Federal agencies should do more to educate employees on security risks, study says.
Many federal employees are using wireless Internet when they telework, but agencies could do more to increase wireless adoption and to train employees on information security, a report released Tuesday found.
Comment on this article in The Forum.Training is particularly important, said Cindy Auten, general manager of the Telework Exchange, an Alexandria, Va., public-private partnership that published the report along with Sprint Nextel. More employees are bringing home work after hours and on weekends, and they might not be aware of proper security measures, she said.
"If you're trained [to work] in a remote environment, then [you know] you shouldn't leave your laptop in your car, [you understand] encryption [and you make] sure your laptop is safe no matter what you do with it," Auten said. "Someone who is used to working in an office environment [might not be] familiar with [telework] policies."
Sixty-five percent of teleworkers and 51 percent of the information technology executives included in a May survey of 310 federal employees upon which the report is based said wireless Internet was somewhat or very important to productivity, while 67 percent of teleworkers and 63 percent of IT executives said access to wireless Internet played an important role in continuity of operations during emergencies.
Respondents who did not have formal telework agreements, but did have wireless Internet access at home, also said wireless access was important to them. Seventy one percent of them said wireless Internet contributed to productivity, and 91 percent said wireless was somewhat or very important for maintaining continuity of operations.
Twenty six percent of the IT executives surveyed said their agencies provided teleworkers with mobile broadband cards, which allow users to create their own wireless network, and 11 percent of agencies paid for service for those mobile broadband cards.
Despite the perceived benefits of wireless Internet, 40 percent of the IT executives included in the survey said their agency did not allow them to use it, while 11 percent of executives, 33 percent of teleworkers and 48 percent of those who were not enrolled in formal telework programs did not know the rules.
The study found that agencies that did allow wireless access were taking steps to ramp up security. Seventy-eight percent of federal employees who used wireless Internet for teleworking or in the office reported using a virtual private network to access their agency's network.
Eighty-seven percent of the Defense Department IT executives included in the survey said they were aware of Department of Defense Mandate 8100.2, which requires that unclassified data transmitted over wireless networks be encrypted, and 76 percent of the executives said their agency complied with the mandate.
But, Auten said, even that level of compliance with the Defense mandate was not enough. Civilian agencies could benefit from similar requirements, she added.
"[On] the civilian side, there isn't a comparable mandate to make sure encryption of data, laptops and devices are completely secure," she said. "You can train your employees as much as possible, but you need the technology to back it up, because there is human error. People should accept that there are things outside their employees' control."