2014-03-06

While iPods and smartphones revolutionized the music and cell phone industries, could telecommuting totally revolutionize the workplace? This is a very interesting concept, but certainly, your industry will determine if this is possible. While some companies have stopped offering telecommuting as an option, others embrace it – but there are some security issues that cannot be ignored.

What happens if your employee decides to work at home either in a spare bedroom or a room set up as an office? There is appropriate lighting, ergonomic furniture, and efficient equipment including desktop computer, smartphone, printer, fax, copier, etc. Everything is fine until there’s an electrical surge, or the power goes out.

While this sounds impossible, it is very possible, and in fact, has happened to me. When it happens at an office workplace, everyone is in the same boat from the CEO on down to the person who cleans out the lunch room refrigerator. All activity comes to a stop.

But when it happens at one employee’s home, it’s only the single employee who is impacted, and he/she cannot fix the problem. The electrical company must be called, or city employees get involved. This is not a small problem, but it impacts the employee’s ability to complete his/her projects.

Let’s consider the customer service function of your business. While you can ask a group of people to connect to your network with their phones and computers from home, how can you be sure your representatives all provide a consistent brand experience? What happens if one employee has a screaming child in the background? What happens if one employee is working in her kitchen, and the tea pot starts whistling? Or what happens if an employee starts arguing with a family member? All of these scenarios are possible and can interrupt the ability of your employee to do his or her job professionally.

To avoid the problematic family members, the employee grabs a laptop and smartphone and heads to a nearby coffee shop. This telecommuting concept that was designed to take place in a home office environment now relocates to a community-type environment full of possible distractions.

Security now takes center stage because all data on both the smartphone and laptop are ripe for picking by hackers due to Wi-Fi access that may not be secure.

And returning to the customer service function, there is no possible way for the employee to take calls and speak over the noise in a public space.

Let’s now consider the security issues involved with telecommuting. In addition to all of the issues raised above, connecting to a corporate network can be a huge security risk if an employee doesn’t have virus/malware protection on his or her home machine or smartphone. What happens when the employee accesses company email from his or her device?

There has been much chatter in the news lately about virus protection on smartphones, and Apple recently updated its operating system due to vulnerabilities. Android is known as the number one attacked OS today.

According to a Verizon study conducted in 2013, 95% of all breaches result when an employee unknowingly opens an email that contains malware or some other form of payload. According to Wikipedia, “In computer security, payload refers to the part of malware which performs a malicious action.” So how do you maintain ongoing training when employees are not in the office to attend those sessions?

What about that coffee shop down the street from an employee’s home? Should an employee conduct work from there? Who knows what wandering eyes (or competitors) could be sitting nearby ready to pounce on the data stored on the employee’s laptop? As a result, have a discussion reviewing Wi-Fi procedures for all employees who will telecommute.

Go one step further and require employees to review the procedure document and sign that they have read it – perhaps, as part of the employee manual or as part of the onboarding process. This must be done BEFORE any employee is approved to use Wi-Fi and access corporate data.

The IT Department must be allowed to set up VPN access on devices owned and used by employees that will access corporate data in a Wi-Fi environment in order to protect the company.

And, before any employee becomes a telecommuter, written telecommuting policies must be presented to and discussed with the employee – and then signed by the employee. Otherwise, telecommuting shouldn’t be an option.

Does your business have a telecommuting policy?

 

Inspiration for this post: TELUS Aim to Have 70% of Employees Working Mobile by 2015

About the Author: Allan Pratt, an infosec strategist, represents the alignment of technology, marketing, and management. With an MBA Degree and four CompTIA certs in computers, networks, servers, and security, Allan translates tech issues into everyday language that is easily understandable by all business units. His expertise includes the installation and maintenance of all aspects of the PC and peripheral lifecycle and the planning and integration of end-to-end security solutions. Allan also teaches both the CompTIA A+ and the CompTIA Security+ certification courses, and has been quoted in industry publications. 

Cross-Posted from Tips4Tech

Copyright 2010 Respective Author at Infosec Island

Show more