Study raises data privacy and security concerns about telecommuting
Telecommuting has its distinct advantages: no stressful trips on the freeway, a kitchen full of snacks, working in pajamas, even animal companionship (just watch out for paws on the keyboard).
But working from home isn't all kitty cats and cozy fires. A study released this morning by the Center for Democracy and Technology and Ernst & Young said telecommuting and other remote access of corporate networks poses data security and privacy challenges for employers. The report, "The State of Telecommuting: Privacy and Security" (PDF download) warns:
It is difficult enough to secure a corporate network with the constant and persistent threat from malicious external parties, from hackers to spammers to viruses. But for the chief technology officer or chief risk officer of today's organization, perhaps no issue presents more complexity -- or more headaches -- than the necessity to protect corporate and personal information in an environment where employees travel widely or routinely work at home, using personal computers, laptops, non-corporate-owned machines and personal digital assistants.
The CDT and Ernst & Young surveyed 73 organizations from 10 industries in the United States, Canada and Europe and found that the risks of telecommuting often were ignored. Half of the respondents said they had no formal policies or training for remote access of their systems.
"Most of the security and privacy risks associated with telecommuting are already known," CDT Vice President Ari Schwartz said in a release unveiling the study. "In a lot of cases those risks can be addressed if companies would simply put more emphasis on the procedures and policies they already have in place."
And it's not just electronic data. Only 25% of the respondents said they require telecommuters to store paper records in secured cabinets. Even then, the records aren't always secure, as this 2007 episode demonstrates: Confidential files of 13 people from the Social Security Administration office in Milwaukee were lost for months when a telecommuting worker took them home. The employee said she kept them in a locked cabinet, but believes she left them behind when she fled her home because of domestic violence. Some of the files -- which contained Social Security numbers, medical information and other private data -- were eventually found in a Milwaukee dumpster.
The study recommends that employers focus more on telecommuters, whose ranks are expected to grow to 46 million by 2011. Among the suggestions are inspecting home offices, using encryption to connect to corporate networks and providing locked cabinets and shredders for paper records. Just make sure the cat stays away from the shredders.
-- Jim Puzzanghera
Puzzanghera, a Times staff writer, covers tech and media policy from Washington, D.C.
Photo by DDFic via Flickr