This group is for teleworkers and telework managers...and anyone else who is interested in discussing telework!
Learn how much money you could save by teleworking with GovLoop's Telework Calculator.
Teleworking and Security
May 13, 2009 at 12:25 pm #71932
Kinda dated (July 22, 2008) but IMO still rather relevant...
From Center for Democracy & Technology
Security and Privacy Risks of Telecommuting Not Effectively Being Addressed
WASHINGTON, D.C. -Telecommuting and the virtual office put sensitive corporate data, including the personal information of customers, at risk of compromise, according to a report released today by the Center for Democracy & Technology and Ernst & Young.
The report, "The State of Telecommuting: Privacy and Security," based on a survey of 73 organizations recommends that companies with a telecommuting workforce need to pay more attention to the unique privacy and security risks posed by remote access. The report offers practical advice to companies on securing data accessed by employees working from home or other remote locations.
"Most of the security and privacy risks associated with telecommuting are already known," said CDT Vice President Ari Schwartz. "In a lot of cases those risks can be addressed if companies would simply put more emphasis on the procedures and policies they already have in place."
According to a recent report more than 46 million people are expected to work at home at least one day a week by the end of 2011. That increase of telecommuting workers heightens the need for robust security and privacy policies. Respondents acknowledged the inherent risks of telecommuting, but admitted these risks aren't made a high priority.
Serious gaps remain between the establishment of security requirements and consistent monitoring and enforcement. Consider these findings:
Computers used by telecommuting employees often do not contain security features that specifically address the unique threats that come from remote computing, such as inappropriate access by non-employees, use of technology for unauthorized purposes, etc.
* Portable devices, such as laptops and personal digital assistants (PDAs), commonly involved in data breaches, are widely used by telecommuters. However, few organizations have adopted thin client terminals-lightweight devices with Internet connectivity-which have little data storage capability.
* Telecommuting employees using their own personal computers or PDAs for work purposes thwart the advantages of employer supplied encryption tools.
* Allowing telecommuters to use wireless Internet connections is a common practice, but the use of wireless security measures is not widely required. The implications of this finding are compounded by the fact that telecommuters are increasingly accessing their neighbors' unsecured wireless connections when working from home.
* Policies on downloading software and using peer-to-peer file-sharing applications are common but the enforcement approach varies. While half of the organizations use technical controls to block peer-to-peer file sharing applications, and a third of organizations block telecommuters from using instant messaging applications, others lack technical controls, relying instead on software use policies.
Other topics covered by the survey and included in the report are: background checks of telecommuters, policies regarding temporary employees and contractors who telecommute, protecting paper records, use of privacy-enhancing technologies, use of file and email encryption tools, deployment of biometric technology, limitations on the use of email, and monitoring of telecommuters by employers.
You must be logged in to reply to this topic.