Working from home is increasingly common – but few firms address the risks to corporate data, according to new research from storage company Iron Mountain.
Iron Mountain claims that up to two-thirds of employees work from home in Europe at least part of the time – but a mere 18% of firms offer guidance on how to protect information outside the office, or even of what electronic data should not leave the office, according to a survey of 2,000 workers.
Just 17% of films have a formal policy regarding working from home – and more than two thirds (67%) failed to provide secure access to company intranets, according to CBR Online’s report. One in four provide no equipment or training for home workers.
Dealing with sensitive data from home on unsecured machines carries many of the same risks as employees “bringing their own devices” to the workplace – known as BYOD. A recent report found that one in four employees used no security measures whatsoever on “BYOD” devices
ESET Senior Security Researcher Stephen Cobb said, in a detailed blog post describing the risks of BYOD, “The phenomenon of organizations allowing or encouraging their employees to use their own computing devices for work–known as Bring Your Own Device, or BYOD–is now widespread in many countries, bringing with it some serious risks to company networks and data.”
One in 10 users also admitted to working from unsecured public Wi-Fi networks – and 7% admitted to sending and receiving work documents over public networks.
ESET Distinguished Researcher Aryeh Gorestky says, “It is possible that someone might be monitoring and capturing network traffic going through the “free” Wi-Fi connection, for reasons ranging from questionable to illegal, (depending upon your jurisdiction, such as (injecting targeted advertising into web pages to the outright malevolent, such as stealing credentials for email, financial institutions and so forth.”
Christian Toon, risk and security, Iron Mountain said: “Firms are allowing their most precious business asset – their information – to leave the workplace for a non-secure environment. “It is vital that companies broaden their secure information management processes to account for home offices and remote working.”
Author Rob Waugh, We Live Security