No Telecommuting Policy Leaves IT Vulnerable
Yesterday I asked readers how they support telecommuting on the job with two polls--one for business managers and another for IT pros (results below). The most surprising response is that 32 percent of IT managers said they either have no telecommuting policy or provide support but let users pick their own tools--and 45 percent of business managers said the same. Granted, in 24 hours there were just 20 replies to each poll, so the results are more anecdotal than scientific.
However, with no set policies or guidance for users, organizations risk security holes both in their internal networks and among the user groups working on projects from afar.
This is an issue much like buying insurance, but with a lower cost. Simply developing a telecommuting policy with basics--such as not sharing passwords or accounts, ensuring that passwords can't be easily guessed, and making sure that data is encrypted--is easy to do. The potential risks are great, depending on the type of data lost--and can lead to losing competitive advantages, suffering financial penalties, and enduring lawsuits. A security policy for teleworkers doesn’t need to be complex or all-encompassing; users will probably best remember a one-page sheet covering the basics. It's better to spend a few minutes on a policy than waste untold time on the potential fallout.