Study raises data privacy and security concerns about telecommuting
Telecommuting has its distinct advantages: no stressful trips on the freeway, a kitchen full of snacks, working in pajamas, even animal companionship (just watch out for paws on the keyboard).
But working from home isn't all kitty cats and cozy fires. A study released this morning by the Center for Democracy and Technology and Ernst & Young said telecommuting and other remote access of corporate networks poses data security and privacy challenges for employers. The report, "The State of Telecommuting: Privacy and Security" (PDF download) warns:
It is difficult enough to secure a corporate network with the constant and persistent threat from malicious external parties, from hackers to spammers to viruses. But for the chief technology officer or chief risk officer of today's organization, perhaps no issue presents more complexity -- or more headaches -- than the necessity to protect corporate and personal information in an environment where employees travel widely or routinely work at home, using personal computers, laptops, non-corporate-owned machines and personal digital assistants.
The CDT and Ernst & Young surveyed 73 organizations from 10 industries in the United States, Canada and Europe and found that the risks of telecommuting often were ignored. Half of the respondents said they had no formal policies or training for remote access of their systems.
"Most of the security and privacy risks associated with telecommuting are already known," CDT Vice President Ari Schwartz said in a release unveiling the study. "In a lot of cases those risks can be addressed if companies would simply put more emphasis on the procedures and policies they already have in place."
And it's not just electronic data. Only 25% of the respondents said they require telecommuters to store paper records in secured cabinets. Even then, the records aren't always secure, as this 2007 episode demonstrates: Confidential files of 13 people from the Social Security Administration office in Milwaukee were lost for months when a telecommuting worker took them home. The employee said she kept them in a locked cabinet, but believes she left them behind when she fled her home because of domestic violence. Some of the files -- which contained Social Security numbers, medical information and other private data -- were eventually found in a Milwaukee dumpster.
The study recommends that employers focus more on telecommuters, whose ranks are expected to grow to 46 million by 2011. Among the suggestions are inspecting home offices, using encryption to connect to corporate networks and providing locked cabinets and shredders for paper records. Just make sure the cat stays away from the shredders.
-- Jim Puzzanghera
Puzzanghera, a Times staff writer, covers tech and media policy from Washington, D.C.
Photo by DDFic via Flickr
RSS: Subscribe to this Blog
I am a business journalist who has written many articles plus a book on telecommuting, and who works from home.
There are many solutions available to enable organizations handle privacy and security issues related to telecommuting including remote control of computers and biometric identification.
I must point out that traditional offices are equally if not more vulnerable to data breaches than home offices. Employees also leave their computers and desk unsecure, leaving them literally wide open for others to access and tamper. Corporations too often have security holes such as in their Wi-Fi networks that are an open door to wardriving hackers.
Many organizations are now moving their applications to the web, and off premises computers, which means office-based and telecommuters alike have equal access to files and programs, and which require location-independent security means.
Home workers, especially those who work full-time from these locations are often less likely to have need for theft-and-loss-prone laptops than office-based mobile workers because there is less need to by definition: they are home, not on the road.
At least with a home environment there is one person that can be held truly responsible, who has the most control over access to equipment, network security, and files, and that is the employee/homeowner or tenant.
Posted by: Brendan Read | July 30, 2008 at 04:09 PM
Yes, this is a point to be noted. Telecommuting may have data privacy threats and a lot more there on. But, when an employee is teleworking, the employer will allot him the kind of work that can be tele worked..never the less, as the blog says, telecommuting is not "kitty cat and cozy fires altogether"- I liked it.
Steve
Posted by: Telework | January 09, 2009 at 07:26 AM