Remote workers are adding to the risk of corporate security data breaches according to tech integrator RBC Group, particularly now that many businesses are now subject to mandatory breach reporting legislation.
RBC Group general manager Michael Manton says that any business with an annual turnover of more than $3 million must now disclose breaches to the Australian Information Commissioner and to customers if data has been compromised.
The company sites the 2018 HP Australia IT Security Study, which found that half of all 528 surveyed Australian small and medium businesses (SMBs) were not prepared for mandatory data breach reporting laws and they had not conducted and IT security risk assessments in the last 12 months.
Manton believes breaches are likely if employees connect to company networks through their personal devices.
"The real concern is the increasing number of people who are taking devices home or using them in public where the environment is less secure than a corporate office, or connecting to a corporate network using a personal device and unwittingly providing malware with access to the business network," he explains.
The survey found that 73% of surveyed SMBs allow staff to work from home; 53% allow them to work from public places.
More than half (59%) also say they don’t have a disposal policy for devices, which potentially exposes data stored on that device.
"The other issue is people think they only need to be on the lookout for hackers and malware, but there are dozens of different types of security breaches which can prove to be very costly to a business,” Manton continues.
He says businesses also overlook security threats resulting from unsecured endpoint devices. The survey found that 71% of data breaches originate from devices such as printers.
"I think a lot of businesses would be surprised to learn just how easy it is to gain access to data from a printer instead of via the computer network,” Manton says.
"Leaving a printer unsecured is a bit like locking the front door of your home but leaving the back door wide open - people can easily get in if they are seeking access.”
Manton also highlights the possibility of corporate espionage, which is a major problem in the United States. Organisations illegally get information about their competitors in order to win tenders.
“This kind of activity is something that everyone needs to be aware of in an increasingly global marketplace,” Manton says.
"Businesses really need to take more responsibility in terms of educating their workforce with regard to maintaining data security and ensuring that they audit the security of their entire network on a regular basis,” he concludes.