Security is telework's weakest link

Lawmakers and federal officials focus on raising teleworkers' security awareness

Increased security training has gained new importance as lawmakers and telework advocates prepare to push legislation this fall to expand federal telework programs.

A lack of data security training tops the list of the most serious security threats caused by employees who work from home, according to a recent survey of 35 chief information security officers. The Telework Exchange, a for-profit group that promotes the expansion of federal teleworking, conducted the survey with support from Hewlett-Packard.

'Any time that sensitive data is used remotely, there is a concern that users may fail to protect it properly,' said Patrick Howard, CISO at the Housing and Urban Development Department. Howard was not among the CISOs polled.

'Part of my job is to make sure teleworkers know that the need for them to employ good security practices is heightened when they telework and access sensitive data remotely,' Howard said.

Legislation in the House and Senate to expand federal telework would require agencies to incorporate training, including security practices, into their new-employee orientation programs. The House measure, which lawmakers approved Aug. 4 as part of an energy-efficiency bill, would require all federal managers and new teleworkers to receive such training.

Unlike the Senate measure, which would include judicial and legislative branch employees, the House bill would apply only to executive branch workers.

No uniform requirement for telework training exists. The Office of Personnel Management and the General Services Administration run www.telework.gov, where federal employees and managers can enroll in courses and receive guidance on telework. Agencies are using expanded training for employees and managers as a primary tool for overcoming barriers to telework, OPM officials say.

Sponsors of the telework legislation also say telework and related security training cannot be ignored. 'The success of telework policies, like any workplace policy, will depend heavily on the training of managers and employees,' said Rep. John Sarbanes (D-Md.), a sponsor of the House measure. 'My amendment requires that each agency develop a plan for telework training as part of its overall telework policy, which will be assessed annually by the Government Accountability Office.'

Under the House and Senate measures, agencies would offer their own training programs, but both bills would transfer much of the oversight of telework policies from OPM to GAO.

In the Telework Exchange survey, 94 percent of CISOs said they do not think official telework programs, which often require some employee and manager training, pose a data security threat. However, they did say that unsanctioned telework is risky.

Howard said official telework programs can also be risky if employees are unaware of security risks. Earlier this year, an approved teleworker at the Transportation Department inadvertently shared government files while working on a home computer on which her teenage daughter had downloaded peer-to-peer file-sharing software.

As part of a strategy to prevent future incidents, DOT is developing a telework-specific security course that will focus on the risks of using home PCs, Daniel Mintz, the department's chief information officer, said in congressional testimony in July.

Calls for expanded telework training have increased as agencies face pressure from White House officials to improve their disaster preparedness and continuity-of-operations plans. OPM officials have urged agencies to integrate telework into their COOP plans, but only 35 percent of federal agencies have done so, according to a recent OPM report to Congress.

About the Author

Ben Bain is a reporter for Federal Computer Week.

Featured

  • Cybersecurity
    Shutterstock photo id 669226093 By Gorodenkoff

    The disinformation game

    The federal government is poised to bring new tools and strategies to bear in the fight against foreign-backed online disinformation campaigns, but how and when they choose to act could have ramifications on the U.S. political ecosystem.

  • FCW PERSPECTIVES
    sensor network (agsandrew/Shutterstock.com)

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.