It doesn’t matter if you’re back in the office, you’ve still got holes in your security, writes Henk Olivier, MD of Ozone Information Technology Distribution.
This year has introduced a bunch of new words for the organisation – ‘new normal’, remote working, global pandemic. They aren’t particularly well-loved words right now, either. Everyone is tired of working in the so-called new normal and most are fed up with lockdowns, restrictions and the pandemic as a whole. But as lockdowns and restrictions ease, both in South Africa and abroad, there is one word that must remain an absolute priority for the business – security.
Even as people return back to work, hauling their battered laptops and lives onto the highways and into the sanitised office spaces, security must remain at the top of every list and discussion. The first important consideration is physical security. As technology travels between the office and the home, it’s essential that organisations establish who is responsible for the physical security and insurance of devices. This is complicated right now because many of the devices being used by companies are actually owned by employees. The rapid rush to optimise the work from home environment has created a tangle between what belongs to the company, what belongs to the employee, and who is supposed to protect what.
Then it comes down to the information that’s resting on these devices. Who is responsible for this security? In the event that the device belongs to the employee, legally companies have very little control over the information that sits on the laptop or how that laptop is used. As many companies are still juggling a balance between office and home, this is becoming an increasingly important consideration. If the employee is using a company device, then the security and the use of that device is entirely at the company’s discretion. However, if the device belongs to the employee, everybody is entering fairly murky waters that may or may not work in the company’s favour.
The best bet is to establish, right now, the boundaries around work data and personal data and to offer the employee some tools and support when it comes to managing the information and the device security. This should come with very clearly outlined rules around what constitutes company property and overall security hygiene. After all, a stupid mistake that exposes a device will not just impact on the company. The best bet is to have full control over the hardware and the software and to implement regulations that manage their use and their security.
Within this mix enters the need for policies and procedures that guide how equipment is used, data protection, and security behaviour. The employee has a huge responsibility to protect the data and equipment when working from home so the onus is also on the company to give them the frameworks they need to operate securely. The same applies to virtual security and behaviour – implement software and practices that ensure people know exactly what is and is not allowed online.
Finally, work with employees, not against them. Establish software update protocols, let them know how to dispose of printed information and documents securely, give them data management and storage systems that help them manage it more securely, and create defined processes that take the mystery out of security. Ultimately, ensuring that devices and data are secured works in everybody’s favour. And, as companies toy with the idea of allowing more flexible working practices and become increasingly open to ongoing remote working arrangements, these rules and regulations will set the tone for the future.