|
Security is a major consideration, particularly for IT professionals. CDW-G, a major contractor of IT
services to the US Government, conducts a large-scale annual telework survey; according to the 2008
survey, 42% of public-sector IT professionals and 27% of private-sector IT professionals indicate
that security is their most pressing challenge. The next highest concern is productivity at only 20%.
Procedures, policies, and training developed to minimize risk should be required of all managers and
employees, not just teleworkers.
There are two broad classes of security risk: information security and systems security:
Information Security: Rules about confidentiality and sensitive information should be the
same whether the information is on a laptop, flash drive, DVD, or in a file folder. If information
is so sensitive that it cannot go beyond the four walls of the building, then working with that
information would not be appropriate for a teleworkers. On the other hand, if employees are accessing
confidential information over the company network while at the office then they should be able to
access it from the network while at home, provided certain precautions are in place.
In addition, standards may be implemented to ensure security of employer-owned computers that are
removed from the workplace. For example, some organizations require that their PCs are not to be
packed into luggage checked at an airport, or, visible in an unoccupied car.
Other standards may include clear rules that organization assets not be used by family members for
non-work purposes. Also, many organizations have instituted standards for backing up critical
information to minimize the impact of unavoidable loss.
Technology Security: The level of security required for teleworking depends on the level of
technology, size of organization, sensitivity of the information, and other factors. This is discussed
in detail in the toolkit's Technology section. In the simplest organizations should make sure
teleworkers are using current antivirus software, have firewalls in place and take other reasonable
precautions. There are other decisions to make involving the use of networks and network encryption,
internet based services, file-swapping software (which often uses a third-party server), and other
options.
A quote from Oregon State's website on teleworking helps put risk in perspective:
"Risk is an inevitable cost of doing business. The goal
is not to avoid all risk or to avoid all loss. The goal is to avoid all needless and wasteful costs of
loss. It is every manager's duty to manage risk. Telecommuting risks are controlled through ordinary
good management. But, you have to identify your risks before you can begin to manage them."
|
