Organisations in the UK have a legal obligation to consider employee requests to work flexibly.

Yet beyond this requirement, many businesses now realise that work life balance attracts better talent, and also helps rather than hinders productivity. We know from extensive research that when employees have a greater sense of control and ownership over their lives, they feel more motivated and less stressed out.

This results in less conflict at work, greater productivity, and the opportunity for more innovation.

The concern raised by many organisations is that of the potential for security breaches to be increased and it is certainly a valid point.

We will therefore be taking a look at how you can offer flexible working through technology securely, first by examining two key solutions (BYOD and Cloud), and then more holistically at policy implementation and a security culture.

BYOD

Bring Your Own Device (BYOD) is used frequently to allow employees to use their own devices to access the corporate network. There are several different approaches but typically a piece of software will be used to create a ‘container’ on the employee’s phone or tablet which contains the corporate approved apps.

This allows the organisation to have a good level of control over the security aspects of the access the employee has. Furthermore, many businesses have the remote ability to lock down the corporate ‘container’ in the event there is a security event, such as the device being lost.

It is also prudent to have further security controls, such as multi-layer authentication – one password to access the phone, and then another to access the corporate ‘container’ – or to use multi-factor authentication.

Cloud Technology

The ‘cloud’ has offered a seismic shift in the way in which employees interact with the corporate or even SME infrastructure. They no longer need to be in the office, or even the country to access systems. As long as they have an internet connection, they can work.

It is important for the cloud solution to be reputable, and for all data to be domiciled within the EU. With respect to hybrid cloud computing, standards should allow for interoperability between cloud and on-premise security measures.

Cloud providers should have certain accreditations such ISO/IEC 27017 and ISO/IEC 27018 (or at an absolute minimum commit to adhering to them). These standards are wide reaching in terms of the business processes, policies, and procedures expected within the cloud computing space.

The Cloud Standards Customer Council is an excellent source of information on secure cloud.

Policies and Security Culture

Most organisations have some sort of a security policy. Done well, this is a living, evolving document that is introduced to employees during induction, and is a guide for them throughout their time with the organisation.

In reality, it tells employees what to do, and what not to do. It is a top down guide that individuals must comply with. It does not typically promote personal responsibility or proactivity for security. It does however provide a reference as to what is expected of everyone.

Having policies, processes, and procedures is best practice and will form a solid foundation for secure flexible working. One good system for developing or improving policies and procedures is the IASME framework.

However policies are enforced as opposed to being sustained and also proactively driven by the employees themselves. Instilling a security culture is not easy and it won’t happen overnight, but making people accountable and interested in protecting the corporate IT infrastructure pays dividends in the long run.

The aim is for an employee with a BYOD to be thinking for themselves about keeping that device secure, such as not leaving it idly on a train, and ensuring it is password protected at all times.

The number of opportunities for security breach will be more naturally covered by a culture of security, as opposed to as many scenarios that can be covered within a security policy.

In Summary

Supporting a level of work flexibility is not only a legal requirement, but also a contributor to greater productivity as employees feel more motivated and less stressed.

There are a number of technology solutions that enable work away from the boundaries of the office. However, it is important to ensure that security concerns are appropriately managed as new technology solutions inevitably introduce new exposures.

It is advisable to take advice from an IT Security Consultancy such as Grant McGregor. Get in touch on 0313 603 7910.