Telecommuting on the Rise
August 04, 2008
A new report shows that telecommuting is becoming more and more popular, but if best practices are not implemented, privacy and security are at risk.
Telecommuting is gaining popularity. Lowering the corporate carbon footprint, the office space footprint, work/life balance issues, etc., etc. are all leading to an expected four percent increase compound annual growth rate in the number of telecommuters working at least one day from home.
According to a Gartner study quoted by Ernst & Young in their report Risk at Home: Privacy and Security Risks in Telecommuting released this week, worldwide there will 46 million telecommuters by 2011. Because of this rise, personal and private information related to both employees and their employers may be compromised by telecommuting staff if privacy risks are not dealt with effectively.
The takeaway, said Sagi Leizerov, a senior manager with Ernst & Young's Advisory Services group and one of the reports authors, is while the organization has put in place different types of controls it was done because of business travel, it was done because of the need to protect information even in the office environment led to adoption of technologies all of those are good and they contribute to protecting information in telecommuting environment but they are not necessarily addressing the specific risk telecommuting brings about.
A total of 73 corporate and government organizations (representing 10 industries in the US, Canada and Europe) participated in the study. Respondents acknowledged telecommuting is a persistent area of risk and recognized the topic is often not adequately addressed. In some instances, risks associated with telecommuting do not garner the attention of newer, more pressing business risks.
This is because telecommuting is not new, said Leizerov. An evolving risk like telecommuting often gets back-burnered in light of newer threats and, therefore, the controls needed to ensure it is being properly secured are not always put in place.
We think that part of the reason it doesnt get the right attention is not only the governance side it is an issue of who needs to own it, said Leizerov. For example, security, compliance, HR, IT.
While many organizations allow telecommuters to handle personal information at home, only half of the survey respondents said they address this subject with formal policies and training. Survey respondents noted the multidisciplinary nature of the topic, which could be viewed as a human resources, information technology, security or privacy issue, made it difficult for them to determine whose responsibility it should be to address these risks.
But companies are not completely missing the mark, as the survey shows internal controls have been established to monitor and protect the transfer of information both within and outside the walls of an organization. Despite these efforts, gaps still exist between the establishment of such controls and consistent monitoring and enforcement.
Consider these findings:
Although portable media (such as laptop computers and personal digital assistants (PDAs) are commonly used by telecommuters and have been in the forefront of various recent information breaches, few organizations have adopted privacy-enhancing devices such as thin client terminals, which are computers that are designed to not save data to help safeguard sensitive information.
Telecommuters regularly use their own personal computers and PDAs for work purposes. However, the hard drive and email encryption tools commonly found on employer supplied devices are of little help when employees use their home computers for work related activities.
Allowing telecommuters to use wireless Internet connections is a common practice, yet the use of wireless security measures is not widely required.
What to do
The good news is everything you need from technology fixes to employee best practices (depending on your industry vertical) already exist. You may have to do some searching beyond E&Ys report but VPNs, encryption, thin-clients, software as a service, remote desktop management, etc. all make telecommuting a manageable affairat least from the technology side. Its the people sideand how they handle security in their home officesthat is harder to deal with.
- For more on the risks associated with mobile workers, as well as tips for how to deal with them, read "Mobile Workforce Means Greater Security Threats," "Securing Your Mobile Workforce," and "Hotspot Safety for Business Users."
Article adapted from CIOUpdate.com.