Telecommuting Privacy and Security Risks

By Anonymous

RISK MANAGEMENT As more employees work remotely from home, personal and private information related to both employees and employers may be compromised if privacy and security risks are not dealt with effectively. This is according to a new report by Ernst & Young LLP and the Center for Democracy and Technology.

The report, Risk at Home: Privacy and Security Risks in Telecommuting, is based on a survey designed to identify the current state of privacy and security considerations in work-from-home arrangements. A total of 73 corporate and government organizations in 10 industries in the United States, Canada and Europe participated in the survey.

Respondents acknowledged telecommuting is a persistent area of risk and that the topic is often not adequately addressed and does not garner the attention of newer, more pressing business risks.

Survey findings also suggest that employers do not fully recognize and address the privacy and security issues, leaving organizations vulnerable to certain financial and reputational risks.

For example, while many firms allow telecommuters to handle personal information at home, only half of the survey respondents said they address this subject with formal policies and training. Indeed, the multidisciplinary nature of the topic - is it human resources, information technology, security or privacy? - make it difficult to determine whose responsibility it should be to address the risks.

Sagi Leizerov, a senior manager with E&Y's Advisory Services group, says "Employers need to establish clear guidelines that will protect confidential information from such risks; employees must understand why such requirements were created as well as the critical need to comply with them."

Many companies have established internal controls to monitor and protect the transfer of information both within and outside the walls of an organization. However, despite these efforts, gaps exist between the establishment of the controls and consistent monitoring and enforcement. Consider these alarming findings:

* Although portable media (laptop computers and personal digital assistants) are commonly used by telecommuters - and have been in the forefront of various recent information breaches - few organizations have adopted privacy-enhancing devices to help safeguard sensitive information.

* Telecommuters regularly use their own personal computers and PDAs for work purposes; the hard drive and email encryption tools found commonly on employer devices are little help.

* Organizations can help protect sensitive information by conducting tailored, periodic background checks for all employees based on their role, location and level of exposure to confidential information.

The report also addresses the protection of hard-copy files, using privacy-enhancing technologies, adopting biometric technology (a process allowing access via a unique identifier) and limitations on the use of email, in addition to monitoring telecommuter activity by employees.

Copyright Financial Executives International Sep 2008

(c) 2008 Financial Executive; Morristown. Provided by ProQuest LLC. All rights Reserved.

A service of YellowBrix, Inc.