Telecommuting Poses Security, Privacy Risks

Survey Details

The survey, which encompassed organizations in the United States, Canada and Europe, sought to differentiate between employees who work full-time from home and those who occasionally telecommute.

Ten industries were identified, with financial services and healthcare representing 40% of the respondents. The remainder included business and professional services, manufacturing, retail, telecommunications, hospitality, and a "miscellaneous" category for those not fitting neatly into the defined industries.

Among some organizations that responded to the survey, "nearly all employees are occasional telecommuters" and "many respondents found it difficult to estimate the number of their full-time and occasional telecommuters -- an interesting finding on its own," according to the report.

The number of full-time telecommuters, however, is significantly smaller than the number of occasional telecommuters, the study concluded.

"While occasional telecommuters exist at each of the responding organizations, 46 of the 73 respondents employ full-time telecommuters," the report states.

As far as securing hardware, the report states that 85% of organizations indicated they implement at least one of five methods for protecting hardware assets: failed-logon lockout settings on computers, privacy screens, security cables for locking down computers, periodic audits of telecommuters' physical working environments and a "clean-desk policy for telecommuters."

About 20% of the organizations said they conduct periodic inspections of telecommuter remote-work environments, with the frequency rate higher among organizations with greater numbers of telecommuters.

The study noted that stronger security controls, such as biometric authentication and thin-client terminals, have yet to take hold in the telecommuting environment.

"On a more positive note, the use of encryption, while not yet prevalent, is common on hard drives, in securing network connections and even in protecting e-mail messages," the report states.

When it comes to portable devices, wireless networks and Internet downloads, however, the survey found security practices were "often lacking and could lead to the compromise of the personal information that employees handle at home."

More than 70% of the organizations participating in the survey responded that they do some monitoring of telecommuters, most commonly by network monitoring or telecommuter e-mail and Internet use, the report states.

"Based on the results of this survey, many organizations today are not effectively managing the risks to personal information presented by the telecommuting workforce," the report concludes, adding, "Work-from-home arrangements are the next frontier for many companies, and the challenges they pose to privacy and security should be approached with appropriate rigor and resources."