Wednesday, May 21, 2008
Working from home: economically attractive, but "is it safe"?
Should employers of people who work from home audit the security of the home work arrangements of associates? I haven’t seen much written about it. But there are numerous observations that can be made.
One is that generally the safest environment exists if an employer’s VPN or other network is set up properly. However, some jobs, such as home agents for call centers, exist where people use their own cable or broadband service to connect to various applications, and might in some cases even have their own home WI-FI networks. Some insurance agents work this way. Furthermore, many people bring diskettes or laptops home to work with, and many homes are not as secure as offices or perhaps highrise condos or apartments. Or data may be transported in automobiles. There have been many instances of compromise of customer data based on the fact that employees generally cannot provide security on their own that is equivalent to what a large company or government or military agency can provide. Countering this observation is the expectation that someone who works from home is physically present at home more of the time, improving home and neighborhood security.
Some companies are, in fact, fussy about this. Some customer service employers don’t allow associates to work on home computers that also contain personal applications or data. Some may not want to work with associates who have other personal or business activities that could attract hacks. Almost every company requires a hardwired land connection (broadband cable and backup second phone land), because of the belief that wireless is not as stable or secure. In the future, this will probably change. Subscription hotspot services from major companies are more secure than the free services in hotels or internet cafes, and business should be connected on secure connections with encryption anyway. I did address some of these concerns on this blog in August 2007.
This is an evolving area, and “the right way” to do things needs to be nailed down. More employees will work from home as oil prices rise and long distance commuting becomes even more difficult. On the other hand, the development of regional “telecommuting centers” could help offer alternatives with safe working environments and short commutes. This may be the way to go for many companies.
FedTech has an interesting article: “Data Security’s Achilles Heel: Are employees who work occasionally from home potentially sabotaging agencies’ best efforts at protecting government information?” by Heather B. Hayes, link here. The same would hold true for private employers with consumer data. CERT, at Carnegie Mellon, offers this fact sheet on home network security.