While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
Federal systems chiefs who worry about whether or not their agency’s official teleworking population represents a security hazard can take a breath. Instead, they should start losing sleep over “unofficial” teleworkers — those employees who pack up documents and notebook computers and work at home at night and on weekends.
A survey of 258 federal teleworkers and nonteleworkers released this summer by the Telework Exchange found that employees who work full time at the office but log extra hours at home are less aware than official teleworkers are of their agencies’ security policies. They also have less training in data security, are more likely to carry files home and are less likely to have encryption and antivirus protection on their computers (both desktop and portable systems).
The report notes that of nonteleworkers who take work home, 63 percent use their own PCs to do official government work and 41 percent log on to their agencies’ networks from home. These often invisible, nonofficial teleworkers represent the “Achilles heel” of data security, the report says.
The report recommends four steps agencies should take to close security gaps created by these “home warriors”:
These recommendations echo some of the administration’s requirements for protecting sensitive information issued last summer. But the survey results suggest that the Office of Management and Budget’s policies may not be seeping down to individual users. The OMB M-06-16 memorandum recommends that agencies take the following actions:
Given the survey findings, Cindy Auten, general manager of Telework Exchange, says official teleworkers, by contrast, are a “model of effective security training and behavior. The rest of the agency really needs to know as much about updated agency policies and have as much training as this community does.”
Auten also notes that the need for vigilance is growing because mobile computing is on the rise. Of the 258 respondents to the survey, 41 percent use notebook computers. Of these portable users, 45 percent say they made the switch from desktop to notebook systems within the last year.