Companies devote significant resources to keeping computer networks and information secure, but those efforts can be undone when employees work outside the secure workspace. When an employee downloads a document to a personal laptop, saves information on an unencrypted external storage drive, uses the local coffee shop wi-fi, or – as the headlines have reminded us this week – uses personal email for business purposes, secure information is at risk.
What’s an employer to do? Here are some tips:
- Make sure that your human resources and technology teams are working together on issues relating to network and information security.
- Implement a clear policy prohibiting use of personal email for business purposes and prohibiting employees from using unsecured internet connections and storage drives.
- Only allow employees to access company networks with approved devices and, if you allow employees to use personal mobile devices for business, implement a “BYOD” (Bring Your Own Device) Policy that sets security requirements (such as requiring strong passwords) and gives the company the right to review and wipe devices.
- Train all employees in security protocols so that they understand not only your requirements but the reasons why they’re necessary. Employees may not think much of using public wi-fi or personal email until you explain the real risk that both raise.
- Make sure that employees who work remotely have secure options for connecting.
- Monitor outgoing email to identify employees who may be emailing confidential information to personal emails.
- If you discover that an employee is violating security requirements — take appropriate action.