Federal data still vulnerable a year after VA laptop theft

A year after a laptop computer was stolen from the home of a Veterans Affairs Department employee, federal systems are still vulnerable, according to a study released today.

A Telework Exchange survey of 258 federal employees found that 13 percent don’t have encryption on their newly issued laptop PCs, compared with 11 percent in June 2006 — before VA announced that the stolen laptop contained information on about 26.5 million people.

Sixty-five percent of the workers in the study said their agencies reinforced security policies after the VA incident, although fewer than half reported that their agencies provided them with additional training (48 percent) or updated encryption and other protection technologies (47 percent). Moreover, 16 percent said their agencies didn’t react at all to the incident.

The survey also revealed that although those who telework and those who don’t have about the same awareness of their agencies’ security policies — 97 percent compared to 96 percent, respectively — teleworkers are more likely to have received training on data security, have encryption on their laptops and have antivirus protection on their work PCs.

According to researchers, nonteleworkers are the Achilles heel of federal data security. Fifty-four percent of them said they carry files home and 41 percent reported that they log onto their agency’s network from home.

These unofficial teleworkers are removing data from the office and working remotely in unauthorized locations, and therefore constitute a major risk in data security, researchers concluded.

Nonteleworkers represented 52 percent of the respondents in the survey, teleworkers 48 percent.

Researchers recommended that agencies audit and assess unofficial teleworkers; implement and update policies, training, and technology to reinforce data security policies; and make sure that all laptop and desktop PCs, regardless of whether the user is a teleworker or nonteleworker, have data encryption and security protection.

The survey, conducted last month, was underwritten by Utimaco, a data security firm.

Featured

  • Cybersecurity
    CISA chief Chris Krebs disusses the future of the agency at Auburn University Aug. 22 2019

    Shared services and the future of CISA

    Chris Krebs, the head of the Cybersecurity and Infrastructure Security Agency at DHS, said that many federal agencies will be outsourcing cyber to a shared service provider in the future.

  • Telecom
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA softens line on looming EIS due date

    Think of the September deadline for agencies to award contracts under the General Services Administration's $50-billion telecommunications contract as a "yellow light," said GSA's telecom services director.

  • Defense
    Shutterstock photo id 669226093 By Gorodenkoff

    IC looks to stand up a new enterprise IT program office

    The intelligence community wants to stand up a new program executive office to help develop new IT capabilities.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.