In this excellent article from Accounting Web. iStorage CEO John Michael argues that remote and hybrid work demand a stricter focus on data security and employee health, both of which can be achieved with the right tools and policies.
Hybrid and remote work are not going anywhere. Workers love the flexibility of the modern office, and the statistics back it up: 82% of a surveyed 28,000 full-time employees stated that hybrid working has made them happier, and 78% said that working remotely improves their overall well-being. Employers enjoy their own benefits, given that remote work reduces burnout and – contrary to certain management assumptions about its effectiveness – increases employee engagement. A 2018 survey, conducted prior to the major rise in remote work, noted that 67% of workers had experienced burnout, yet in 2022 flexible working had brought this figure closer to 30%.
These figures present the positives, but they absolutely downplay the difficulty of administering a distributed workforce, particularly one, such as accountants, which is expected to work with sensitive data. It doesn’t take a genius to realise that an accidental breach could be incredibly costly, incurring a significant fine or losing a client – and breaches do happen. The Information Commissioner’s Office received reports of over 1,000 data breaches related to unauthorised access of data in 2022, and almost 600 incidents of data or paperwork being left in an insecure location. The protection of data cannot be left to chance: in the remote work era, good data hygiene is essential.
Controlling data access based on location
IT administrators would not generally allow hybrid workers a free choice of software or hardware. In the same vein, employees should also not be given full freedom to work as they want in any location they choose. Hybrid workers, given their relative freedom, may take an over-relaxed attitude to their place of work; putting in the hours in coffee shops, on public transport, or otherwise working away from the office are naturally more vulnerable to causing such breaches.
Tight security controls are vital to keep data safe, whether that be clients’ personal identifying information (PII) data or company spreadsheets. A data breach could be caused by connecting to cloud services over insecure networks, for example. Data could be leaked through a device like a laptop being left unattended or stolen. But an offline, secure approach mitigates these issues. If hybrid and remote workers are required to use encrypted storage while working away from a trusted network, virtually every potential cause of a breach is removed.
A secure drive may be able to lock itself based on a user’s proximity to their computer – should the drive’s owner step away from their machine, the drive’s contents would automatically be rendered inaccessible. If strict policies demand that remote employees work only from a pre-approved locale, secure storage can also be geofenced. This restricts the use of a device based on its GPS coordinates – the fence can cover regions as large as continents or as small as a few metres. Outside of those areas, such a device would not be able to be unlocked.
Implementing hardware policies to aid work/life balance
The health of a company’s data is of paramount importance, of course, but introducing proper data hygiene procedures can also go some way to protecting the health of its employees. Remote workers, and even in-office employees, can experience an unhealthy creep towards the work side of work/life balance. We’ve all burned the midnight oil at times, and not always because we’ve needed to. Digital connectivity can be an addiction.
Overarching legislation isn’t necessarily the answer. Even in France, where ‘Right to disconnect’ legislation passed in 2017 aimed to protect workers from out-of-hours work, the easy availability of digital tools means many employees continue to feel compelled to remain connected and available outside of their working hours. However, French companies which have established strong internal policies in line with the legislation have been able to demonstrate significantly reduced out-of-hours engagement. A culture focused on well-being and reasonable expectations is key, then – and using secure hardware to implement more direct controls can have a positive effect, too.
Set a time limit on the use of secure storage, for example, and the unlocking procedure can be prevented outside of agreed hours, reducing the chance of employees engaging in so-called ‘grey work’ – out-of-hours work beyond one’s prescribed responsibilities. If such a limit needs to change, simple back-end software allows administrators to alter it on a user-by-user basis, or apply a temporary lifting of restrictions. Each unlock also builds an audit trail of activities, which can tell administrators and managers precisely when and where a drive has been unlocked.
Employing remote management for additional security
Cryptographic security is what makes these functions work – and they really do work. The contents of a sufficiently secure drive will be obscured by uncrackable encryption until that drive is unlocked, offering a guarantee that those vital numbers are completely safe from any breach. Indeed, even if plugged into a USB port, such a drive would not appear to be connected to the computer until a secure online authentication process has been completed. Even if the encrypted storage was able to be accessed, AES 256-bit hardware encryption protects data against the possibility that the data could ever be read, copied, or shared.
Online authentication has a double use. It also means the access parameters of the device can be remotely administered at the time of unlocking. If a geofence moves, or an employee’s access restrictions change, these alterations do not require physical access to any remote hardware – any policy changes are automatically applied to a drive upon its use, no matter what machine it is connected to.
Remote data erasure provides peace of mind
A lost drive is obviously not a good thing. But that’s the point of cryptographic security and pivoting one’s data policies to ensure it is used. If a hardware encrypted drive is lost or stolen, it does not mean company data is being breached, it simply means a loss of easily replaceable hardware. If a double layer of security is required, a remotely administered secure drive can be set to erase itself if too many unsuccessful attempts are made.
If a remote employee reaches the end of their tenure, proper data hygiene procedures might also require that they return their hardware. But a secure drive could, if required, be set to be wiped at the moment an unlock attempt is made. This, along with geofencing, goes some way to preventing disgruntled employees from taking company data to places it shouldn’t be.
Obviously, much of the burden of remote worker data hygiene must be shouldered by company policy. But whatever level of control a company wishes to have over its remote employees, whatever policies exist to support efficient work and well-being, or even if you’re running a freelance accounting operation, investing in secure hardware makes such policies far easier to follow and implement. Select hardware which is also backed by clear and straightforward administration software, and the prospect of safer data is easier to achieve.
