The need to work on the go combined with the confined space of public transport is putting sensitive business information at increased risk. The threat to information may well be malicious – public transport is a common hunting ground for organised criminal gangs and opportunist thieves looking for easy pickings. However, it’s not just the bag snatchers and the pick pockets that pose the threat. Talking confidential company business on the phone and working on sensitive documents while commuting are also a concern. New research from storage and information management company Iron Mountain reveals 72 per cent of the UKs office commuters are looking over the shoulder of the person sitting next to them to find out what their fellow commuter is working on. One in five UK commuters (20 per cent) have seen confidential or highly sensitive information.
Nearly a fifth (18 per cent) of those in marketing say that they frequently sneak a peek at the work of fellow commuters, compared to just six per cent of legal professionals. Marketing professionals are the most likely to be working on confidential or sensitive work during their commute (35 per cent). PA and Admin staff are, at 15 per cent, the least likely to undertake confidential or sensitive work while on public transport. Across all job roles, 21 per cent of respondents say they are doing confidential or sensitive work while travelling on public transport.
In the UK trains (58 per cent) and planes (42 per cent) are the top locations for ‘commuter-snooping’, although one in five (20 per cent) at director level or above find the airport business lounge a particularly fertile ground for information spotting.
It is not just exposing information on mobile devices that presents the threat. Paper documents often contain critical information that must be safeguarded while travelling and, when discarded, securely destroyed so that the information cannot be reconstituted.
“While practical and inevitable, working on the go could be exposing employers to significant information risk, including data breaches and the loss of competitive advantage,” said Christian Toon, risk and security, Iron Mountain. “Most of us have seen documents left in plain sight, left on display on a portable device or left behind, albeit temporarily, as a fellow commuter pops out of the carriage to take a phone call or grab a sandwich. Commuters need to think ‘leave it and lose it!’ What would be the cost to your business and reputation if an employee inadvertently shared sensitive information or let documents get into the wrong hands? There are simple and inexpensive measures that all businesses should take.”
Iron Mountain offers the following guidance for firms looking to help employees protect confidential information while travelling.
Protect your information on the move. Four things to get right.
1 Educate your people - Make sure that every employee understands that his or her information security responsibilities extend beyond the workplace. Provide clear policies and practical guidelines that help your people understand what behaviours will reduce the potential risks. Communicate your expectations regularly to all employees.
2 Provide the tools - Equip employees with the tools required to manage information with sufficient care while travelling. Start with the corporate devices you’ve issued. Consider strong passwords and device encryption. Provide up-to-date virtual private network (VPN) capabilities to ensure that your sensitive information is inaccessible over anything but a secure connection.
3 Keep it private - Issue a laptop privacy screen to all employees who have access to sensitive information. This allows the user to view the information on their screen but makes it impossible for a fellow commuter to see on-screen information from a side view.
4 Don’t forget the paper - All too frequently, attention to information security starts and ends with IT. Yet confidential paper documents are easy to transport and just as easy to leave in plain sight or leave behind. When sensitive documents are no longer needed, employees should return them to the office to be destroyed securely.