Trust and security of remote workers

• Article 31 of 33
• SC Magazine, December 2012
• View the original article online

Page 1 | Page 2 | All 2 Pages

A survey of 2,000 people conducted by Check Point in November found that of those who sometimes or frequently work away from the office, 34 per cent regularly forward material to personal email accounts so they can continue working elsewhere; 40 per cent check work email regularly on personal phones or tablets; 33 per cent carry work-related data on unencrypted USB sticks; and 17 per cent use cloud storage services such as Dropbox.

This is despite the fact that 25 per cent of workers say their company's IT policy specifically forbids such actions, while a further 23 per cent either do not know if their company has an IT security policy, or are not aware of what their company's IT policy states.

As a result, 50 per cent of British people say their trust in government and public sector bodies has been diminished while 44 per cent per cent say their trust in private sector companies has been reduced as the result of breaches and losses of personal data over the past five years; 77 per cent of people would prefer to buy goods or services from a company that had not suffered a data breach, with only 12 per cent saying that it was not important to them whether a company had suffered a breach.

At a roundtable held by Check Point to discuss these issues, contributors suggested a number of ways to deal with these problems. Kevin Bailey, research director for European security software at IDC, argued that while an organisation has to trust its employees to some extent, as well as those intent on being malicious, there are those who might be socially engineered and those acting incorrectly but innocently.

These people have to be protected and the organisation has to protect itself from them, too. "In God we trust - for everyone else, there's the end point."

Martin Pickford, head of technology security solutions at EE, added that education in combination with contracts is important. "People need to be aware of the rules and they need to be reminded. But if they go bad, they go bad and you can't stop that."

Andy Lucas, a partner at law firm SNR Denton, agreed, arguing that organisations should "trust no one but trust in the contract". While security can be enforced technologically and physically, ultimately, it's only if there's a legal way to enforce security policies internally that security can hope to succeed, since at least some people will always be willing to try to circumvent security for both good and bad reasons.

It's a suggestion picked up by Pickford: "People have to understand that they'll lose their job."

However, Bring Your Own Device (BYOD) and mobile working are blurring the boundaries between employees' work and personal lives. These two trends have their benefits, for both employers and employees: employers get more flexible working patterns, can spend less on hardware and support, and can potentially access more powerful technology than they would otherwise have been able to afford; employees can work the way they like when they like on devices that they're familiar with and they don't have to have two of everything.

Peter Warren, chairman of the Cyber Security Research Institute, suggested that BYOD can actually help with security. "You will only get people to buy in to security if it's their responsibility to look after a device." An employee is far less likely to lose their own computer or smartphone than they are a company-provided one, particularly a 'CrippleBerry' that is more of an inhibitor to flexible working than an enabler.

Page 1 | Page 2 | All 2 Pages