Featuring fresh takes and real-time analysis from HuffPost's signature lineup of contributors
Norman Shaw

GET UPDATES FROM Norman Shaw
 

The Olympic Challenge Ahead of British Businesses: How the Games Represent a Major Challenge for Data Security

Posted: 5/04/2012 13:42

Remote working is nothing new, but with technology making it increasingly easy for employees to work from home, we're coming to a stage where it will soon be the norm.

The first big, nationwide test for remote working in the UK is approaching, with the Olympic Games expected to bring the masses to London, pushing the capital's capacity to its limits.

There are fears that the volume of visitors will take their toll on transport into London. To prevent the city from grinding to a halt at peak times, the Games' organisers and the Government have urged businesses in London to allow their employees to consider remote working during the Olympic period.

But the challenge for business is that as soon as data roams, or is taken out of a company's centrally controlled security system, there's risk. A survey conducted by Computer Business Review recently found that nearly three quarters of respondents allowed flexible workers to use devices not supplied by the company. If these devices do not have business quality security software installed, the risk of data loss through human error increases.

The loss of a mobile data device can lead to a variety of problems especially when people don't admit to losing their USB drives. Often employees in this situation simply keep quiet and hope no one notices. So the size of the risk, and possible exposure to security compromises, remains largely unknown. In Germany, the individual as well as the organisation that employs them would be liable to monetary fines for such a cover up. UK law is not as strict and does not punish the individual, so businesses need to be even more cautious when allowing employees to remotely access their data.

The usual answer to protection from lost USB keys is encryption. But that doesn't go far enough. Even if your organisation uses encryption products, your data is still at significant risk from exposure. A survey by the Ponemon Institute for Intel revealed that 56% of IT managers admitted to often having their device's encryption turned off. Furthermore, there is no way to be able to prove a lost device has been encrypted without recovering it. And when such a memory key ends up in the hands of malicious users who possess enough technical knowledge, encryption can be overcome by, for example, using a computer with a limited user account and a specially configured local security policy.

Once a malicious user is in possession of the secure data, as well as copying and exploiting anything of a sensitive nature, it's possible to put malware onto the keys and send them back into circulation. Security giant Sophos, in looking at 50 USB keys bought in a lost property auction, discovered that over two-thirds contained malware. How can businesses be sure that the same employees who lost their devices won't simply acquire a replacement riddled with viruses, Trojan horses and worms? Again, there is unquantified exposure to risk.

Of course, people can and will always make mistakes, like leaving devices in their clothing or misplacing them. Data security experts Credant Technologies recently found that over 17,000 USB memory keys had been left in over 500 launderettes and dry-cleaners throughout the UK - a 400% increase over the previous year.

But businesses can protect themselves against these mistakes through readily-available solutions. USB keys exist that can have their memory turned on, off or deleted remotely and can be located through inbuilt GPS technology.

Businesses do have the power to avoid future data losses but the solution is just as much about educating people one as providing the right technology.

The good news is that a number of businesses have already made real progress on education around remote working and data security. Research from Cisco found that one fifth of respondents were considering flexible working during the Olympics, with over half already thinking about the collaboration technologies that they would need.

Big corporations are leading the way. One major initiative has come from O2. In February of this year it let 2,500 of its staff - a quarter of its total workforce - work from home. O2 allowed employees to use their own technology, so long as it has been registered with its IT group, and has since revealed that the initiative was an 'astonishing success'. The results of a staff survey showed that 2,000 hours of commuting time was saved during the experiment, although it does remain to be seen whether any important data was lost during this experiment.

So while the London Olympic Games represent a huge opportunity for businesses to embrace flexible working, they also represent a major security challenge. While this summer could be the start of a new age of flexible working, the transport load removed from the city's infrastructure may simply be dumped as data onto private companies' networks, requiring a wholesale rethink of security.

 

Follow Norman Shaw on Twitter: www.twitter.com/exacttrak

FOLLOW UK TECH