We've all been on a train where we’ve realised the person next to us is curiously glancing at the work our laptop. Many of us log regularly onto public wi-fi in a coffee shop or at a hotel without thought of using a VPN, or cart a laptop halfway across the world by plane, train, and automobile. And working from home we’re probably all guilty of not following quite the same security protocol from our sofa as we’d be subject to in the office.
We think nothing of this behaviour, acted out every day in our global, mobile, on-the-go world… But we should think again, because a significant number of company security breaches are not the result of a major in-house hacking, but of employees’ devices being compromised while out and about.
As home and mobile working becomes far more the norm, it’s time we took the risks seriously. It is vital that any cyber security-conscious organisation has watertight policies and procedures around home and mobile working in place as a key part of its risk management regime.
A laptop is stolen somewhere in the world every 53 seconds.
That’s not to mention the 70 million smartphones misplaced each year . Swiped in plain sight or accidentally left behind on public transport, at a conference, in a café or even pinched from your business premises.
The confidential data held on mobile devices is often easily accessed on the hard drive with no encryption. Vital user credentials like passwords can also be copied to access and compromise wider company systems. 56% of organisations who have had a laptop lost or stolen say that the theft resulted in a data breach . Not great odds to dice with.
Wandering eyes or slack standards.
You don’t even have to physically lose a remote device to compromise security. Mobile workers in an open, public space can be overlooked, revealing sensitive information or passwords; using public wi-fi without a VPN is Christmas-come-early for a hacker; while a device left unattended is easily tampered with and malicious software installed.
As for home workers, security procedures even your most trusted staff would follow unquestioningly in the office can fall by the wayside when working from home. They might download unverified software onto corporate devices, or simply fail to make critical software updates on your machines.
So what can be done to manage these risks?
Short of banning home working and any device leaving the office (hardly a realistic option), the UK National Cyber Security Centre offers the following advice:
There are also various pieces of physical kit you can supply to limit the risks of mobile device theft, from cable locks to USB port blockers.
Take a belt and braces approach, and keep the risks remote.