More than half of US government employees unofficially work at home on nights or weekends, raising concerns about the security of the data they're working on, according to a study.
Fifty-eight percent of government employees work from home without permission, according a survey by the Telework Exchange, a US-based group that advocates for more telecommuting opportunities. One year after the US Department of Veterans Affairs announced that a laptop and hard drive were stolen from an employee's home many US agencies still lack plans for dealing with teleworking employees, the survey suggests.
Fifty-four percent of these unofficial teleworkers carry files home, according to the survey.
The major problem is that US agencies don't seem to be keeping up with the trend toward mobile computing
The VA hardware, later recovered, contained the personal information of 26.5 million US military veterans and family members. Even after the breach, 13 percent of US agencies do not put encryption on new laptops issued, compared to 11 percent that did not include encryption before the VA breach, according to the survey.
Less than half of agencies updated their encryption and protection technologies and less than half provided security training to employees after the VA breach, the survey said. Sixteen percent of agencies did not react at all, the survey said.
"It's kind of alarming ... that people still are not doing everything they can do to protect their mobile devices," said Joshua Wolfe, director of federal sales for Utimaco Safeware AG, a cybersecurity vendor that underwrote the survey. "You've got a lot of unofficial teleworkers out there who are taking information out of the agency and working from home on unsecured computers."
Teleworking itself isn't the problem, Wolfe said. US government workers who have permission to telework generally have more security training and more security tools on their work computers than those unofficial teleworkers.
For example, 94 percent of survey respondents who are official teleworkers said they have antivirus software on their work computers. Only 75 percent of respondents who don't officially telework said they had antivirus software on their work computers. Sixty-seven percent of teleworkers said they had encryption on their work computers, while only 60 percent of non-teleworkers said they did.
The major problem is that US agencies don't seem to be keeping up with the trend toward mobile computing, Wolfe said.
"Over the past year, more and more people have been given mobile devices," he said. "At the same time, [they] have not been given the tools from a policy perspective."
Utimaco and the Telework Exchange recommended that US agencies determine how many of their employees are unofficially teleworking. All employees, not just teleworkers, should receive cybersecurity training, and agencies should use encryption and other data security protections on all desktops and laptops, they recommended.
The Telework Exchange conducted the survey of 258 US agency employees in May 2007. The survey has a margin of error of 6.1 percent.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.