Offices are no longer filled with deskbound staff - continued advancement in PDA, mobile and smartphone technology is fuelling the remote working revolution. And it's a revolution that shows no sign of slowing down. Tim Belfall, Condico, considers the security implications of this change in work habits.
Continuing changes in working habits mean more and more sensitive date is leaving the office - and even MI5's best and brightest have lost portable devices with valuable information on them.
Mobile devices are great productivity enhancers, but only when managed properly. Many IT managers find their mobile estate is almost out of control, with different manufacturers, OSs and networks represented. It's not helped by a growing army of remote workers who are increasingly tech savvy and regularly introduce personal gadgets into the corporate field.
The recent proliferation of stories about corporate security breaches should act as a stark warning to all companies whose staff use remote devices.
In August, the Department of Health admitted to losing 11 mobile phones and four PDAs, while the MoD has misplaced ten mobiles in the last year. And the Taxi Survey, last carried out in 2005, revealed that more than 63,000 mobile phones were left in the back of London black cabs in six months, along with 5,800 PDAs.
So while many companies still struggle to mange their laptops, they now need to control increasingly sophisticated SmartPhones. Technological improvements mean that more data can be stored on smaller equipment.
It is likely that your PDA is capable of holding as much data as your laptop could a few years ago. When phones were a new technology and handsets were larger, they were harder to lose. Now they can easily fall out of a pocket or be stolen from a handbag.
Losing such a device is considerably more than a minor inconvenience. And even the address book in the simplest of handsets can contain some of your organisation's most valuable data.
For instance, if any of your sales team were to leave their mobile phone, with all their contacts stored in, lying around at a trade show, any number of your competitors could pick it up and retrieve profit-damaging data.
Nor is theft or loss the only problem. Viruses can now target mobile units specifically, erasing data from them. Even worse, if your employees are accessing corporate networks through their mobiles, new cross-over viruses can quickly transfer from the handsets to networks. In short, one unprotected device can be capable of bringing down the whole system.
It is vital for companies to think of ways of securing the records stored and accessed on these now irreplaceable devices. Safeguarding their sensitive data against accidental loss, opportunist theft, corporate espionage and malware is imperative.
So how do you avoid becoming one of the 'data in motion' casualties?
The one line answer.... mobile device management.
Among other things, mobile device management (MDM) offers a centralised solution to the security problems of all a company's handheld units. It can't prevent your devices being lost, but MDM can minimise the risk of the data being accessed by unauthorised sources if it happens.
Device management systems can centrally manage the security functions on all of your employee's remote equipment. Improvements to anti-virus software and programmes can be made en masse to all of the company's handsets with a few mouse clicks, so there is no longer a need for staff to bring their devices in individually for upgrades.
MDM provides a number of solutions to aid in the protection of a misplaced gadget. Remote locking stops valuable data being accessed on lost devices. So, as soon as your employee realises that their smartphone is still in the taxi, their kit can be locked with one quick call to the office, protecting the data from prying eyes.
If your employee is lucky enough to retrieve their handsets, they can use a pre-enabled hotkey, go through their security verification and their device, complete with all its information, can be restored to full use. And if the smartphone is gone forever, all the data can be wiped from it.
Records can also be backed up using MDM so that when a new handset is issued it can be put to use straightaway - with all valuable contacts, appointments, texts and emails still there.
The increase of mobile device use also opens up a world of time-wasting avenues. If your staff are spending their work day accessing social networking pages, sites with inappropriate or offensive content or any other website that does not comply with company policy, MDM administrators have the added benefit of receiving alerts prompting urgent action. Thus preventing time wasting, embarrassment to the company and minimising the risk of viruses.
Far from being an expensive outsourcing project, an MDM system can easily be managed by an organisation's existing IT help desk.
Rogue mobiles and random gadgets have long been an IT headache. But with MDM the cure has finally arrived.
The high profile hall of shame
A bad week for the security services: March 2000
You could be forgiven for expecting MI5 and MI6's officers to be blunder proof when it comes to their data. But in early 2000 the intelligence services experienced several catastrophic security breaches. A laptop containing secret information regarding Northern Ireland was snatched from an MI5 officer at Paddington Station. Fortunately for MI5, the ensuing investigation determined the theft to be opportunistic and not a targeted incident. A security increase followed.
But the increase in security could not eradicate the possibility of human error. An MI6 officer misplaced his laptop containing classified data in a London taxi after drinking in a bar near the organisations headquarters. Loss of data and reputation was the result.
The Ernst & Young fiasco: 2006
If MI5 and MI6 had a bad week, it was nothing compared to Ernst & Young's bad year. Throughout 2006 the company was repeatedly reported to have lost customer data, including 250,000 credit card numbers through loss or theft of laptops.
In February a company laptop containing the social security numbers of its customers was stolen. Staff at Cisco, IBM, BP and Nokia's US staff were affected - as was Sun Microsystems CEO Scott McNealey.
This was followed in March when another company laptop, with more social security numbers and tax identifiers was stolen from an Ernst & Young employee's car.
In May another computer was stolen in Texas containing data on 243,000 Hotels.com customers - including names, addresses and some credit or debit card information.
Nationwide pays the price for lax security: August 2006
Almost as soon as the storm died down over Ernst & Young, Nationwide reiterated how important it is to secure sensitive data. A laptop containing the details of 11 million customers was stolen from a bank employee.
The Financial Services Authority administered a £980,000 fine to the company and said, 'The failure to manage or monitor downloads of very large amounts of data onto portable storage devices meant that Nationwide had limited control over information held in this way or how it was used'.
