Understanding and Addressing the Privacy and Security risks associated with Telework
Privacy and Security Risks
As with any new telecommunications service, there are privacy and security risks associated with implementing telework in your business. Although telework does not necessarily pose more risks than office based work, it does present different kinds of risks that need to be addressed, such as:
- Unsecured communication networks
- Mobile devices not locked or secured
- Software viruses.
- Unsecured communication networks
We now explain these risks and, in a later section, provide privacy and security solutions to address them
Unsecured communication networks
The need for secure communication when teleworking can often be overlooked due to cost and complexity but if not addressed, fraud and, data theft, tampering or corruption can result. Accessing business data from unsecured personal/home computers or unsecured public networks, including public Wi-Fi hot spots, can significantly compromise privacy and security.
Personal devices including laptops and smart phones as well as storage devices such as USB sticks and external hard drives when left unsecured at home, in cars or in other unsecure locations can pose a major risk to sensitive business information.
Also, while in the short term employees using their own devices (BYOD) will save your business money, the devices have the potential to leave your business vulnerable to attacks from viruses or malware. Whether the teleworker is using a device supplied by the organisation or by an employee it is best to ensure that it has a retrieval and locking system activated. See also our learning module (Part 3) on telework technologies.
Software that includes viruses, spyware or other forms of 'malware' can be acquired from many sources, and even those that appear quite safe. Malware can attack or exploit a computer, or mobile device, resulting in the loss of data and possibly unauthorised access from external parties. In some cases there can be a significant impact on the cost of broadband if the malware uses a large amount of data. It is important to ensure that employees have good anti-virus software installed and that it is kept up to date and working. Something as simple as a virus infected email can result in unauthorised access to a corporate network and the compromising of business information. There can also be increases in costs.
Privacy and Security Solutions
It is important to work on the assumption that there is a high risk you will lose data at some time and make plans in advance to ensure its integrity and recovery. Being aware of what privacy and security risks there are and learning what solutions are available can ensure the least possible damage. In order to combat these risks, it is essential for your organisation to have:
• Formal Security Policies and Training
• Secure Access
Secure Hardware Policies and Training
It is essential to provide formal telecommuting security policies and put them into practice to protect the employee and the business' data. Developing guidelines for teleworking can really help your business stay protected. It is prudent to include in the policy acceptable use guidelines for downloading personal data (apps, photos, music, videos etc). Also, a good way to avoid the problems of security breach is to prohibit the use of free Wi-Fi hotspots which, although convenient for the teleworker, without appropriate security will be risky for the business' data.
Employees also need to be aware of and trained to protect business data and the personal information of members and customers. All employees should sign a company policy document indicating that they are aware of the risks and will adhere to the usage specifications.
Securing the networks from which data is accessed is essential and can be achieved using a Virtual Private Network (VPN). VPNs are the safest option and an inexpensive way to protect important data that transmits in both directions between the teleworker and your business networks. A VPN will protect your data by encrypting (scrambling) it, and is able to be used with smartphones and wireless connections as well as in fixed line environments. The cost of VPNs can range widely depending on your particular situation, but they are easily obtained and compared through the internet.
Securing hardware includes passwords and failed logon lockout settings on computers, privacy screens, security cables for locking computers to tables and a clean-desk policy for teleworkers. If the employee brings their own device, a good way to secure this is to restrict the on-line activities, browser features and resources that the teleworker can access from the BYO device. They could also be restricted to the use of a web-based email system to retrieve and send email within the corporate environment.