Why a flexible workplace requires a new approach to IT security
The freedom to work without being tied to the office or office hours appeals to most of us - a flexible workplace. But a more mobile work also places new demands on the IT department. IT must manage mobile workers who connect to company servers from unknown networks on a plethora of mobile devices. At the same time, they demand that mobile working be easy and user-friendly. How does this affect the company's IT security?
Without exaggeration, we can say that IT security is becoming more and more important. Typewriters, ring binders and time clocks have been replaced by laptops, cloud storage and untethered working time. Now we work when we want and where we want. But new ways of working mean new kinds of threats that need to be managed in a thoughtful way.
A flexible workplace uses many devices, both safe and unsafe
Everyone wants to use the device that suits them best at the time. Inside the office, it's usually the computer provided by the company and controlled by the IT department. On the bus home or in a café, using a tablet or mobile phone may be more appealing. Away from home, it may be tempting to work on the children's gaming computer, which is, after all, the most powerful in the house. From an IT security perspective, this leads to a number of challenges that the IT department needs to address. Are mobile phones and tablets being used that IT has control over or are they private devices that may not even have a PIN on the screen lock? Which computers can be considered secure? One of the challenges for the IT department is to keep track of which devices are being used and by whom, so that the wrong people don't access the company's systems and data. Another is to set guidelines on which devices can access the company's servers and services. Something as simple as a lost phone or tablet can be a major security risk.
Constantly connected without a thought for network security in a flexible workplace
The mobile worker is expected, and expects, to be connected everywhere, virtually all the time. The perceived need for constant connectivity is only increasing. How many times has it been logged onto an open network and then connected to the company's cloud services, without a thought for security? Probably just to quickly check email or read through a document before a customer meeting. How secure is a home network against attacks and intrusions and who has access to the network? Any insecure network increases the risk of attack and places greater demands on network monitoring by the IT department.
Shadow IT in the grey area of security
One of the challenges of mobile working is that employees expect to have access to data outside the company's firewalls. It can be tempting to put files on Dropbox or iCloud, making it easy to access the file outside the company network. Once a file is on a public cloud service, questions arise about who owns the account and who has access to it. Business-critical and sensitive data can end up in places beyond the control of the IT department, and from there it can spread. There are also questions about backups and what happens if someone quits? Who deletes files or ensures that the latest version is on the company server?
Secure logins and passwords can be a false sense of security
Although most online services and servers require qualified passwords, security is not guaranteed. All too often, login details are written down on slips of paper and in unencrypted documents that are kept around. There are plenty of plugins and apps that store usernames and passwords under a master account without the IT department having any control over the security of the service. But by far the most common password and security snafu is that many people have the same login and password for several, if not all, applications and services. If one server or service is hacked, the chances are that all the others are hacked in the same second.
Security for all companies, and we do mean ALL companies, must be central and continuous. Not least in a flexible workplace. It's not a one-off effort with new firewalls, new anti-virus licences and a password policy - it's much more than that. It's about how you work, where you work and what tools you use. Processes and procedures for dealing with threats and breaches need to be in place before anything happens.
--
At AddPro, we understand the importance of working with security. We want to help all businesses protect their users and data. Want to know more about how you can work securely and create a flexible workplace? Download our guide here, or attend our SecureIT workshop and take control of your security - register here.
