As more users access corporate systems via remote access and wireless
links, IT managers must ensure that good security and privacy systems
are in place, says Madeline Bennett.
On the agenda for next weeks Infosecurity event, remote access and
wireless network ecurity are well represented. This is handy because it
could help firms deal with flexible working rules, introduced across
Europe about a year ago.
As Im sure most organisations are now
aware, these regulations mean employees with young children have a right
to request more flexible working conditions in some cases this could
mean more favourable hours or the opportunity to work from home.
So firms IT departments could be hit with a double whammy if they have
to equip and support scores of new home workers, and deal with requests
from their own staff to take up job sharing or work from home, for
Even if organisations dig in their heels for now and
make it difficult for employees to work more flexibly and operate from
home, other factors could force them to give way.
transport problems on road, rail and tube, and the cost-cutting
potential of reducing office space, could soon push firms to allow more
But recent DTI figures suggest that more home
working definitely equals more IT security headaches. A DTI survey of
1,000 organisations found a quarter used nothing more than the standard
password method to control remote access to corporate systems not the
most sensible or secure way of keeping out unwanted visitors. The
stronger security of two-factor authentication was used by only five
percent of organisations.
Hopefully, before organisations embark
on remote working programmes en masse, or enable employees to connect
wirelessly to corporate networks, they will do so with the appropriate
security controls in place such as virtual private networks (VPNs) and
better authentication processes.
Another weak spot for IT
security highlighted recently is the potential for breaches of data
privacy as a result of offshoring.
Under current rules, European
companies must ensure that their offshoring partners comply with EU data
protection laws. In theory, data held in offshore facilities for EUbased
organisations should have just as much protection as data kept within
the European Union itself.
There have been calls for the EU to do
more policing to ensure that offshored data is indeed protected in this
way. Meanwhile, the Indian government is considering a scheme modelled
on the US Safe Harbor agreement so that Indian organisations and
European customers would operate with guarantees that data would be
guarded in accordance with EU law.
Regardless of whether laws are
being broken, however, breaches of privacy reflect badly on
organisations, which have to explain why they havent protected their
customers sensitive information.
To avoid such embarrassments,
firms should check their contracts with offshore partners to ensure
measures are in place to protect data and they must monitor offshore
activity to ensure the data is indeed protected.Monitoring might include
visits to offshore centres to check first hand that security and privacy
measures, both physical and technical, are put into practice.
When organisations consider offshoring and remote access programmes, one
of the first steps is to assess security and privacy risks and IT
managers should be at the core of these assessments.