Flexible Working and Data Security – Yes, You Can Have Both

Sandra Radlovački

Discover the benefits of adopting a Bring Your Own Device policy

Strategy
Flexible Working and Data Security – Yes, You Can Have Both

The debate on remote vs in-office work has touched on a number of business aspects. Whether it’s productivity and effectiveness or security and management challenges, many organisations choose a hybrid working model to maintain business continuity and meet their employees’ needs, at least to some extent.

However, the perks of remote and flexible working are too appealing for workers to be won over with “endless coffee and snacks” in the office. In times of Great Resignation and labour shortages, some companies offer flexible working to keep the ball rolling.

One of the main challenges of this working model is keeping customers’ data safe and secure, especially if the workers are using their own devices to do the job, which most often is the case.

Security, but at what cost?

In a hybrid model, companies can give their own devices to new hires and risk not getting them back when employees resign, creating unexpected operational costs. Still, companies prefer corporate devices as they are made to be used only for work and to keep data safe.

However, the hybrid model raises concerns around these devices being transported to and from the office multiple times per week, when they can be stolen or damaged.

This also leads to losses for the company, and the only solution for both sides is to enable agents to use personal devices at home and keep corporate devices in the office.

Allowing employees to use personal devices for work involves a certain amount of risk since the devices are unknown to the network and might not be secure enough.

Commenting on this concern, Andrew McNeile, Chief Customer Officer at Thinscale, said: “The key issue is that you are always introducing unknowns into your network when employees access corporate resources off-site.

The question is; how do you turn something that is unknown in something known and controlled? Organisations will introduce a VPN, an antivirus or a VDI to provide a basic level of protection for people connecting from home.

“The danger however is that these types of solutions don’t protect the endpoint, the actual device, itself. And this is often the weakest and most vulnerable part of the IT infrastructure.”

Even when a VPN or an antivirus is installed, there are still threats to data circulating through employees’ personal devices.

McNeile explains: “There are 3 main categories of threats to the endpoint. The first is keylogging and screen-scraping software which track the inputs on a keyboard or records what’s happening on a monitor to gather passwords and payment details.

“The second is data leakage, both intentional and unintentional. What happens if an employee copies and pastes customer data for example? And finally, malware and viruses introduced via USBs or other paraphernalia, which can not only compromise the device but the data as well.”

BYOD for all

Organisations also have to think of those employees who are not willing to switch up devices to separate their work life from their personal life.

While this creates additional friction in adopting a Bring Your Own Device (BYOD) approach, McNeile believes that companies do not have to sacrifice the loyalty of those employees to establish a secure hybrid work environment. He says:

“Most companies will find that they have a group of employee types that want to use their own machines and access corporate resources – consultants and contractors are the classic examples.

“These employee categories will not allow the company to re-image their machines or encrypt their entire disks. Finding a solution to make this type of hidden BYOD achieve similar levels of security as their corporate devices and locking it down correctly is an important closure of a critical vulnerability for financial services and healthcare organisations.”

Safe flexible working is possible

According to McNeile, the solution for keeping data secure and giving employees flexibility exists. He says: “To truly protect the at-home agent, you need security software that locks down the endpoint and permits only approved applications, like a softphone or CRM, to run.

“This eliminates the unknowns and allows IT teams to restrict certain functions like copy and paste, and blocks the use of USB memory sticks, while still permitting headsets.”

BYOD policy might not be every company’s cup of tea, but it does have its benefits, the biggest being reduced operational costs. McNeile continues:

“Ideally, companies should be looking at implementing some degree of BYOD which will enable agents to use personal devices at home and keep all corporate devices on-site. We’re seeing this become the norm for hybrid workforces more and more, keeping both employees and companies happy.”

“Fundamentally, the future of the CX industry is remote and hybrid, but that doesn’t mean that organisations need to sacrifice security, particularly those bound by PCI or HIPPA compliance”.

ThinScale offers device security software for the modern contact centre workforce that allows agents to do their work securely, both at home and in the office.

Find out how you can deliver seamless agent experiences and keep your data intact by visiting this page.

 


Join our Weekly Newsletter