Thursday 4 July 2019 5:46 am

In the age of flexible working, how can businesses prevent a cyber security nightmare?

At least half of us are expected to embrace flexible working by 2020, according to the Office for National Statistics. 

This is excellent news for employees who crave the ability to work when and where it suits them. Unfortunately, it might not be such good news for your company’s data security.

Along with the rising popularity of flexible working cultures, there has also been a dramatic increase in data portability. 

Today’s data storage methods and devices are powerful and ultra-convenient – hundreds of gigabytes of data can be stored on mobile devices, more than one terabyte of data can be put on microSD cards, and data can be easily transferred to personal cloud storage services. 

Such technology is so convenient that it straddles the line between helping employees be more collaborative and productive, while also making data so portable that it is difficult to track and protect.

Not surprisingly, while data has become more portable, it has also become more exposed to attacks and breaches. 

Whether this relationship is based on causation or correlation is a moot point. The bottom line is that the risks to data are definitely growing. 

The Data Exposure Report revealed that 61 per cent of chief information security officers (CISOs) admit that their company was breached in the past 18 months – 11 per cent more than the year before. 

Even more concerning is that, among those CISOs, 64 per cent believe that their company will have a public breach in the next 12 months. 

And according to Freedom of Information figures published earlier this week, there was a 1,000 per cent rise in the number of cyber incidents reported by the UK’s financial sector between 2017 and 2018. 

The fact remains that data today is more vulnerable and distributed than it was even a year ago. 

The more often sensitive data moves outside the traditional security perimeter of the office network ­– to personal devices, endpoints or the cloud – the greater the security risk. 

These risks are compounded by the ways in which employees access, share and save data, making it especially difficult for IT security teams to see where data lives and moves. 

So, in the age of flexible working, how do you keep data safe? The answer used to be simple: lock it down. But with today’s distributed workforce, that is not a realistic option. 

To accommodate new, more flexible working patterns, a completely new approach to data security is needed. We know that prevention strategies alone are inadequate because high-value data is lost every day. 

Instead of trying to prevent data from moving outside traditional security perimeters, organisations should focus on gaining visibility over their data lives; when and what data leaves their organisation; and who has access to it. 

The newest generation of data protection strategies are based on how quickly organisations can detect and respond to threats. 

Quick response to threats is especially important during situations when data is at high risk. In particular, businesses need visibility to their data during M&A, organisational changes, and employee departures, as well as when data is accidentally leaked. 

Today’s employees expect flexible working to be the norm, not the exception. If businesses don’t change their approach to security – from prevention to protection – there will be an ongoing problem with employees putting data at risk as they handle, move and save it. 

The data security approaches of today must therefore flex as much as employees’ hours.