Telework security a challenge for federal agencies

Fifty eight percent of government employees work from home without permission according to a survey released by Telework Exchange, a public-private partnership that supports telework. These unofficial teleworkers are much less likely to be security-conscious than teleworking employees, Computerworld.com reports.

And more than half of those surveyed in May, nearly a year after a laptop containing information about 26.5 million Americans was stolen from the home of a Department of Veterans Affairs worker, said their agencies didn’t provide security training or update encryption or protection technology in response to the data breach.

“It’s kind of alarming...that people still are not doing everything they can do to protect their mobile devices,” said Joshua Wolfe, of Utimaco Safeware, a cybersecurity vendor that underwrote the survey. “You’ve got a lot of unofficial teleworkers out there who are taking information out of the agency and working from home on unsecured computers.”

Agencies should encrypt all computer devices, figure out who works at home and train them how to protect information, Telework Exchange recommends. “There should be one security policy for everyone across the agency — teleworker, non-teleworker and unofficial teleworker,” Wolfe said, the Federal Times reports.

One government agency that has made progress in the last year is the Defense Information Systems Agency (DISA), which has identified 2,500 positions, or 50 percent of its work forced as eligible for telework, The Teleworker reports. Telework opportunities facilitated relocation of DISA facilities from Arlington, Virginia to Ft. Meade, Maryland last year when base closing were ordered.

Most DISA employees who telework do so for two days a week, according to Jack Penoske, Director of Manpower, Personnel and Security. Each worker is issued a laptop with a docking station, and DISA pays half of the broadband costs. Not all employees work from home. Some DISA personnel can work from a Federal Telework Center or another DISA location.

The Internal Revenue Service (IRS), on the other hand, which last year relied on teleworkers working from Federal Telework centers or from home after the agency’s headquarters was flooded, needs to make greater efforts to address laptop security, according to the Treasury Inspector General for Tax Administration (TIGTA). A TIGTA study of the IRS laptop security published in March is entitled “The Internal Revenue Service Is Not Adequately Protecting Taxpayer Data on Laptop Computers and Other Portable Electronic Media Devices.” In the highlight statement issued with the report, TIGTA says “the risk of loss is particularly high because IRS employees are allowed to take electronic taxpayer data outside of the office for business purposes and the IRS has over 47,000 portable laptop computers assigned to its employees.”

Additional highlights included the finding that since 2003 “hundreds of IRS laptop computers and other computer devices had been lost or stolen. While TIGTA determined 176 incidents likely did not involve any loss of taxpayer data, but 126 incidents involved the loss of personal information for at least 2,359 individuals.

A separate test by TIGTA of 100 laptop computers currently in use by employees determined 44 laptop computers contained unencrypted sensitive data, including taxpayer data and employee personnel data. Also, backup tapes were not encrypted and adequately protected at non-IRS offsite locations reviewed.

The IRS has agreed to implement most of the TIGTA’s recommendations. The study is published on TIGTA’s Web site at http://www.treas.gov/tigta/auditreports/2007reports/200720048fr.pdf.

TIGTA’s own telework program focuses on three major areas: infrastructure, devices and policy, according to Ben Trapp, Assistant Director for Client Services, The Teleworker reports, but it all begins with a policy framework, defining specific authorized users, devices and connections. TIGTA teleworkers access the agency networks using a Virtual Private Network VPN, and data flowing from the networks is encrypted. The user can access only one network at a time.

TIGTA teleworkers must use TIGTA-issued equipment which comes pre-programmed with firewalls, antivirus, and antispyware packages.

You may like these other stories...

Event Date: May 29, 2014 In this presentation Excel expert David Ringstrom, CPA brings you up to speed on the Excel feature you should be using, but probably aren't. The Table feature offers the ability to both...
No field likes its buzzwords more than technology, and one of today's leading terms is "the cloud." But it's not just a matter of knowing what's fashionable. Accounting professionals who know how to use...
There is a growing trend of accountants moving away from traditional compliance work to more advisory work. Client demand is there, but it is up to the accountants to capitalize on that. What should accountants' roles be...

Upcoming CPE Webinars

Apr 22
Is everyone at your organization meeting your client service expectations? Let client service expert, Kristen Rampe, CPA help you establish a reputation of top-tier service in every facet of your firm during this one hour webinar.
Apr 24
In this session Excel expert David Ringstrom, CPA introduces you to a powerful but underutilized macro feature in Excel.
Apr 25
This material focuses on the principles of accounting for non-profit organizations' revenues. It will include discussions of revenue recognition for cash and non-cash contributions as well as other revenues commonly received by non-profit organizations.
Apr 30
During the second session of a four-part series on Individual Leadership, the focus will be on time management- a critical success factor for effective leadership. Each person has 24 hours of time to spend each day; the key is making wise investments and knowing what investments yield the greatest return.