Data security strategies for mobile workers
By Ching Mac
Do security and convenience have to be at odds?
By Ching Mac
Here’s a common workplace situation: an employee wants to work from home because she is having her internet installed at her new apartment. The night before, knowing she won’t have internet access at home, she downloads the files to her personal laptop. Though this is against company policy, she doesn’t think she has any other option — she has to access the files somehow. And without access to her work drive from home, it means a big chunk of productive hours lost. So, knowingly or not, she breaks company policy.
When workers feel technology or security protocols hinder their work, they take one of two common paths: they will bypass protocol and use their own device to complete their work, or their productivity will decrease. When security and convenience are at odds in the workplace, the latter often comes out on top.
This crossroad is typical — and the choice illustrated above is frequent. According to a recent survey from Citrix Canada called The Citrix Cloud and Security Survey, four-in-10 workers feel their employer’s security protocols make it difficult for them to work remotely. The survey, which probed Canadians on their workplace security habits on and offline, also found 63 per cent have shopped or surfed the web on a company device, and 50 per cent have been a victim of a phishing email or an online virus.
This means the opportunity for a breach caused by an employee infraction is likely. For many companies, there is much to lose (from a reputation standpoint and a financial standpoint) if one does occur, in addition to the potential damage for customers whose information is compromised.
But for company executives looking to bolster their security strategy in an era of wide-scale breaches, and train their employees to take security protocol seriously, convenience and security cannot be at odds. With the right technologies and policies, security can be convenient, and convenience can be secure.
A smart security strategy for any organization is about striking the right balance for employees and employers, and getting IT departments, HR workers, and top-level executives to buy in and lead the way. While mobility is a staple of many workplaces, a survey from 2017 by Oxford Economics and Citrix found only 20 per cent of Canadian companies had a cohesive and integrated mobile strategy in place, demonstrating a gap in organizational security policy.
The key to a mobile workforce that mitigates the risk of cyberthreats is integrating a secure digital workspace with three important attributes. First, it is unified — it has a single window through which IT can configure, monitor and manage the entire technology infrastructure. Second, it is contextual — it uses machine learning and AI to fit each worker’s patterns and exceptions, in order to deliver a personalized experience that reflects the unique work device, location and network connection. Finally, it is secure: it has a software-defined perimeter that grants safe access and full visibility across the network and user ecosystem.
A secure digital workspace with these attributes fills the gap between security policies and flexible work that many organizations are facing today. It is better suited to the work environments that most employees encounter on a day-to-day basis and can be customized based on job function, seniority level or department, rather than a “one-size-fits-all” security solution.
One important way digital leaders are adapting to the demands of the mobile workforce is by implementing a BYOD (bring your own device) policy. With BYOD, companies can use desktop virtualization so employees can access their work desktop on their personal mobile devices. Employees can access information when and where they choose, and employers can control the secure delivery of that information. This satisfies the needs of IT as well, who can keep work apps and data in a centralized data centre, and can monitor, detect and fix any problems to avoid data loss or breach.
Another key component to keeping convenience and security on the same side is to prioritize the user experience. In some situations, if employees feel the workplace software or device is too complex or consumes too much time, they will opt for their own, often unsecured technology. And if IT managers want employees to be responsible about their data security, it is important that employees understand and accept the technology at hand. IT must be focused on a seamless experience that accommodates employees and employers.
Lastly, the secure digital workspace must be implemented in conjunction with the right processes, training and education programs. This is especially relevant considering Citrix Canada’s survey found three-in-10 are not aware of the security protocols their company has in place. Although it is not necessary for employees to understand all the ins and outs of how they are being secured, HR must continuously develop and communicate security policies to help employees understand why the policies exist, and why buy-in is crucial.
To have all employees buy in to the security strategy requires not just education, but a culture shift in which security is instilled as a company’s core value. HR must work with C-suite executives to enforce security policies across all levels and engage all C-suite in the discussion on cybersecurity.
Practices upheld and importance placed on security at the top will trickle down, and employees will be more likely to hold themselves accountable and encourage others to do so as well. When employees understand the risks of bypassing security protocols, and their company provides a seamless user experience, breaches are less likely to occur.
The key elements employers and employees are looking for — productivity, flexibility, security — are attainable, but companies must put in the effort to establish the right technology, policies and culture if they wish to see all three realized simultaneously.
Ching Mac is the director for Citrix Canada.
This article originally appeared in the Nov/Dec issue of Canadian Security.