Make sure you do everything you can to ensure that you are protected.
Identify weaknesses, create policies that deal with them, fully train your staff on how to deal with their devices and defend against hacking by encrypting your information. This way, even in the worst case scenario, you can show the information commissioner's office that you took all the precautions necessary to protect your information.
Rosa Mitchell is a content writer for Renjo
Photo credit: wk1003mike / Shutterstock