|
According to a 2007 Telework Exchange survey of 35 Federal Chief Information Security Officer's, 37%
indicated that the lack of data security training for all employees was a serious data security
threat. All recommended security training for all employees, particularly those using mobile
devices. FCISO's do not view "official" telework as security threat, but view unofficial,
unsanctioned, telework as a security risk.
A security training program might address:
- Security policies and procedures
- Rules of engagement for systems, applications and other tools
- Data security
- Software/application security patches
- Backup procedures
- Password usage
- Antivirus software usage
- Social engineering methods and responses
- Channels for reporting security breaches
Security training materials should be updated regularly to keep current. Reinforce best practices
through on-going and ad hoc communication with IT.
Consider conducting security training through web-based or video-conferencing so that your teleworkers
can participate without having to come into the office.
Management and staff from all levels can benefit from security training; it doesn't have to be limited
to teleworkers.
|
