Matt Johnson, Operations & Services Director, discusses the IT security issues involved in flexible working
With the tax man clamping down on many of the traditional employee benefits, increased awareness of the environmental impact of business travel and a focus on achieving that elusive work-life balance, a growing number of employers are offering flexible working to their staff and providing remote access to the company’s IT network. The flooding experienced across Britain at the start of the summer and the threat of congestion charging in cities outside London has also led to many business owners welcoming flexibility with open arms.
However, this set up can greatly increase the possibility of a security breach and businesses need to train their employees in how to reduce this risk, as, despite complex security appliances, it is often the relatively simple things that can leave a company exposed.
Passwords are a good example of this. When used correctly, they can have a greater impact on the safety of a company’s data than firewalls and security appliances. However, if people are not taught how to use them properly, they immediately become the greatest weakness in a company’s security system and leave your precious, confidential data vulnerable to malicious intruders.
Simple, dictionary-based passwords can be broken in a matter of minutes with current hackers’ tools, which are widely available to download from the Internet. Using your pet’s name, your child’s name or your favourite football team as a password is little better than using no password at all. Unless a “strong” password policy is enforced to control and limit access to your data, you are leaving your organisation open to abuse. This means insisting on passwords that are difficult to guess by hackers or crack with computer programmes, such as those with a mixture of cases, letters, numerals and special characters.
The level of security on an employee’s home computer must also be monitored and one of the most common security breaches comes from the use of USB data sticks and disks to transfer information from home to work or vice versa. Even an employee plugging in an MP3 player or digital camera to a company laptop or computer can carry a certain level of risk, and a comprehensive policy should be in place to cover IT systems both in and out of the office. Employers should also provide guidance on the use of peripheral devices so that those working from home do not unwittingly compromise company security.
Flexible working can have a hugely positive impact on staff morale, productivity and employee retention. However, employers should ensure that they have a rigorous network security system in place before bringing in any home-working policy to avoid exposing confidential data to unnecessary risk.