The way that we digitally share information has changed dramatically in recent years, thanks to the rapid evolution of cloud storage and the increasing intelligence of smart phone technology.
But, as in all things, the benefits of having ease of access and the sharing information readily is off-set by the threat of the loss or compromising of the data. Working from a home computer, tablet, or phone may enable the team to continue working outside of office hours, but the risks can be very real.
In an office environment, there should be a secure network that protects all machines under the Partnership ownership. This will keep all valuable files under lock and key. A personal device used ‘on-the-go’, at court or at home for instance, runs the risk of giving unrestricted access to confidential data to the wrong people, should an employee’s server become compromised.
In order to safeguard data ‘on the move’, Colin Tankard, Managing Director of data security company, Digital Pathways advises:
If at all possible, do not send valuable information via un-encrypted email.
Use two-factor authentication to log onto systems and devices. This increases the complexity of passwords, eliminates password ‘sniffing’ and if in an emergency a Partner needs to ask their assistant to log on as them, in order to retrieve an important document, the password conveyed by the Partner only lasts for that session and cannot be reused.
Encrypt documents with unique encryption keys that can be controlled by the data owner and shared by them to selected individuals if needed. This way, the document is protected on a persistent basis and, if linked to Rights Management, can travel embedded in the document even if it is shared with non-authorised individuals.
If remote access is allowed, ensure the connection is through a company controlled VPN, as this ensures the connection is true, i.e. not subject to a ‘man-in-the-middle’ attack and, once established, cannot be ‘sniffed’ and content captured.
Add end point application protection to ensure a device is patched and running the correct levels of encryption and anti-virus. This ensures the remote device is configured to Partnership standards such as inactivity timers and screen locks. It also ensures that if a device is left logged-on in a public area, and the user leaves it for a period of time, no one can ‘surf’ on their connection.