Today more and more companies are facing both the benefits numerous challenges of having employees working offsite. While that option has become increasingly popular due to cutting on office space overhead and overall organizational morale, it can pose major compromises when it comes to data security and internal threats regarding compliance policies. These employees could be contractors, “field” employees, work-at-home employees, or entire satellite offices across the globe. Even if your organization has no formal work-from-home program, over 83% of employees report in a recent study that they completed at least a portion of their work from their home during 2012. This raises issues regarding how to securely transmit data between locations, how to protect data when the endpoint is not connected to a network, how to ensure time is used efficiently while offsite, and how to track which files users access when they connect remotely.
While some organizations provide staff with secure, company-owned laptops, many workers, particularly those working remotely or on a freelance basis, will be working from their own home computer. This poses a major compromise for that organization, as home computers are unlikely to have the best firewalls, encryption protocols or virus scanners typically installed on corporate-issued hardware. However, even those organization-owned devices installed with good defensive technology designed to safeguard confidential data is not always completely secure. Team members can abuse, or completely disregard how these security installations or compliance regulations should be utilized effectively.
According to a study by the Ponemon Institute, while corporate entities appear to overvalue encryption and its role in preventing data breaches, many cripple its effectiveness by improperly circumventing the technology, creating weak passwords or using insecure wireless connections. Adding insult to injury, a recent poll conducted for the Office of the Privacy Commissioner of Canada, found that 42% of businesses surveyed are not concerned about security breaches. This lack of concern almost certainly guarantees that the necessary protocols and compliance regulations are not being monitored.
Regardless of size, any organization which allows its team members, even high privileged ones, to take confidential information outside of the office is potentially at risk of a security breach. If your organization currently allows its members to work from home or while traveling, or if staff are able to access social networking sites from a work device or store company information on USB keys (a dangerous temptation towards idle time), then your organization’s data web is at risk. Most large institutions allow members to work away from the office, which means confidential documents, in both hard and electronic format are taken offsite, away from existing security measures that the office provides.
Even in the case of hard copies never actually being removed, other variables may create additional threats for data loss: those team members working from home will, most likely, be creating documents containing sensitive information, and even if those documents are deleted once complete, the document is not permanently removed from the computer hard drive memory. Many large-scale data breaches are caused by leftover backup information storage.
In modern organizations, mobile devices have also become a standard practice, not only among personal use among employees, but as part of daily use for regular protocol procedures. Many tools originally developed to improve the work productivity and employee work-life balance have inadvertently become major gateways towards potential insider threats, as well. Aside from infecting an organization’s system with malware, personal devices such as cell phones and tablets facilitate copying of company data. When an employee decides to quit, copies of company data often stay on these devices, leading to dangerous levels of undetectable data loss.
Amazing amounts of time, manpower, infrastructure, and log-monitoring are dedicated to continuous compliance maintenance and the struggle becomes all the more difficult when preparing for an audit. Soon, properly monitoring your own team’s compliance practices can become an overwhelming, fulltime task. Additionally, investigating potential issues occurring on endpoint, be it malware or data loss red flags, becomes substantially more difficult and time-consuming when you do not have access to the endpoint itself.
The innerActiv Solution for Managing Offsite Employees:
innerActiv addresses all of these concerns by allowing your organization to tailor a monitoring plan to tackle your specific offsite needs whether it’s an entire international office or a client meeting at the coffee shop. With a fully customizable functionality, innerActiv allows protections and monitoring put in place by your organization to remain active whether or not the endpoint is connected to your network or if it’s even connected at all. This ensures that any suspect activity is still noted and compliance policy is still enforced, Should suspect activity be detected, whether malware-related, data loss related, or productivity related, quick steps can be taken to gather data from the endpoint regarding the issue or investigate the cause without any action required by the user.
innerActiv’s highly customizable rules allow for keyword identification in only the locations that concern you most to dramatically reduce false positives and excess noise. Our innerActiv full security suite has been specifically designed to cover every angle of your organization’s potential threat zones, and its unique functionality keeps you in full control.
We’ll alert you immediately if a user copies sensitive data from an application, attempts to print or email sensitive documents, or relocates your data to an unsecured location. With our unique system, you’ll always be in the loop when it comes to your organization’s most important intelligence and data.