News

Telecommuting Poses Security, Privacy Risks

A new study finds that allowing employees to work from home and telecommute poses security and privacy risks that are not being addressed adequately by business or government

By Ellen Messmer, Network World

July 30, 2008

Allowing employees to work from home and telecommute poses security and privacy risks that are not being addressed adequately by business or , according to a study released Tuesday by consulting firm Ernst & Young in partnership with the Washington-based advocacy group .

The report, "Risk at Home: Privacy and Security Risks in Telecommuting," surveyed 73 corporate and government organizations to find out whether they had formal telecommuting security policies implemented in practice, and whether employees working from home were trained in . The report concludes this was too often not the case, putting business and government data at far higher risk than if appropriate security best practices were used in the home telecommuting environment.

"We identified some disconnects about recognizing risk areas and addressing it," said Sagi Leizerov, senior manager with Ernst & Young's advisory services group, about the findings in the report.

Ari Schwartz, vice president and COO at CDT, said the privacy-advocacy group assisted with the study to put the focus on determining what the best practices in telecommuting might actually be.

Schwartz said this question is of growing importance as the practice of telecommuting grows. He pointed out that security breaches have occurred in the context of telecommuting in the past two years, include well-publicized ones at the Department of Veterans Affairs and the National Institutes of Health, as well as at Blue Cross Blue Shield and the state of Ohio.

Neither Ernst & Young nor CDT is opposed to telecommuting, but Schwartz and Leizerov said the report's findings indicate the organizations surveyed often failed to adequately recognize the risks in telecommuting. They said telecommuting doesn't inherently pose more risk than office-based work, but it poses different risks that need to be recognized.

If setting policy is a starting point, organizations are slipping even on that. Only half of the organizations participating in the survey have even developed guidelines for telecommuting or provide guidance to their employees at all.

The survey looked at whether personal computers, portable devices and wireless networks were being used in telecommuting and which security controls were in place for them.

The study also asked how the protection of paper records containing the business information used by telecommuters was being addressed and whether there were security controls, such as file and e-mail encryption.

"About 50% of respondents indicated that telecommuting employees, both full-time and occasional, sometimes use their personally owned computers and PDAs at home for work purposes," the report states, adding that the trend is toward easing restrictions about it.

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Data Center Directions Virtual Conference

Data Center VCAttend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.

» Learn more and register here

WHITE PAPER
Maximizing Site Visitor Trust Using Extended Validation SSL

VeriSignNow with Extended Validation (EV) SSL available from VeriSign, you can show your customers that they can trust your site. Learn about EV SSL benefits in the free VeriSign white paper.

» Read the Paper

Featured Sponsors
Sponsored Links

CA's IT Security centralizes your identity management to turn security into a proactive, business-building tool

How Are Open Source Development Communities Embracing Security Best Practices?

Digital Identity Protection and Data Security Get Personal

Simplify your data center with Juniper Networks. View the webcast

Managing SSL Security in Multi-Server Environments

The Latest Advancements in SSL Technology

How to Offer the Strongest SSL Encryption

Forrester Total Economic Impact (TEI) report: Save Millions in Fraud Losses.

Get in Compliance With Government Data Regulations

Taking the Botnet Threat Seriously

Any company can promise identity protection. Only Debix can prove it

Welcome to the age of Service-Oriented Security (SOS)

Enabling Compliance with Converged Mainframe Security and Storage

5 Steps to Secure Outsourced Application Development

Efficient - Flexible - Compliant

Envision Identity-Based Access Control for the Datacenter

Using Likewise to Comply with PCI Data Security Standard

When Customer Relationship is Everything, Businesses Bank on SSL Solutions

The Case for Business Software Assurance ~ Securing Your Applications

Maximizing Site Visitor Trust Using Extended Validation SSL

Solving Online Credit Fraud Using Device Reputation

Understanding Data Location is Imperative for Data Loss Prevention

Secure your virtual and physical environments with the same software

Manage your IT more effectively

IDC Defines an Identity and Access Management Submarket

IDC Defines an Identity and Access Management Submarket for Managing Privileged User Accounts and Meeting GRC Requirements

Everything Today's CISO Needs to Know About Using SSO to Succeed in the Web 2.0 Era