|
In a September 15 letter, telework’s strongest proponent in Congress, Rep. Frank Wolf (R-Vir.), implored President Bush to embrace telework as a workplace priority for both the public and private sectors to improve continuity of operations in the event that a disaster – whether natural or man-made – “strikes our country.” As cases in point, September 11, the anthrax scare and the recent hurricanes impeded business operations and national security efforts alike. Before taking this plea to the top, Wolf first spearheaded legislation within Congress that would require various government agencies to allow eligible employees to telework, or risk losing millions of dollars in funding.
Unfortunately, while agencies are beginning to comply with these initiatives, fear of decreased productivity and data security breaches are still strong barriers to implementing telework programs that go beyond bare minimum requirements. While studies have actually shown increased productivity by teleworkers, the risk of data being compromised by non-secure computer networks in a teleworker’s home office is still daunting.
As we’ve discussed in previous columns, “The 2005 Computer Crime and Security Survey,” conducted by the Computer Security Institute and the FBI, showed that large corporations and government agencies acknowledged more than $130 million in financial losses due to computer breaches, much of which come from seemingly trusted insiders. While your office may have security measures in place, your home -- or that of your employee -- may not.
While the fear is realistic, it can easily be put at ease. To lessen the chance of having your data compromised from a teleworker’s computer, while at the same time enabling effective communication, implement a telework policy within your organization. This policy should include technology tools that provide stringent security standards to ensure your organization’s information is not compromised from a teleworker’s computer.
Create a Telework Policy to Ensure Data Security
Effective communication is at the heart of any successful telework program, whereby all employees know the program’s guidelines and expectations. The telework policy should define program parameters, including which positions are best suited for telework and what technology and equipment need to be in place to ensure efficient collaboration and security of data. Additionally, the policy should include necessary forms or documentation, including a telework contract/agreement.
Below is an outline of the most important elements for a telework plan:
General policy statement with program definitions
Program goals and objectives
Explanation of the process for program participation
Review of program benefits
Identification of positions or aspects of positions that are appropriate or not appropriate for a telework arrangement
Review of time, pay and attendance issues
Sample agreement to be completed by the employee and supervisor
Checklist of technology and equipment needs
Let’s focus primarily on the last bullet point: the checklist of technology and equipment needs. Before launching a telework program, an organization should determine teleworkers’ technology needs to allow them to be just as efficient working remotely as they would be in the main office; furthermore, the data that the teleworker is communicating or storing needs to be safeguarded.
The inherent technology needs for a teleworker include the following:
Computer
Internet connectivity (high-speed broadband is best)
E-mail program
Telephone
Fax machine
Collaboration software
In looking at these necessities, few allow for quality interaction between an employer and teleworker, and they do not address the “myths” or concerns that managers have when considering telework programs. While e-mail is still an effective, easy and paperless way to communicate, organizations need to understand the threats to security when relying solely on e-mail for communications. For teleworking purposes, an e-mail system should be fully encrypted to avoid security breaches.
Additionally, it is helpful to have a junk e-mail folder and virus-detection program to protect a teleworker’s system against any potential e-mail viruses. Highly confidential information, such as financials, salary data, strategic plans or budgets, should not be transmitted via unprotected e-mail methods. Opt instead for an encrypted method of sharing and storing sensitive information.
Fortunately, there is collaboration software available that enables managers to feel more in control of their teleworkers, help the teleworkers actually be more productive, and ensure that the data being communicated and stored is secure at all times.
Consider Collaboration
By equipping each teleworker and non-teleworker with high-speed Internet connection, a Web camera, headset and collaboration software, managers can get in touch with teleworkers at all times; and, in return, teleworkers can contact managers, employees, vendors and clients. To be most effective, a collaboration program should include such features as real-time video, telephone-quality audio and presence detection to allow better interaction between the main office and teleworkers. Most important, it needs to offer the highest levels of encryption possible for all communications features.
In addition to asking whether the collaboration solution offers the features that teleworkers require to work effectively from home in one integrated package, consider the following security-related questions to help select a collaboration tool:
1. Will the solution maintain total privacy and confidentiality of video, audio and data both transmitted and stored?
2. Does the system use end-to-end encryption methods, such as Advanced Encryption Standard (AES)?
3. How does the provider protect the data and where is it stored?
4. Does it include lock-tight password protection?
5. Does the system operate through firewalls? This is critical when it is important to communicate with external audiences.
6. Is security included in the overall price of the solution, or is it an add-on cost?
A collaboration software program provides organizations with a cost-effective method for transferring important files over a secure channel. While most products have security as an add-on, others build strong security architecture within the tool to provide better protection. All components of a collaboration tool -- including audio, video, data and files -- should be protected with the strongest levels of encryption.
Other Security Necessities
Perhaps the most effective way to protect sensitive files is by having control stay in your hands. Any form of communication, and specifically a collaboration tool, should provide the manager with the control to grant employees access to certain information. A collaboration product should let you designate which of your employees has access and to what files, and it should handle details surrounding need-to-know and right-to-know permissions.
Also, consider ways to secure both the network and the application being used for communication. This is especially important for teleworkers who use a wireless network, as the security implications with a Wi-Fi network are still being discovered and the vulnerabilities are endless. With two security layers, if your network is breached and you have a secure application, the hacker can only get access to encrypted files, which prevents the hacker from reaching any sensitive information.
Enabling employees to work from home is vital for business continuity and national security, and just as critical for air quality, employee productivity and retention. Having a telework policy in place that outlines management and security requirements will foster a successful program that reaps all the benefits of teleworking, while still protecting sensitive organization data.
About the Author
Ronald I. Koenig is the president and Chief Executive Officer of VIACK Corp. He has more than 40 years of software design, development, sales and senior management expertise.
Go Back
|
