Remoteness and risk
With remote working having become increasingly common in recent years, we consider risk management controls that can help mitigate the additional risks
Weather warnings are unfortunately a near certainty in any average Scottish winter. This can create havoc with transport links and your basic ability to reach the office. In addition to this, there is a plethora of other reasons why remote access and remote working may be required, and many potential business benefits. Inevitably, with different ways of operating, there are potential downsides too, as remote access introduces additional business risks.
This article outlines how you can adapt your working practices to minimise these risks, whatever the weather.
Remote working may be as straightforward as taking files or papers home to read, or working on public transport. In broad terms, remote access refers to workers being able to access data or resources from a remote location. It allows access to the company’s computers or a network, from a remote distance, be it from a separate branch office, an employee’s home, while travelling, or otherwise away from the office.
While working remotely or accessing the firm’s systems remotely, first and foremost always ensure that work is undertaken in line with the firm’s own policies and protocols. The following, though, are all useful points to remember. Some may sound like common sense, but they are often forgotten:
Never set any laptop or computer with remote access to log in automatically
Laptops are valuable items and for this reason are easy targets for thieves. In the event that a laptop is lost or stolen, automatic logins could allow easy access by a third party to the firm’s systems and sensitive information.
Make sure that any laptop, computer or other mobile device does not store any passwords
If equipment has stored the passwords required to operate it, in the event that equipment is lost or stolen, this will present a much better opportunity for third parties to gain access to the company’s network and sensitive information.
Ensure that you use strong passwords for all devices. Strong passwords include the use of capitals, lower case letters, numbers and symbols. The passwords should not be obvious either, for example “password”
Passwords are essential for all laptops/computers. The stronger the passwords, the less likely that unwanted persons could gain access to the systems in the event that the equipment in question is lost or stolen. Further advice is provided on this topic in the e-learning module “Information Security – Managing the Risks”, which can be found in the Resources section on the Marsh website for Scottish solicitors at www.marsh.co.uk/scotlaw. (To access the site you will require a user name and password, which should be available from your practice’s risk management contact. Otherwise, please contact Nada Jardaneh at Marsh for your firm’s login details.)
Change passwords regularly, but don’t write them down or keep them with remote access equipment
Although ensuring adequate password protection is important, overcomplicating passwords, or including too may passwords, to such an extent that they cannot be remembered, is also not beneficial. Keeping a list of login details with any equipment is an invitation for unauthorised access.
Despite internet and wifi (wireless network) being available in various public places, only ever use secure internet connections
It is often necessary to work while travelling or in public areas. Many public areas and some public transport now provide free internet access. However, this may not be secure. By accessing any of the firm’s systems via this free connection, these systems are left vulnerable to third party access or viruses. Additionally, for the same reasons, only visit approved sites and be wary of clicking on links embedded in emails.
Be careful when working in public areas
It is easy to forget that, when working in a public area or on public transport, you may be overlooked or overheard. You never know who is sitting next to you on a train or in a café, or their potential interest in any case on which you may be working. You may not know them, but imagine the consequences of your lack of precautions resulting in a breach of confidentiality or the loss of sensitive information? It may result in a data protection breach, or an unexpected article in a newspaper and subsequent reputational damage. Furthermore, be wary of “shoulder-surfing”, whereby third parties intentionally watch for the password entered when logging into equipment.
Only save necessary information on to memory sticks, and delete once no longer required
Memory sticks are small and easily mislaid, lost or stolen. If we needed proof of that, a UK survey conducted in 2011 established that in 2010 alone, over 17,000 memory sticks were left in clothes sent to dry cleaners. The survey doesn’t reveal, but it’s hard to imagine that none of the 17,000 memory sticks contained client confidential information.
Ensure that files taken away from the office are stored safely at all times
Remote working may involve no remote access to systems and be as simple as taking papers home from the office to read. It is essential to be vigilant with these to ensure that people entering your home, which could be anyone from the babysitter to a meter reader, do not see sensitive information or are given the opportunity to steal documentation/information. In April 2012, a local authority in England breached the Data Protection Act, and was consequently fined, when paper files, removed from the office, were stolen from an employee’s home during a burglary. They had been kept in the employee’s briefcase.
For additional information on this issue, consider the short Information Security quiz, which refers to a previous Journal article entitled “Secure knowledge”. This can be found in the Resources section on the Marsh Scottish solicitors’ website at www.marsh.co.uk/scotlaw. (Again, you will require a username and password for this.)
In summary, when working remotely, keep these simple tips in mind in order to minimise the risks of theft or data breaches:
- Avoid leaving laptops and mobile devices unattended in public areas.
- Store files/documentation safely, including when at home.
- Be aware that you may be overlooked/overheard when working in public areas.
- Only use secure internet connections.
- Be extra careful when working with memory sticks, and store them safely.
- Only save necessary information on to memory sticks, and delete when no longer required.
Nada Jardaneh and Marsh
Nada Jardaneh is a former solicitor in private practice, who works in the Finpro (Financial and Professional Risks) National Practice at Marsh, a global leader in insurance broking and risk management.
The information contained in this article provides only a general overview of subjects covered, is not intended to be taken as advice regarding any individual situation and should not be relied upon as such. Insureds should consult their insurance and legal advisers regarding specific coverage issues.
Marsh Ltd is authorised and regulated by the Financial Services Authority for insurance mediation activities only.