With the UK workforce still predominantly working from home, the concept of how to ensure cyber and information security is as important as ever.
Last summer we conducted research amongst 2000 people in the UK working at home to understand their attitudes and behaviours to data protection and information security.
Scroll down to see the full research results in our Infographic
The results reveal that the threat of an internal information security breach has never been higher.
Nearly three quarters of respondents (72%) said they need to access, share and receive sensitive customer information to do their job.
And yet 1 in 4 claim they ‘rarely or never’ consider data protection issues when sharing information and 1 in 10 UK home workers have little to no understanding of their company’s data policies at all.
Unfortunately, it gets worse…
Not only is this information being shared freely and without a second thought to its security, it’s potentially being placed into systems that have not been subject to the organisation’s procurement process – over a third (36%) of UK home workers have downloaded unapproved software onto computers to communicate with colleagues during homeworking.
This threat isn’t malicious. The people mean the business no harm. But it only takes one mistake by one employee and the business is left wide open to a data breach, which has the potential to do massive reputational damage.
So what can organisations do to protect themselves from these risks?
When the perimeter no longer exists, and people are using shadow IT, the best way to protect the business against a breach is to define the information security policy and secure the data itself.
This starts by gaining total visibility of data at scale, because when an organisation knows exactly what data it has, where it is and who has access to it, data security becomes much easier. By knowing what data is in the estate, organisations can identify areas where remediation actions can be taken, which dramatically reduces the risk of data being compromised.
But they have to go further…
When you consider that remote working is now the norm for everyone, and a lot of organisations have had new starters who have done their inductions remotely, organisations need to do more to promote good data governance as part of business-as-usual.
When organisations have better visibility over their data, they can spot anomalous behaviours and implement automated workflows that nudge people to do the right thing with data; to share and store it in a safe and compliant way.
The pressure of how to mitigate the additional risks that remote working creates is no doubt causing a few sleepless nights for data security and governance professionals.
Remote working is now the norm for many and every home worker is doing everything they can to ensure they are as productive as possible. But, in simply trying to get on as best they can, they might be leaving their business exposed.
Clearly organisations can’t lock their data up in an impenetrable vault – to do so would put a halt to business-as-usual, and that’s going to cause a whole raft of other issues.
But we need to shift the focus from protecting the perimeter of a data estate, which now no longer exists, to finding, controlling and monitoring data. Essentially we need to change the mindset around securing data. The focus must be on better knowledge of what's in your organisation's data, reducing and remediating the amount of unnecessary data within the estate, and targeted education of employees to change their behaviour. It's only by doing these three things that we can enable the data itself to be secured.
With data security embedded into business-as-usual, organisations can allow their remote workforce to get on with their jobs, with the knowledge that the business is protected.