I was reading an interesting article in SC Magazine about how a transportation strike in London may be a cause for data loss in the workplace. The article quotes Mark Darvill, director at AEP Networks, saying about the strike that “… will drive employees to take vast amounts of confidential data out of the office leading to ‘briefcases around the capital becoming data loss ticking timebombs’.”
I never really thought about a strike, or bad weather, or even a holiday being a potential security breach. Many of us take information home on our laptops to work during the evenings or weekends. Much of it is not confidential, but there is probably a percentage that is. It may depend on the industry you are in. If you are in financial services or healthcare, you probably have access to more confidential information on customers or patients than someone in the transportation business.
Most businesses and government agencies have procedures for handling confidential and private information as long as you are inside the company or agency. If you have to work on something at home, there is usually a VPN to connect you to the company network. That’s good for email and databases, but a lot of us tend to copy things locally when we work on them. Even if they’re stored in a document management system, when you check them out, they are on your laptop.
Of course one answer to this is to never let anyone copy these documents onto laptops or other portable devices. That might sound good, but it’s not practical. There is a tradeoff of productivity versus security. If there’s a snowstorm and I can’t get to my place of business, I still need to work, so I need access to documents. If I have to go on an airplane, the same is true. If I can’t, nothing gets done.
So how can you make sure that a tube strike doesn’t open your company up to a potential data breach?
First make sure that any communications between workers at home and the business is through a secure connection, like a VPN. If you have web based access to information, either using SaaS or an on-premise application, make sure it’s using https.
Next, make sure that any documents going home are encrypted using an Enterprise Digital Rights Management system to control their access. Even if they get into the wild, you can shut down their access, so they are useless to anyone other than the intended recipient.
Last is to make sure all anti-virus and malware software is current and functioning on laptops, desktops and servers. This way a worker at home can’t accidentally upload a virus or malware into the corporate network.
This way you can let employees be productive when a strike hits your city or town, without worrying about giving away the keys to the castle.
Photo credit Annie Mole