Study: Companies must address telework security

by Grant Gross

1 comment | 6I like it!
Tags: telecommuting

on this topic

July 29, 2008, 03:59 PM —

Companies that allow employees to telecommute need to pay better attention to the cybersecurity challenges associated with it, according to a new study.

Telecommuting presents complex cybersecurity challenges, and many organizations ignore the risks, said the study, released Tuesday by the Center for Democracy and Technology (CDT), an advocacy group focused on privacy and security, and Ernst & Young.

Officials with CDT and Ernst & Young declined to call telecommuting more risky than working in an office, but said telecommuting presented different risks. In many cases, telecommuters use their own computers, subjecting company information to data breaches, and many companies don't have comprehensive telecommuting polices or restrict telecommuters from accessing data they don't need for their jobs, the study said.

"There's a lot of factors that go into making up the potential risk," said Ari Schwartz, vice president at CDT. "In some instances -- if you're talking about very sensitive information, if you're taking about someone who's always working from home with very little monitoring -- there's going to be a greater risk than someone who brings home information every once in a while and is monitored a lot."

Companies offering telecommuting as an option need to weigh the risks and take more steps to minimize the possibility of lost data, Schwartz said. With telecommuting likely to grow significantly in coming years, it's time to look at ways to make telecommuting less susceptible to data loss, he said.

"We have an opportunity right now, before it grows to be very large, to define best practices," Schwartz said.

The two groups surveyed 73 companies in the U.S., Canada and Europe and found that less than 50 percent provided teleworkers with e-mail encryption software. Only about 50 percent of the organizations offered hard-token authentication for work devices and there was hardly any use of biometric authentication.

Only about 20 percent of respondents said their organizations periodically inspect off-site work locations, and less than 50 percent use security cables to lock down computers at home offices.

The study lists several recommendations for companies to both implement and avoid when allowing telecommuters. Among the recommendations:

-- Develop telecommuting policies and training for everyone who telecommutes, not just full-time teleworkers.

-- Limit employee access to information based on their need to do their jobs and the organization's ability to monitor employee activities.

-- Provide telecommuters with clear guidance on the use and disposal of paper records.

-- Conduct house visits to ensure telecommuters who handle personal information are meeting security requirements.

The recommendations of what to do and what not to do came from survey respondents, and some companies are taking telecommuting security seriously, said Sagi Leizerov, senior manager of Ernst & Young's Advisory Services group.

"The picture is not bleak," he said. "There certainly are good examples out there in the marketplace, but if we look at the situation right now, it looks more like Swiss cheese. There are plenty of holes."

I like it!

Email
Print
Share
- Slashdot
- Digg
- Stumble
- Reddit
- Newsvine

On Twitter now

telecommuting

Refresh results

More Telecommuting Results from Twitter

You are logged in | Sign out

What are you thinking?

Insert this article url

Username or email Password ITworld does not store your password

Cancel

New to Twitter? Create an account

Tweet sent

On Twitter now

telecommuting

More Tweets

1 comment Add a comment

We've synthesized

We've synthesized information from over 250 studies of telecommuting and related topics. And we've interviewed dozens of telework enthusiasts and naysayers including researchers, Fortune 500 executives, virtual employers, venture capitalists who support the remote work model, and dozens of home-based workers in a wide variety of professions.

Based on that research we've concluded that if the portion of the population who could telework did, as a nation we could save up to 11 billion gallons of gas a year--roughly the equivalent of 75% of our Persian Gulf imports--and reduce greenhouse gases by 100 million tons/year. That, by the way, is after you factor in the errands teleworkers used to do on the way during the commute.

Telework offers a pull, rather than a push solution to a wide range of problems. It benefits employers, employees, and the community. Beyond the gas and pollution savings, a strong national telework strategy would bring traffic jams to a halt and reduce the carnage on our highways. It would alleviate the strain on our crumbling transportation infrastructure. It would help reclaim many of the jobs that have been lost to offshoring, and provide new employment opportunities for at-home caregivers, the disabled, and the un- and under-employed. It would improve family life, and emancipate latchkey kids. It would substantially bolster pandemic and disaster preparedness. And it would save companies and individuals billions of dollars.

Naysayers argue that not every person or every job is right for telework. I don't argue that point. But studies show that 40% of jobs could be done from home and two-thirds of the working population say they'd prefer it. What's more, the companies that have tried telework have proven that the negatives can be easily overcome and the pros far outweigh the cons. See for yourself: http://undress4success.com/telework-pros

by Undress4Success (not verified) on 8/4/08 at 5:37 pm | reply

View all comments »

peer-to-peer

Brian Proffitt
Microsoft/Novell: Breaking Down the Coupon Numbers

Esther Schindler
Drupal's Dries Buytaert on Building the Next Drupal

Tom Henderson
Top Ten General Operating Systems Rants

pasmith
PS3 motion controller delayed; goes up against Project Natal

sjvn
Neolithic Windows security hole alive and well in Windows 7

claird
Perl source code comparison makes for good reading

mikelgan
Cell phones don't create stress or interrupt much

Sandra Henry-Stocker
How to: The Unix Interview

Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann

Join the conversation here

The Daily Tip

Quick, practical advice for IT pros. Made fresh daily.

Hot tips:

Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.

Newsletters

Subscribe to ITWORLD TODAY and receive the latest IT news and analysis.

*E-mail address:

*Verify E-mail:

*Job Title:

*Industry:

*Company Size:

*Country

* State:

I would like to receive offers via email from ITworld partners.

By clicking submit you agree to the terms and conditions outlined in ITworld's privacy policy.

view all newsletters »

	Friends With Benefits: A Social Media Marketing Handbook Tips, tricks, and real-world case studies to help you increase your online visibility.Enter now!
	Ubuntu Unleashed 2010 Edition Detailed information on installing, using, and administering Ubuntu. Enter now!
	VMware vSphere 4 Implementation Best practices for deploying the vSphere product in real-world enterprise environments.Enter now!