The increasing availability of remote access to systems via the Internet means it is easier than ever for employees to work from home. However, it can also expose new security and privacy risks for organizations.
Telecommuting doesn't inherently pose more risk than office-based work, but it poses different risks that need to be recognized. Recent studies on telecommunicating practices have identified several key weaknesses:
- Many organizations do not have formalized employee training programs for telecommuting.
- The majority of telecommuters generate paper records with business-critical and personal sensitive information, but a minority have facilities for safeguarding such information.
- Most organizations do not provide paper-shredding capabilities for their telecommuters and have not developed effective policies on information disposal outside the office.
Don’t get me wrong, telecommuting is a viable and growing strategy with many positive implications for both a company and its employees. Businesses can reduce office costs by creating a network of virtual office locations. Telecommuting can also help retain your best talent, as it helps to overcome location and traditional commuting challenges.
Many employees also cherish the work-from-home concept, even if it is not an everyday arrangement. Telecommuting allows employees to achieve a greater work/life balance, resulting in increased productivity and job satisfaction, increased company loyalty, and lower turnover.
Given the clear benefits of telecommuting, whether it is the occasional day spent working outside the office, extensive time on the road, or working primarily from home, these few do’s and don’ts help reduce telecommuting’s security risks:
- Do be aware of careless use of wi-fi and unsecured networks. Most people don't realize that hackers sit on these networks, or even set up their own, and put sniffers on them to capture sensitive information.
- Don’t allow employee’s friends and family to use work-issued devices. Allowing kids to install games and access social networks opens the door to potential worms and security breaches of data stored on a company-issued computer.
- Don’t alter security settings that have been established by the company’s IT department. IT settings may sometimes be viewed as overly strict, but if done properly, they can ensure adequate protection against web-based attacks.
- Do take care not to leave a work-issued device in an unsecured location. How often do we hear about lost laptops and smartphones? It is important that employees are not careless with company-issued devices. To be on the safe side, ensure that encryption tools are applied to such devices to guard against unauthorized access.
We will continue to see more and more telecommuting because it can make a lot of sense for both employers and employees. Having a well-thought plan reinforced with proper IT tools, policies, and procedures can go a long way in reducing the risks involved with these telecommuting arrangements.
Sassan S. Hejazi can be reached at Email or 215.441.4600.