Telework security a challenge for federal agencies

Fifty eight percent of government employees work from home without permission according to a survey released by Telework Exchange, a public-private partnership that supports telework. These unofficial teleworkers are much less likely to be security-conscious than teleworking employees, Computerworld.com reports.

And more than half of those surveyed in May, nearly a year after a laptop containing information about 26.5 million Americans was stolen from the home of a Department of Veterans Affairs worker, said their agencies didn’t provide security training or update encryption or protection technology in response to the data breach.

“It’s kind of alarming...that people still are not doing everything they can do to protect their mobile devices,” said Joshua Wolfe, of Utimaco Safeware, a cybersecurity vendor that underwrote the survey. “You’ve got a lot of unofficial teleworkers out there who are taking information out of the agency and working from home on unsecured computers.”

Agencies should encrypt all computer devices, figure out who works at home and train them how to protect information, Telework Exchange recommends. “There should be one security policy for everyone across the agency — teleworker, non-teleworker and unofficial teleworker,” Wolfe said, the Federal Times reports.

One government agency that has made progress in the last year is the Defense Information Systems Agency (DISA), which has identified 2,500 positions, or 50 percent of its work forced as eligible for telework, The Teleworker reports. Telework opportunities facilitated relocation of DISA facilities from Arlington, Virginia to Ft. Meade, Maryland last year when base closing were ordered.

Most DISA employees who telework do so for two days a week, according to Jack Penoske, Director of Manpower, Personnel and Security. Each worker is issued a laptop with a docking station, and DISA pays half of the broadband costs. Not all employees work from home. Some DISA personnel can work from a Federal Telework Center or another DISA location.

The Internal Revenue Service (IRS), on the other hand, which last year relied on teleworkers working from Federal Telework centers or from home after the agency’s headquarters was flooded, needs to make greater efforts to address laptop security, according to the Treasury Inspector General for Tax Administration (TIGTA). A TIGTA study of the IRS laptop security published in March is entitled “The Internal Revenue Service Is Not Adequately Protecting Taxpayer Data on Laptop Computers and Other Portable Electronic Media Devices.” In the highlight statement issued with the report, TIGTA says “the risk of loss is particularly high because IRS employees are allowed to take electronic taxpayer data outside of the office for business purposes and the IRS has over 47,000 portable laptop computers assigned to its employees.”

Additional highlights included the finding that since 2003 “hundreds of IRS laptop computers and other computer devices had been lost or stolen. While TIGTA determined 176 incidents likely did not involve any loss of taxpayer data, but 126 incidents involved the loss of personal information for at least 2,359 individuals.

A separate test by TIGTA of 100 laptop computers currently in use by employees determined 44 laptop computers contained unencrypted sensitive data, including taxpayer data and employee personnel data. Also, backup tapes were not encrypted and adequately protected at non-IRS offsite locations reviewed.

The IRS has agreed to implement most of the TIGTA’s recommendations. The study is published on TIGTA’s Web site at http://www.treas.gov/tigta/auditreports/2007reports/200720048fr.pdf.

TIGTA’s own telework program focuses on three major areas: infrastructure, devices and policy, according to Ben Trapp, Assistant Director for Client Services, The Teleworker reports, but it all begins with a policy framework, defining specific authorized users, devices and connections. TIGTA teleworkers access the agency networks using a Virtual Private Network VPN, and data flowing from the networks is encrypted. The user can access only one network at a time.

TIGTA teleworkers must use TIGTA-issued equipment which comes pre-programmed with firewalls, antivirus, and antispyware packages.

You may like these other stories...

More and more businesses are adopting the cloud in order to take advantage of benefits such as greater efficiency, increased productivity and lower costs. Companies in general are flocking to the cloud for email hosting,...
A great way to increase business for your accounting firm is to remain at the front of your clients' minds all throughout the year. One of the best ways to do that is through an email newsletter. Perhaps you send out a...
Cybersecurity is no longer the domain of an organization's IT staff. It's moved to the boardroom, and in a big way. Accountants and financial managers may have been thinking it's just the province of the tech...

Already a member? log in here.

Upcoming CPE Webinars

Oct 9In this jam-packed presentation Excel expert David Ringstrom, CPA will give you a crash-course in creating spreadsheet-based dashboards.
Oct 15This webinar presents the requirements of AU-C 600, Audits of Group Financial Statements (Including the Work of Component Auditors).
Oct 21Kristen Rampe will share how to speak and write more effectively by understanding your own and your audience’s communication style.
Oct 23Amber Setter will show the value of leadership assessments as tools for individual and organizational leadership development initiatives.