U.S. business leaders are unprepared for the increased threat to information security that comes with flexible office environments. A Shred-it study shows that leaders are not providing the protocols and training needed to ensure information remains secure in a mobile work environment.
With the number of mobile workers in the US expected to reach 105 million by 2020, more workers are using the tools of the modern workforce, including laptops, USBs and cloud storage to connect outside the traditional office environment.
The majority of C-suite executives (92%) and just over half of small business owners (SBOs) (58%) have at least some employees using a flexible/offsite working model. Yet, only 31% of C-suite executives and 32% of SBOs said they have an information security policy for both off-site work environments and flexible working areas in place.
Secure storage and destruction
Policies and procedures governing the secure storage and destruction of mobile devices are essential in an organization’s information security policy. While larger U.S. organizations have incorporated this as part of their overall efforts, small businesses have room to improve how they are destroying and storing digital data.
SBOs are more likely to wipe/degauss electronic devices in-house (37%), risking inadvertently exposing the confidential data stored on the hard drive when the device is sent to be recycled or reused. In contrast, their C-suite counterparts follow the best practices for data destruction and almost half (47%) use a professional destruction service to dispose of their unneeded electronic material.
Regularly destroying hardware is another important part of device management as legacy hardware stockpiled and stored in the office is a risk for theft. However, 60% of SBOs only dispose of hard drives, USBs, and other electronic devices containing confidential information less than once a year or never. Comparatively, a majority of C-suite executives (76%) indicate their businesses destroy hardware every two to three months – or more frequently.
While C-suite executives are focused on electronic device and data destruction, they must not become complacent with the storage and destruction of paper documents as their employees are no longer tied to the traditional office. Approximately 46% of C-suite executives report having a protocol for destroying confidential documents adhered to by all employees – a dramatic drop from 2015 where 63% of C-suite executives reported having a protocol in place adhered to by all employees.
To help businesses of all sizes ensure their corporate policies and training around data protection and security keep pace with the evolving work environment, Shred-it is providing seven simple workplace guidelines:
1. Remind employees not to leave hardware or materials in vehicles, hotels, coffee shops or elsewhere.
2. Limit the type of documents that employees can remove from the office, as there is no way to ensure data is secured when outside of the company’s control
3. Encrypt all phones and hard drives, and activate passwords on electronic devices.
4. Perform a regular cleaning of storage facilities and avoid stockpiling unused hard drives.
5. Destroy all unused hard drives using a third-party provider who has a secure chain of custody and confirms destruction.
6. Regularly review your organizations information security policy to incorporate new and emerging forms of electronic media.
7. Schedule on-going training so employees understand best practices for protecting confidential information – in and out of the workplace.
As workforces become more mobile, C-suite executives and SMB owners face similar challenges when it comes to protecting sensitive data. To mitigate the increased risk of an increasingly mobile workforce, businesses of all sizes must be proactive in introducing protocols and training to keep employee, customer and company data safe.