Security is telework's weakest link

Lawmakers and federal officials focus on raising teleworkers' security awareness

Increased security training has gained new importance as lawmakers and telework advocates prepare to push legislation this fall to expand federal telework programs.

A lack of data security training tops the list of the most serious security threats caused by employees who work from home, according to a recent survey of 35 chief information security officers. The Telework Exchange, a for-profit group that promotes the expansion of federal teleworking, conducted the survey with support from Hewlett-Packard.

'Any time that sensitive data is used remotely, there is a concern that users may fail to protect it properly,' said Patrick Howard, CISO at the Housing and Urban Development Department. Howard was not among the CISOs polled.

'Part of my job is to make sure teleworkers know that the need for them to employ good security practices is heightened when they telework and access sensitive data remotely,' Howard said.

Legislation in the House and Senate to expand federal telework would require agencies to incorporate training, including security practices, into their new-employee orientation programs. The House measure, which lawmakers approved Aug. 4 as part of an energy-efficiency bill, would require all federal managers and new teleworkers to receive such training.

Unlike the Senate measure, which would include judicial and legislative branch employees, the House bill would apply only to executive branch workers.

No uniform requirement for telework training exists. The Office of Personnel Management and the General Services Administration run, where federal employees and managers can enroll in courses and receive guidance on telework. Agencies are using expanded training for employees and managers as a primary tool for overcoming barriers to telework, OPM officials say.

Sponsors of the telework legislation also say telework and related security training cannot be ignored. 'The success of telework policies, like any workplace policy, will depend heavily on the training of managers and employees,' said Rep. John Sarbanes (D-Md.), a sponsor of the House measure. 'My amendment requires that each agency develop a plan for telework training as part of its overall telework policy, which will be assessed annually by the Government Accountability Office.'

Under the House and Senate measures, agencies would offer their own training programs, but both bills would transfer much of the oversight of telework policies from OPM to GAO.

In the Telework Exchange survey, 94 percent of CISOs said they do not think official telework programs, which often require some employee and manager training, pose a data security threat. However, they did say that unsanctioned telework is risky.

Howard said official telework programs can also be risky if employees are unaware of security risks. Earlier this year, an approved teleworker at the Transportation Department inadvertently shared government files while working on a home computer on which her teenage daughter had downloaded peer-to-peer file-sharing software.

As part of a strategy to prevent future incidents, DOT is developing a telework-specific security course that will focus on the risks of using home PCs, Daniel Mintz, the department's chief information officer, said in congressional testimony in July.

Calls for expanded telework training have increased as agencies face pressure from White House officials to improve their disaster preparedness and continuity-of-operations plans. OPM officials have urged agencies to integrate telework into their COOP plans, but only 35 percent of federal agencies have done so, according to a recent OPM report to Congress.

About the Author

Ben Bain is a reporter for Federal Computer Week.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.


  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group