Having employees who work from home is becoming increasingly common but a new report from storage company Iron Mountain suggests that very few firms address the associated information security challenges.
The company’s research reveals that close to two thirds of Europe’s workforce (I’m surprised its that high a figure) now spend some or all of their time working from home. Shockingly, however, only 18% of firms offer up any guidance to employees on what sort of paperwork or electronic data is permitted to leave the office environment. The survey of 2,000 workers also discovered that only seventeen per cent of businesses had a formal homeworking policy.
“Firms are allowing their most precious business asset — their information — to leave the workplace for a non-secure environment.”
Christian Toon, Risk and Security, Iron Mountain
The study also highlighted how 60% of homeworkers were not provided with the right type of IT equipment to do their jobs with almost one in four not receiving any equipment whatsoever. Alarmingly, two thirds of those surveyed also revealed how their companies did not provide secure intranet access.
The iron Mountain report also highlighted how many businesses are allowing risky behaviour with 50% allowing employees to use their personal email accounts to send and receive work correspondence. Twenty-nine per cent of those surveyed said they had left business documents lying around their house with 19% saying that they had thrown company paperwork in their household bin.
One in ten of the respondents said they regularly worked from coffee shops and other locations where the Wi-Fi network was not secured and some 7% said they used such networks even when sending and receiving corporate data.
“Once out of the office, information management best practices, such as the secure storage and destruction of documents, go out the window. It is vital that companies broaden their secure information management processes to account for home offices and remote working. Information security is not all about the IT. Don’t forget the paper ─ fail to do so and the biggest threat to your information might turn out to be your employee’s rubbish bin.”
Allowing employees to work from home carries many risks as identified above and is, potentially, at least as dangerous as bring your own device (BYOD) only without the possibility of any kind of oversight it seems.
Any business that is considering an environment in which their staff can work from home some or all of the time would be well advised to put some thought into the security implications of such a stance and to then provide a framework of policies and guidance to ensure that the risks to their data are minimised.
Such a framework could incude a clear and concise security policy defining how business communications should only be conducted on corporate email accounts and using a secure network. There should also be written guidelines on what type of information is permitted to leave the office and how unneeded documentation should be disposed of in a secure manner.
Additionally, staff should be trained and retrained on such policies on a regular basis and, perhaps, given a more general education in terms of security awareness. This could prove invaluable as policies are often not updated as often as they should be in the face of the never ending march forward of new technology.