Telecommuting Rise Could Hurt Data Security
Companies and agencies should tighten security policies related to telecommuting, the Center for Democracy & Technology said Tuesday. Ernst & Young co-authored the report, which lists best practices for securing data when working from home. Telecommuting puts sensitive corporate data at risk, the center said. By 2012, more than 46 million people around the world will work from home at least one day a week, it said. “In a lot of cases those risks can be addressed if companies would simply put more emphasis on the procedures and policies they already have in place,” said Ari Schwartz, the center’s vice president.
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
Telecommuting is not “inherently less secure” than office work, Schwartz told reporters. The center wants to “encourage telecommuting and the ability to work from home,” he said. But an employee who always works from home poses a greater security risk than someone “who brings home information every once in a while and is monitored a lot,” Schwartz said. Companies need policies to help figure risks and ways to deals with cases in which it’s high, he said.
Telecommuters’ computers often lack features specifically to deal with unwanted access by non-employees, unauthorized technology use and other “unique” remote computing problems, the center said. Telecommuters often use portable devices including laptops and PDAs “commonly involved in data breaches,” it said. And few companies use thin-client terminals, which store data on company networks rather than in computer memory. Telecommuters using personal devices often ignore employer-supplied encryption tools, the center said. Many employers don’t require workers to use secure connections for wireless Internet access, it said. And organizations tend to lack a standard enforcement approach for software downloading and P2P file sharing, CDT said: “While half of the organizations use technical controls to block [P2P] file sharing applications, and a third of organizations block telecommuters from using instant messaging applications, others lack technical controls, relying instead on software use policies.”
Government shouldn’t require business to tighten telecommuting security policies as part of efforts to spread broadband into underserved areas, Schwartz said. An argument often cited by Democratic FCC commissioners favoring a national broadband strategy is that broadband allows for telecommuting, bringing jobs to rural areas. But regulators shouldn’t worry about telecommuting security concerns, Schwartz said. The center wants business to deal with the problem, because the “law is always going to be slightly behind,” he said. The group hopes that releasing best practices encourages industry to address the problem before it gets out of control, he said.
But government should raise telecommuting security standards for its own agencies, Schwartz said. He cited recent telecommuting-related breaches at the Veterans Affairs Department and the National Institutes of Health. The center has talked with senators about the topic, with much concentration on P2P file-sharing, he said.
The center and Ernst & Young surveyed 73 organizations in the U.S., Canada and Europe on the Web in December and January. About half were on the Fortune 1000, with 15 on the Fortune 50. Ten industries were represented, financial services and healthcare industries making up 40 percent of respondents.