Tough business decisions accompany teleworking

Tough business decisions accompany teleworking

The technological evolution of the workplace enables employers to attract and retain employees, and in some cases cut overhead costs by allowing them to telework. With the current national mission to cut down on carbon emissions and reduce oil consumption, organizations are beginning to promote opportunities for individuals to work from home at least one day per week. For example, Illinois Representative Danny Davis recently proposed the Telework Improvement Act of 2007 to mandate that government agencies have written policies to allow teleworking.
While employees and the government are pushing for more telework options, business owners worry about the potential productivity and security risks of employees working from home. Theft, fraud, defamation or loss of competitive advantage when unencrypted laptops fall into the wrong hands are issues company owners need to seriously consider before allowing employees to become more mobile.
But before employers arbitrarily mandate security options such as hardware encryption, user access controls or locking cables on mobile devices, they need to make some difficult decisions concerning the implementation of a telework environment.
Controlling system access
The first consideration an employer should investigate is the idea of controlling system access from a physical and logical standpoint. Will the employee login to the network from a home computer or from one assigned by the company? Does the employer have the right to require security software installation, and to ensure the employee is installing all patches and updates on a personal home computer?
These questions lead many companies to block access to the server from a home computer, however, with the proper precautions, access can be controlled. Jefferson Wells, for instance, uses a virtual private network (VPN) solution. When an individual accesses the VPN from a personal computer, the VPN denies the user from printing or saving files to the hard drive. When the connection is closed, all temporary session files are automatically deleted, which limits inadvertent data loss or exposure to company information.
Cost considerations
Purchasing laptops for employees to enable teleworking can cost upwards of $1,500 per employee. That price tag comes with the intention that the laptop will be taken out of the office, increasing the possibility of losing sensitive company information. To cut costs and reduce the mobility of the computer, employers can consider either setting up telecommuters from their home systems, or purchasing a less expensive desktop with security features that will be used on a limited basis.
A DSL or cable Internet capability is absolutely necessary when conducting business from home. However, employees will use the Internet mainly between the hours of 8 a.m. and 5 p.m., Monday through Friday. It is reasonable to assume they will use the Internet for personal use after normal business hours. Should the employer pay for the connection?
Protective policies
Employers have to be very specific about what can and cannot be done on company time and over company-owned Internet subscriptions and hardware. If employers notice suspicious activity, they must notify the proper parties because they are liable for any activity performed on hardware and Internet connections in the company’s name.
One of the most important policies in place should detail how employees handle company data. Employers can supply employees with acceptable usage guidelines. They also need to determine how to monitor whether information is securely deleted when it is no longer in use.
These questions can be answered by establishing a budget for the infrastructure costs per telecommuting employee. Employers may also need to speak with legal advisors and IT partners to make further decisions. Conducting regular technology risk assessments will help business owners evaluate the risks specific to their company and their information assets.
One source for further information is the National Institute of Standards and Technology (NIST), an organization within the Technology Administration of the U.S. Department of Commerce. NIST posted online, “Security for Telecommuting and Broadband Communication.” The paper can be a starting point for employers considering a telework program.
Policy decisions must be addressed for company protection whenever an employee is no longer within the physically secured domain of an organization. The companies that answer these questions now will be much better prepared for the next evolution in the ever-changing virtual workforce.
Related articles
James Carlini: Chicago-Milwaukee “mega-metro” infrastructure improvements are critical
TDS tries bringing fiber to homes in Fitchburg for faster Internet service
Rebecca Ryan: Building sustainable cities
Pabst Farms to Test SBC’s Fiber-to-the-Premises Technology

Paul Rozek is the director of technology risk management for the Milwaukee office of Jefferson Wells, a global provider of professional services specializing in internal audit and controls, technology risk management, tax, and finance and accounting. He has more than 28 years of experience in all aspects of IT governance and frameworks, IT audit and compliance, business continuity planning, and information security.
The opinions expressed herein or statements made in the above column are solely those of the author and do not necessarily reflect the views of The Wisconsin Technology Network, LLC.
WTN accepts no legal liability or responsibility for any claims made or opinions expressed herein.