Not a Member? Get access to HR news and resources that you can trust.
Here is how HR can help prevent the missteps that could cost your company big in court.
Is your employee handbook ready for the changing world of work? With SHRM’s Employee Handbook Builder get peace of mind that your handbook is up-to-date.
60+ new SHRM Seminar dates in 10 U.S. cities and virtually.
Expand your influence and learn how to become an effective leader -- Join us in Phoenix, AZ, October 2-4, 2017.
Employees are the weakest link when it comes to protecting company data—and connecting to public Wi-Fi while they're traveling is part of the problem.
Unfortunately, hackers know that.
According to Managing Insider Risk through Training and Culture, a report from the Ponemon Institute, 55 percent of organizations say they have had a data breach caused by an employee. Additionally, security incidents have risen 66 percent year-over-year since 2009, according to the results of PricewaterhouseCoopers' 2017 Global State of Information Security Survey.
Experts said HR and IT can lessen the likelihood of such breaches by making sure employees are trained on proper cybersecurity protocols—especially during the holiday season when workers are traveling and may be tempted to use their devices to conduct work in public places.
Some people may feel safe using free public Wi-Fi in airports, coffee shops or restaurants to connect to their work data through a virtual private network (VPN) or a virtual desktop infrastructure (VDI), but experts say nothing can be further from the truth.
What's the solution?
"Companies should take all the necessary precautions to have their employees [be able to] access their data from anywhere, yet have a level of protection required for the data being accessed," said Philip Bigge, vice president of consulting services for Ripcord Solutions. Ripcord is based in Irvine, Calif., and provides continuity management advisory services.
"For example, despite … multifactor authentication seemingly being excessive or limiting to the employees, [since it typically requires them to provide an additional access code after logging on] a company that deals with personal health information should think of the customer or patient first," he explained. "Would you want your doctor or their employees accessing your data over free public Wi-Fi?"
[SHRM members-only resource: Laptop Security Policy]
Employees should always use a secure Wi-Fi network to access company data, ZixCorp CEO Dave Wagner told SHRM Online in an interview. ZixCorp is an e-mail encryption provider based in Dallas.
"Catching up on work e-mails at a coffee shop or on the train is especially common for workers over the holiday season," Wagner stated in a news release. However, "public Wi-Fi is nowhere near as secure as the private networks set up in the office."
Sending confidential information via e-mail should never be done over public Wi-Fi, experts said.
Employees should also password-protect all of the devices they use for work. From smartphones to laptops to tablets, each device that allows access to an employee's e-mail account and work documents should have "some sort of password, thumbprint, lock code, etc.," Wagner said. "It's easy to misplace devices while traveling or on the go, so a strong, unique password is one more [barrier] a thief will have to crack to gain access to the sensitive information stored on the device."
End-to-end encryption—even on personal devices used to access company data—is also important, as is installing data loss prevention software.
"If a person really wants to use their preferred personal device, then they must add layers of protection," including encryption software, Bigge said. "It is a compromise everyone must be willing to make."
People conducting work on the go using personal devices also need "to make sure they don't slip up and send sensitive data to the wrong person," Wagner added. "Data loss prevention software does just that, by scanning outbound mail for possible red flags. If there is a potential issue found, the software will quarantine the message and confirm with a manager or administrator if the information being delivered is sensitive or not. Employers and employees can rest assured knowing that important information—such as credit card information and Social Security numbers—is secure."
Experts say that when employers provide thorough cybersecurity training for all employees and keep them abreast of the latest threats, organizations can be more secure.
"HR professionals should communicate to their employees who are traveling that when they are handling company information, whether on a company or personal device, it's best to treat it as a precious possession," Wagner said. "If employees know the importance of data security through cybersecurity training, they are less likely to take risks that put themselves, their company and customers in a vulnerable position."
Was this article useful? SHRM offers thousands of tools, templates and other exclusive member benefits, including compliance updates, sample policies, HR expert advice, education discounts, a growing online member community and much more. Join/Renew Now and let SHRM help you work smarter.
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Your session has expired. Please log in again before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
Join SHRM's exclusive peer-to-peer social network
SHRM’s HR Vendor Directory contains over 3,200 companies