Nonprofit 411: Questions to Ask Yourself about Client Confidentiality and the Mobile Workforce

By Dan Keleher, KPM Consulting, LLC

 

Nonprofit 411 KPM 2The global workforce is evolving into a remote and flexible environment. According to Strategy Analytics there is potential for the mobile workforce to increase from 38.8% of the global workforce in 2016 to 42.5% by 2022. This move is seen as mutually beneficial for employees and employers.

With the increase in the mobile workforce, employers are identifying cost savings in areas as diverse as real estate/office space and training of new employees, and are reporting increases in productivity due to reductions in days out sick. Employees are reducing personal expenses with reduced commuting costs as well as time savings. The increase in remote work has also opened opportunities for workers with physical disabilities or limited mobility. Ultimately, all of this contributes to a more productive work environment.

What does this mean for your customers and their data? Doesn’t the remote worker introduce more security risks and a greater chance of a data breach? Not necessarily, as long as everyone is doing their part. First, as the employer you need to take a serious look at your data security program.

  • Has your Information Technology (IT) staff established substantive security measures? Are they monitoring firewalls and intrusion detection, encrypting data at rest, encrypting laptop hard drives, pushing updates for anti-virus or malware programs, and establishing email filtering and multi-factor authentication for network access?
  • How are your data security policies and procedures? Are you prohibiting the storage of customer data on mobile devices such as laptops, flash drives, and smartphones? Are you requiring the use of a Virtual Private Network (VPN) when remote users connect to your network? What about requiring users to ensure the latest system and application patches and updates are installed on their laptops; and prohibiting the use of any company owned device by any non-employee?
  • How is your data security training program? Is your staff receiving updated training throughout the year on the current data security policies and procedures? What about why strong passwords are important, or how to identify phishing and possible malware attacks?
  • Do you have a fully implemented incident response program? Do your staff know what to do in case of a lost or stolen device?
  • When was the last time you reviewed and updated your Massachusetts data privacy Written Information Security Plan (WISP)?

Ensuring your mobile workers do not jeopardize your customer’s confidentiality starts with ensuring that your organization has a strong data security program and that all employees are educated on the part that they play in that program.

Dan Keleher is the Executive Director of KPM Consulting, a subsidiary of Kevin P. Martin & Associates, P.C. He can be reached at dkeleher@kpmconsulting-us.com. KPM Consulting offers a variety of services including IT risk assessments, business continuity planning, vulnerability scans, SOX compliance reviews, MA data privacy planning, HIPAA compliance reviews, data center reviews, and security testing.