Telework security a challenge for federal agencies

Fifty eight percent of government employees work from home without permission according to a survey released by Telework Exchange, a public-private partnership that supports telework. These unofficial teleworkers are much less likely to be security-conscious than teleworking employees, reports.

And more than half of those surveyed in May, nearly a year after a laptop containing information about 26.5 million Americans was stolen from the home of a Department of Veterans Affairs worker, said their agencies didn’t provide security training or update encryption or protection technology in response to the data breach.

“It’s kind of alarming...that people still are not doing everything they can do to protect their mobile devices,” said Joshua Wolfe, of Utimaco Safeware, a cybersecurity vendor that underwrote the survey. “You’ve got a lot of unofficial teleworkers out there who are taking information out of the agency and working from home on unsecured computers.”

Agencies should encrypt all computer devices, figure out who works at home and train them how to protect information, Telework Exchange recommends. “There should be one security policy for everyone across the agency — teleworker, non-teleworker and unofficial teleworker,” Wolfe said, the Federal Times reports.

One government agency that has made progress in the last year is the Defense Information Systems Agency (DISA), which has identified 2,500 positions, or 50 percent of its work forced as eligible for telework, The Teleworker reports. Telework opportunities facilitated relocation of DISA facilities from Arlington, Virginia to Ft. Meade, Maryland last year when base closing were ordered.

Most DISA employees who telework do so for two days a week, according to Jack Penoske, Director of Manpower, Personnel and Security. Each worker is issued a laptop with a docking station, and DISA pays half of the broadband costs. Not all employees work from home. Some DISA personnel can work from a Federal Telework Center or another DISA location.

The Internal Revenue Service (IRS), on the other hand, which last year relied on teleworkers working from Federal Telework centers or from home after the agency’s headquarters was flooded, needs to make greater efforts to address laptop security, according to the Treasury Inspector General for Tax Administration (TIGTA). A TIGTA study of the IRS laptop security published in March is entitled “The Internal Revenue Service Is Not Adequately Protecting Taxpayer Data on Laptop Computers and Other Portable Electronic Media Devices.” In the highlight statement issued with the report, TIGTA says “the risk of loss is particularly high because IRS employees are allowed to take electronic taxpayer data outside of the office for business purposes and the IRS has over 47,000 portable laptop computers assigned to its employees.”

Additional highlights included the finding that since 2003 “hundreds of IRS laptop computers and other computer devices had been lost or stolen. While TIGTA determined 176 incidents likely did not involve any loss of taxpayer data, but 126 incidents involved the loss of personal information for at least 2,359 individuals.

A separate test by TIGTA of 100 laptop computers currently in use by employees determined 44 laptop computers contained unencrypted sensitive data, including taxpayer data and employee personnel data. Also, backup tapes were not encrypted and adequately protected at non-IRS offsite locations reviewed.

The IRS has agreed to implement most of the TIGTA’s recommendations. The study is published on TIGTA’s Web site at

TIGTA’s own telework program focuses on three major areas: infrastructure, devices and policy, according to Ben Trapp, Assistant Director for Client Services, The Teleworker reports, but it all begins with a policy framework, defining specific authorized users, devices and connections. TIGTA teleworkers access the agency networks using a Virtual Private Network VPN, and data flowing from the networks is encrypted. The user can access only one network at a time.

TIGTA teleworkers must use TIGTA-issued equipment which comes pre-programmed with firewalls, antivirus, and antispyware packages.

You may like these other stories...

You probably don't want to think about how many times you access the File menu in Excel 2010 or 2013. Personally I think Excel 2010 has the best possible File menu arrangement, other than having Print Preview grafted...
Following other recent high-profile hacking events, investigators discovered yesterday that hackers broke into the draft work paper files of several famous CPA firms. Revealing images of the scantily clad documents have been...
For bitcoin users, the taxman cometh. And you best know how to calculate taxes owed on what the IRS calls convertible virtual currency.In March 2014, the IRS issued Notice 2014-21, which declares virtual currency will be...

Already a member? log in here.

Upcoming CPE Webinars

Sep 24
In this jam-packed presentation Excel expert David Ringstrom, CPA will give you a crash-course in creating spreadsheet-based dashboards. A dashboard condenses large amounts of data into a compact space, yet enables the end user to easily drill down into details when warranted.
Sep 30
This webcast will include discussions of important issues in SSARS No. 19 and the current status of proposed changes by the Accounting and Review Services Committee in these statements.
Oct 21
Kristen Rampe will share how to speak and write more effectively by understanding your own and your audience's communication style.
Oct 23
Amber Setter will show the value of leadership assessments as tools for individual and organizational leadership development initiatives.