Telework Security Concerns Linger

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

This SonicWall survey says that while managers are growing more comfortable with remote workers, three areas of concern remain. Managers worry about how productive the workers will be while outside the office; how their absence will impact team building; and, of course, how their data will be secured.


The survey -- which was conducted by InsightExpress -- perhaps is a bit too broad, since it covers anyone working outside the office. The concerns about itinerant business travelers are different than sedentary home workers. Thus, it may have been better to narrow the survey or perhaps conduct two. The company addresses this issue by assessing managers' favorite and most frowned-upon places from where they would like to see folks work. For the record, 22 percent think workers not in the office are best off at home, while fewer than 2 percent want to see business done from the beach, a pool or a stadium.


The survey points to shortcomings in preparedness. For instance, only 23 percent of off-site workers have anti-virus software on their machines, only 16 percent have SSL VPNs and only 14 percent have IPSec VPNs. A startling 9 percent of those charged with security don't know what measures are in place for their remote staffs. The survey offered comparable anemic statistics for the related area of disaster preparedness.


Two recent posts offer suggestions on telecommuter security that, to some degree, mirror each other. One, at MX Logic, suggests use of access control settings that allow only company-authorized PCs onto the network; implementation of "defense in depth"; disabling of PC ports that allow external storage devices; and turning off of wireless devices when PCs are wired into the network. The writer notes that user education is vital.


Other ideas are offered by AndyIT Guy. He says remote workers should only have user-level access, that they should be required to run a wide array of security software (including anti virus, host-based intrusion protections and others), and that the path to the network should go through network access control (NAC) gear. The blogger offers a handful of other suggestions, including turning off autorun for CD/DVD drives and disabling Bluetooth.


His final idea is perhaps the best: Enough security should be in place to protect the IT person when the user finds a way to cause a problem.


For those who want to tie telecommuting security to a truly depressing topic, read this piece at bMighty. Flu disables and kills a certain amount of people annually; the story points out that we are due for a catastrophic pandemic that will greatly raise those figures. In such an atmosphere, it is logical that folks will want to stay home. The writer posses a number of questions, most of which are applicable to all telecommuting scenarios. The question is whether IT is ready for a scenario in which the number of telecommuters mushrooms in a short amount of time.


The view from within the government is mixed. A survey of 35 of the 117 federal chief information security officers reveal concern about telework security. More than half, FCW reports, say that securing data on mobile devices is their top priority. They are worrried that teleworkers lack the right training and technology -- especially those who work at home informally (in the evening and weekends, for instance) and therefore aren't put through their agency's telework.


Most apparently think it is a human problem: More than 80 percent responded that the technology their agency has in place is sufficient to meet the government's guidelines. Seventy-four percent said all employees should get mobile data security training -- even if they do not telework.